From 9738db36645f2e8918954fbf573f5c71e294fc63 Mon Sep 17 00:00:00 2001 From: Ryan Finnie Date: Fri, 28 Oct 2022 14:44:51 -0700 Subject: [PATCH] Allow for mountless operation in non-privileged Docker containers Docker does not allow for mounts within a non-privileged container. debootstrap already has support for detecting and working around this (as of 1.0.107), and, surprisingly, I have yet to find an additional package whose pre-install/post-install hooks fail when /proc and /sys are not present (though many notice and complain). This commit changes: - Warn upon /proc and /sys mount failures, but continue on - Change hooks config within the chroot from a bind mound to a tree copy --- scripts/build/chroot_hooks | 17 +++++------------ scripts/build/chroot_proc | 5 ++++- scripts/build/chroot_sysfs | 5 ++++- 3 files changed, 13 insertions(+), 14 deletions(-) diff --git a/scripts/build/chroot_hooks b/scripts/build/chroot_hooks index df0a427dc..9a8d7cdd1 100755 --- a/scripts/build/chroot_hooks +++ b/scripts/build/chroot_hooks @@ -32,14 +32,9 @@ Check_stagefile # Acquire lock file Acquire_lockfile -# Make build config available to chroot hooks. First, make the bind -# mount and then make it read-only. This can't happen in one mount -# command, then the resulting mount will be rw (see mount(8)). Making it -# ro prevents modifications and prevents accidentally removing the -# contents of the config directory when removing the chroot. -mkdir -p chroot/live-build/config -mount -o bind config chroot/live-build/config -mount -o remount,ro,bind config chroot/live-build/config +# Make build config available to chroot hooks. +mkdir -p chroot/live-build +cp --recursive --preserve=mode,timestamps --dereference config chroot/live-build/config ## Processing hooks if ls config/hooks/normal/*.chroot > /dev/null 2>&1 && ( @@ -92,10 +87,8 @@ then Save_package_cache chroot fi -# Remove bind mount of build config inside chroot. -umount chroot/live-build/config -rmdir chroot/live-build/config -rmdir chroot/live-build +# Remove build config inside chroot. +rm -rf chroot/live-build # Creating stage file Create_stagefile diff --git a/scripts/build/chroot_proc b/scripts/build/chroot_proc index fcc866932..d651dacf6 100755 --- a/scripts/build/chroot_proc +++ b/scripts/build/chroot_proc @@ -41,7 +41,10 @@ case "${_ACTION}" in mkdir -p chroot/proc # Mounting /proc - mount -t proc -o x-gvfs-hide proc-live chroot/proc + if ! mount -t proc -o x-gvfs-hide proc-live chroot/proc + then + Echo_warning "Cannot mount /proc (running in container?)" + fi # Creating stage file Create_stagefile diff --git a/scripts/build/chroot_sysfs b/scripts/build/chroot_sysfs index e4601abe1..d64003659 100755 --- a/scripts/build/chroot_sysfs +++ b/scripts/build/chroot_sysfs @@ -41,7 +41,10 @@ case "${_ACTION}" in mkdir -p chroot/sys # Mounting /sys - mount -t sysfs -o x-gvfs-hide sysfs-live chroot/sys + if ! mount -t sysfs -o x-gvfs-hide sysfs-live chroot/sys + then + Echo_warning "Cannot mount /sys (running in container?)" + fi # Creating stage file Create_stagefile