Debian Bug report logs - #932357
debootstrap: failed to create a pbuilder base.tgz inside a systemd-nspawn unprevilledged container

version graph

Package: debootstrap; Maintainer for debootstrap is Debian Install System Team <[email protected]>; Source for debootstrap is src:debootstrap (PTS, buildd, popcon).

Reported by: Alberto Garcia <[email protected]>

Date: Thu, 18 Jul 2019 11:21:06 UTC

Severity: normal

Found in version debootstrap/1.0.115

Reply or subscribe to this bug.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to [email protected], Debian Install System Team <[email protected]>:
Bug#932357; Package debootstrap. (Thu, 18 Jul 2019 11:21:08 GMT) (full text, mbox, link).

Acknowledgement sent to Alberto Garcia <[email protected]>:
New Bug report received and forwarded. Copy sent to Debian Install System Team <[email protected]>. (Thu, 18 Jul 2019 11:21:08 GMT) (full text, mbox, link).

Message #5 received at [email protected] (full text, mbox, reply):

From: Alberto Garcia <[email protected]>
To: Debian Bug Tracking System <[email protected]>
Subject: debootstrap: failed to create a pbuilder base.tgz inside a systemd-nspawn container
Date: Thu, 18 Jul 2019 14:20:19 +0300
Package: debootstrap
Version: 1.0.115
Severity: normal

Dear Maintainer,

here's what happens if I try to create a base.tgz inside a
systemd-nspawn container using pbuilder and debootstrap:

# pbuilder --create --mirror http://deb.debian.org/debian/ --basetgz /var/cache/pbuilder/sid-amd64.tgz --distribution sid --architecture amd64
W: /root/.pbuilderrc does not exist
I: Distribution is sid.
I: Current time: Thu Jul 18 14:12:11 EEST 2019
I: pbuilder-time-stamp: 1563448331
I: Building the build environment
I: running debootstrap
/usr/sbin/debootstrap
mknod: /var/cache/pbuilder/build/42591/test-dev-null: Operation not permitted
E: Cannot install into target '/var/cache/pbuilder/build/42591' mounted with noexec or nodev
E: debootstrap failed
E: debootstrap.log not present
W: Aborting with an error

I indeed don't have permissions to run mknod, but I see that there's
code to detect other container systems and use bind mounts and
symlinks instead.

Would that be possible in this case?

Thanks,

Berto

-- System Information:
Debian Release: 10.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 5.0.4-arch1-1-ARCH (SMP w/64 CPU cores; PREEMPT)
Kernel taint flags: TAINT_WARN
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages debootstrap depends on:
ii  wget  1.20.1-1.1

Versions of packages debootstrap recommends:
ii  arch-test               0.15-2
ii  debian-archive-keyring  2019.1
ii  gnupg                   2.2.12-1

Versions of packages debootstrap suggests:
pn  squid-deb-proxy-client  <none>
pn  ubuntu-archive-keyring  <none>

-- no debconf information

Changed Bug title to 'debootstrap: failed to create a pbuilder base.tgz inside a systemd-nspawn unprevilledged container' from 'debootstrap: failed to create a pbuilder base.tgz inside a systemd-nspawn container'. Request was from Hideki Yamane <[email protected]> to [email protected]. (Sun, 23 Feb 2020 11:36:07 GMT) (full text, mbox, link).

Message sent on to Alberto Garcia <[email protected]>:
Bug#932357. (Sun, 23 Feb 2020 12:09:11 GMT) (full text, mbox, link).

Message #10 received at [email protected] (full text, mbox, reply):

From: Hideki Yamane <[email protected]>
To: [email protected]
Subject: Re: debootstrap: failed to create a pbuilder base.tgz inside a systemd-nspawn container
Date: Sun, 23 Feb 2020 20:36:15 +0900
Hi,

 It would be succeeded inside systemd-nspawn container but fails with
 "unprivileged" container. So, could you give some information about
 difference between privileged and unprivileged container, please?
 It there's it, can detect and change its behavior.


-- 
Regards,

 Hideki Yamane     henrich @ debian.org/iijmio-mail.jp

Information stored :
Bug#932357; Package debootstrap. (Mon, 09 Mar 2020 17:18:03 GMT) (full text, mbox, link).

Acknowledgement sent to Alberto Garcia <[email protected]>:
Extra info received and filed, but not forwarded. (Mon, 09 Mar 2020 17:18:03 GMT) (full text, mbox, link).

Message #15 received at [email protected] (full text, mbox, reply):

From: Alberto Garcia <[email protected]>
To: Hideki Yamane <[email protected]>, [email protected]
Subject: Re: Bug#932357: debootstrap: failed to create a pbuilder base.tgz inside a systemd-nspawn container
Date: Mon, 9 Mar 2020 18:14:58 +0100
On Sun, Feb 23, 2020 at 08:36:15PM +0900, Hideki Yamane wrote:

>  It would be succeeded inside systemd-nspawn container but fails
>  with "unprivileged" container. So, could you give some information
>  about difference between privileged and unprivileged container,
>  please?  It there's it, can detect and change its behavior.

I'm not an expert in systemd containers, but as far as I can see when
you run an unprivileged container the root user inside a container
is actually mapped to a random (non-root) user ID and cannot create
devices, that's why mknod fails.

I don't know if fixing that check and using an alternative system is
enough to solve the problem though, a quick test shows that there are
also problems when mounting /sys inside the pbuilder chroot.

Berto

Send a report that this bug log contains spam.

Debian bug tracking system administrator <[email protected]>. Last modified: Tue May 13 08:47:09 2025; Machine Name: bembo

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.