[patch v1] Allow for unpriviledged nested containers

Florian Weimer fweimer@redhat.com
Wed Nov 10 08:23:31 GMT 2021


* DJ Delorie via Libc-alpha:

> When running a "make check" in an untrusted podman container,
> we do not have priviledges to mount /proc.  Previously, we just
> failed to initialize the container and thus all test-container
> tests were "unsupported".  With this change, we set up as much
> of the container as we're allowed, so tests that run in
> test-container but do not need /proc will run correctly,
> and those that require /proc will go from "unsupported" to (likely)
> "fail" (but should give diagnostics that make it obvious that
> a missing /proc is responsible).

Have you tried a bind mount of the existing /proc into the chroot (from
the outside of that chroot)?

Thanks,
Florian



More information about the Libc-alpha mailing list