support running inside a user namespace (!4) · Merge requests · Clint Adams / fakeroot

Devin Bayer requested to merge akvadrako/fakeroot:support-user-namespace into master Jun 25, 2020

I am trying to build packages inside a sandbox that uses a user namespace, like that created with unshare -U as a regular user.

Fakeroot almost works, but inside a namespace, calls to fchown/chown for any user except the current UID/GID return EINVAL. This is a security measure imposed by the kernel. This causes fakeroot to emit a warning and die.

The patch here lets fakeroot ignore EINVAL just like it ignores EPERM.

I've also included a small #ifdef which is unrelated. This is patch applied by the official arch fakeroot package, because without it every call to fakeroot generates lots of warnings like so:

dlsym(acl_get_fd): /usr/lib/libfakeroot/libfakeroot.so: undefined symbol: acl_get_fd
dlsym(acl_get_file): /usr/lib/libfakeroot/libfakeroot.so: undefined symbol: acl_get_file
dlsym(acl_set_fd): /usr/lib/libfakeroot/libfakeroot.so: undefined symbol: acl_set_fd
dlsym(acl_set_file): /usr/lib/libfakeroot/libfakeroot.so: undefined symbol: acl_set_file

I just thought it would be nice to upstream it, but I can also separate this out.

support running inside a user namespace

Merge request reports