From e2ae9c245de5986c81d9ef5e0a276ef5fcd5f93f Mon Sep 17 00:00:00 2001 From: Robert C Jennings Date: Sat, 18 Jul 2020 16:52:18 -0500 Subject: [PATCH] Avoid rbind /sys for chroot snap pre-seeding (cgroups fail to unmount) Builds in LP with the Xenial kernel were happy with the recursive mount of /sys inside the chroot while performing snap-preseeding but autopkgtests with the groovy kernel failed. With the groovy kernel the build was unable to unmount sys/kernel/slab/*/cgroup/* (Operation not permitted). This patch mounts /sys and /sys/kernel/security in the chroot in the same way we've added for binary hooks. This provides the paths under /sys needed for snap-preseed while avoiding issues unmounting other paths. (cherry picked from commit 84397b50989670c2cfff01de23a5a73e67cd4088) --- live-build/auto/build | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/live-build/auto/build b/live-build/auto/build index 2d3e2431..4cd879bd 100755 --- a/live-build/auto/build +++ b/live-build/auto/build @@ -119,7 +119,8 @@ preinstall_snaps() { fi mount --rbind /dev chroot/dev - mount --rbind /sys chroot/sys + mount --bind /sys chroot/sys + mount --bind /sys/kernel/security chroot/sys/kernel/security mount --bind /proc chroot/proc # Provide more up to date apparmor features, matching target kernel mount -o bind /usr/share/livecd-rootfs/live-build/apparmor/generic chroot/sys/kernel/security/apparmor/features