11

I have a script that prepares an installation image by running debootstrap, does some modifications on the files and then copies the files to a disk image backed up by a file.

This works under root, but I wanted to be able to run the script without root privileges, as it really shouldn't need any privileged resources. I thought that I'd just run the whole script using fakeroot, but debootstrap fails with

W: Failure trying to run: chroot /tmp/tmp..... mount -t proc proc /proc

Is there a way around that?

Petr
  • 1,624
  • 2
  • 19
  • 35

3 Answers3

5

In general, yes, it is possible to run debootstrap as a non-root user by way of fakeroot, but there are more details to it than that.

The immediate problem you seem to be having is trying to use chroot as a non-root user; you need to use fakechroot instead, in addition to fakeroot. For example:

fakechroot fakeroot debootstrap sid /tmp/sid

Later problems you may run in to include creating loopback mounts or creating disk image partition tables as a non-root user.

Instead of working through all these details one by one, you may find it easier to use a debootstrap variant like polystrap, which also handles cross-compilation (eg, generate an armhf image from x86-64) if you end up wanting that some day.

bnewbold
  • 656
  • 6
  • 5
  • 2
    The problem is that `debootstrap` itself is calling `chroot`, and I couldn't find a way how to tell it it needs to use `fakechroot`. – Petr Jul 09 '15 at 11:08
  • @PetrPudlák Did you try fakerootng instead of fakeroot? They operate differently, so sometimes one works when the other one doesn't. I don't know if fakerootng makes chroot work. – Gilles 'SO- stop being evil' Jul 09 '15 at 22:27
  • @PetrPudlák: the [fakechroot man page](https://github.com/dex4er/fakechroot/blob/master/man/fakechroot.pod) gives an example invocation as `fakechroot fakeroot debootstrap sid /tmp/sid` – bnewbold Jul 10 '15 at 00:13
  • @PetrPudlák: --variant=fakechroot should do that. Beyond that: unshare/lxc-userns-exec are a 'better' way to do this in combination with multistrap (i.e. the idea behind polystrap, which was rolled into brickstrap). – user268396 Dec 24 '15 at 20:07
3

debootstrap has an option --variant=fakechroot to do exactly what you are trying to do (see doc).

Étienne
  • 123
  • 9
  • [`--variant=fakechroot` docs](https://manpages.debian.org/bullseye/debootstrap/debootstrap.8.en.html#variant=minbase_buildd_fakechroot) – genpfault May 18 '22 at 20:07
1

The chroot(2) syscall requires root privilege, or more exactly & technically the CAP_SYS_CHROOT capability (see capabilities(7))

Hence you can't use just fakeroot on it (you also need fakechroot etc).

Basile Starynkevitch
  • 10,411
  • 1
  • 32
  • 52