Draft: Switch from fake*root to unshare (!84) · Merge requests · Arch Linux / archlinux-docker

Emil Velikov requested to merge xexaxo/archlinux-docker:fake-to-unshare into master Sep 22, 2023

Using the fake* combo suffers from a number of issues:

does not properly preserve the names (see the tar comment)
the fake* packages semi-regularly fail to build
mixing glibc versions on each side is a recipe for disaster, since some functions might not be caught via the LD_PRELOAD magic

Instead let's opt for unshare with user namespaces. This requires kernel.unprivileged_userns_clone=1 or equivalent.

This MR builds upon/supersedes !72 (closed)

It includes, one patch from !81 (merged) to avoid conflicts, keeps the tar workaround removal a separate commit and most importantly documents all the changes that we get (for base.tar) - be that varying files, extra files or permissions/ownership changes.

Admin message

Draft: Switch from fake*root to unshare

Merge request reports