Skip to content

Draft: Switch from fake*root to unshare

Emil Velikov requested to merge xexaxo/archlinux-docker:fake-to-unshare into master

Using the fake* combo suffers from a number of issues:

  • does not properly preserve the names (see the tar comment)
  • the fake* packages semi-regularly fail to build
  • mixing glibc versions on each side is a recipe for disaster, since some functions might not be caught via the LD_PRELOAD magic

Instead let's opt for unshare with user namespaces. This requires kernel.unprivileged_userns_clone=1 or equivalent.

This MR builds upon/supersedes !72 (closed)

It includes, one patch from !81 (merged) to avoid conflicts, keeps the tar workaround removal a separate commit and most importantly documents all the changes that we get (for base.tar) - be that varying files, extra files or permissions/ownership changes.

Merge request reports