Update links after debian deleted bullseye branch
All checks were successful
continuous-integration/drone Build is passing
All checks were successful
continuous-integration/drone Build is passing
This commit is contained in:
parent
492698715a
commit
c74d2229e6
1 changed files with 2 additions and 2 deletions
|
@ -52,13 +52,13 @@ First of, there is a check to ensure we are running it with UID 0[^checkUID].
|
||||||
This can be bypassed in several documented ways, including using `fakeroot`,
|
This can be bypassed in several documented ways, including using `fakeroot`,
|
||||||
which overloads some libc calls, using `LD_PRELOAD`. An other, less hacky, way
|
which overloads some libc calls, using `LD_PRELOAD`. An other, less hacky, way
|
||||||
is to run the program in a user namespace.
|
is to run the program in a user namespace.
|
||||||
[^checkUID]: https://salsa.debian.org/installer-team/debootstrap/-/blob/bullseye/debootstrap#L586
|
[^checkUID]: https://salsa.debian.org/installer-team/debootstrap/-/blob/90747310f8722ca7e3b6a13af3f0c0e76cf7dd74/debootstrap#L605
|
||||||
|
|
||||||
Unfortunately, this is not sufficient to run `debootstrap`, since it performs
|
Unfortunately, this is not sufficient to run `debootstrap`, since it performs
|
||||||
another check consisting of trying to create a "/dev/null" node[^checkNode].
|
another check consisting of trying to create a "/dev/null" node[^checkNode].
|
||||||
This is more problematic since nodes cannot be created from a user namespace, as
|
This is more problematic since nodes cannot be created from a user namespace, as
|
||||||
this would create a easy way of escaping the namespace.
|
this would create a easy way of escaping the namespace.
|
||||||
[^checkNode]: https://salsa.debian.org/installer-team/debootstrap/-/blob/bullseye/functions#L1619
|
[^checkNode]: https://salsa.debian.org/installer-team/debootstrap/-/blob/90747310f8722ca7e3b6a13af3f0c0e76cf7dd74/functions#L1664
|
||||||
|
|
||||||
As it seems, though, there is a way to build an unprivileged Debian root
|
As it seems, though, there is a way to build an unprivileged Debian root
|
||||||
filesystem that is even built into deboostrap, using the installation variant
|
filesystem that is even built into deboostrap, using the installation variant
|
||||||
|
|
Loading…
Reference in a new issue