Quoting Francesco Poli (2021-03-28 20:24:12) > Well, the problem is probably my total ignorance about unshare, user > namespaces, and so forth... > > First of all, I do not know what exactly subuid and subgid are.
man subuid? ;) > I suppose they have something to do with the uid and gid seen from > within the namespace (I noticed that the temporary directory was > created with high values of uid and gid, not corresponding to any > existing user or group). Correct. So if some directory on the path of your $TMPDIR is not accessible by that user with the very high uid/gid, then it obviously cannot create the chroot directory. > I tried to take a look at some man pages (unshare(1), > user_namespaces(7), ...) in order to understand something more, but > there seems to be much more information than the basics, and I failed > to pinpoint where I can read the bare minimum I need to know... > My bad, of course! > But anyway, if you know a good reference to a short explanation of the > topic (ideally a man page), I would suggest to cite it in the > mmdebstrap man page. Unfortunately, I do not know of such a reference. All I learned to add unshare support to mmdebstrap was from reading source code of other tools. :( > After that, I can guess that the problem is that, inside the unshared > namespace, there's no permission to create/write files in my > ~/Downloads directory. Or one of its parent. You also need more than write access. You also need read access. And directories need to be executable. > But what is not clear to me is what I am supposed to do with this > problem. > > What would you suggest? Your whole problem started because you decided to deviate from the default and chose a different TMPDIR. If you use custom options, then you should know what you are doing. If you don't set TMPDIR, then it will work. If you do set TMPDIR, then you have to make sure that whatever path TMPDIR points to is setup in a way that the unshared user is able to access it and write stuff into it. Thanks! cheers, josch
signature.asc
Description: signature
