<div dir="ltr">Hi,<div><br></div><div><br></div><div>We build FAI images in docker.</div><div><br></div><div>It seems like this change has broken that workflow:</div><div><br></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div><div class="gmail-js-line gmail-log-line" style="box-sizing:border-box;padding:1px 8px 1px 55px;min-height:1.25rem;color:rgb(255,255,255);font-family:Menlo,"DejaVu Sans Mono","Liberation Mono",Consolas,"Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:13px;background-color:rgb(17,17,17)">commit 5bc6385471b2b8b625c3bbaba76488b3127aebf1<br>Author: Thomas Lange <<a href="mailto:lange@debian.org">lange@debian.org</a>><br>Date:   Thu Sep 24 20:29:08 2020 +0200<br><br>    Use unshare when calling chroot<br>    <br>    Bug report : Daemonized processes inside the chroot cause image building to hang indefinitely<br>    See <a href="https://salsa.debian.org/cloud-team/debian-cloud-images/-/issues/9">https://salsa.debian.org/cloud-team/debian-cloud-images/-/issues/9</a><br><br>diff --git a/bin/fai b/bin/fai<br>index 433e7eb5..13cddec8 100755<br>--- a/bin/fai<br>+++ b/bin/fai<br>@@ -87,7 +87,7 @@ fai_init() {<br>       [ $do_init_tasks -eq 1 ] && FAI_ROOT=/target || FAI_ROOT=/<br>     fi<br>     # executed command in the environment of the new system<br>-    ROOTCMD="chroot $FAI_ROOT"<br>+    ROOTCMD="unshare --pid --fork --kill-child --mount-proc chroot $FAI_ROOT"<br>     # no chroot needed<br>     [ "$FAI_ROOT" = '/' ] && ROOTCMD=<br>     target=$FAI_ROOT<br>diff --git a/bin/fai-make-nfsroot b/bin/fai-make-nfsroot<br>index 9ac4c367..588a62c0 100755<br>--- a/bin/fai-make-nfsroot<br>+++ b/bin/fai-make-nfsroot<br>@@ -152,7 +152,7 @@ cfdir=$(readlink -f $cfdir) # canonicalize path<br> oldnfsroot=$NFSROOT<br> deldir=$NFSROOT<br> <br>-ROOTCMD="chroot $NFSROOT"<br>+ROOTCMD="unshare --pid --fork --kill-child --mount-proc chroot $NFSROOT"<br> export DEBIAN_FRONTEND=noninteractive<br> <br> # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -<br></div></div><div><br></div><div>I haven't dug into it in great detail yet, but this produces the following error during fai-make-nfsroot, even running as root user in a container in privileged mode:</div><div><br></div><div><div class="gmail-js-line gmail-log-line" style="box-sizing:border-box;padding:1px 8px 1px 55px;min-height:1.25rem;color:rgb(255,255,255);font-family:Menlo,"DejaVu Sans Mono","Liberation Mono",Consolas,"Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:13px;background-color:rgb(17,17,17)"><span class="gmail-gl-white-space-pre-wrap" style="box-sizing:border-box;white-space:pre-wrap"><br class="gmail-Apple-interchange-newline">I: Base system installed successfully.</span></div><div class="gmail-js-line gmail-log-line" style="box-sizing:border-box;padding:1px 8px 1px 55px;min-height:1.25rem;color:rgb(255,255,255);font-family:Menlo,"DejaVu Sans Mono","Liberation Mono",Consolas,"Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:13px;background-color:rgb(17,17,17)"><a id="gmail-L1227" href="https://gitlab.ocado.tech/osp-platform-engineering/site-bootstrap/sites/onprem.truganina.coles.cfc.osp.tech/-/jobs/52361133#L1227" class="gmail-gl-link gmail-d-inline-block gmail-text-right gmail-line-number gmail-flex-shrink-0" style="box-sizing:border-box;color:rgb(102,102,102);text-decoration-line:none;background-color:transparent;font-size:0.875rem;padding:0px 1em 0px 8px;min-width:50px;display:inline-block;text-align:right">1227</a><span class="gmail-gl-white-space-pre-wrap" style="box-sizing:border-box;white-space:pre-wrap">unshare: umount /proc failed: Invalid argument</span></div><div class="gmail-js-line gmail-log-line" style="box-sizing:border-box;padding:1px 8px 1px 55px;min-height:1.25rem;color:rgb(255,255,255);font-family:Menlo,"DejaVu Sans Mono","Liberation Mono",Consolas,"Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:13px;background-color:rgb(17,17,17)"><a id="gmail-L1228" href="https://gitlab.ocado.tech/osp-platform-engineering/site-bootstrap/sites/onprem.truganina.coles.cfc.osp.tech/-/jobs/52361133#L1228" class="gmail-gl-link gmail-d-inline-block gmail-text-right gmail-line-number gmail-flex-shrink-0" style="box-sizing:border-box;color:rgb(102,102,102);text-decoration-line:none;background-color:transparent;font-size:0.875rem;padding:0px 1em 0px 8px;min-width:50px;display:inline-block;text-align:right">1228</a><span class="gmail-gl-white-space-pre-wrap" style="box-sizing:border-box;white-space:pre-wrap">mount: failed to read mtab: No such file or directory</span></div><div class="gmail-js-line gmail-log-line" style="box-sizing:border-box;padding:1px 8px 1px 55px;min-height:1.25rem;color:rgb(255,255,255);font-family:Menlo,"DejaVu Sans Mono","Liberation Mono",Consolas,"Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:13px;background-color:rgb(17,17,17)"><a id="gmail-L1229" href="https://gitlab.ocado.tech/osp-platform-engineering/site-bootstrap/sites/onprem.truganina.coles.cfc.osp.tech/-/jobs/52361133#L1229" class="gmail-gl-link gmail-d-inline-block gmail-text-right gmail-line-number gmail-flex-shrink-0" style="box-sizing:border-box;color:rgb(102,102,102);text-decoration-line:none;background-color:transparent;font-size:0.875rem;padding:0px 1em 0px 8px;min-width:50px;display:inline-block;text-align:right">1229</a><span class="gmail-gl-white-space-pre-wrap" style="box-sizing:border-box;white-space:pre-wrap">mount: failed to read mtab: No such file or directory</span></div><div class="gmail-js-line gmail-log-line" style="box-sizing:border-box;padding:1px 8px 1px 55px;min-height:1.25rem;color:rgb(255,255,255);font-family:Menlo,"DejaVu Sans Mono","Liberation Mono",Consolas,"Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:13px;background-color:rgb(17,17,17)"><a id="gmail-L1230" href="https://gitlab.ocado.tech/osp-platform-engineering/site-bootstrap/sites/onprem.truganina.coles.cfc.osp.tech/-/jobs/52361133#L1230" class="gmail-gl-link gmail-d-inline-block gmail-text-right gmail-line-number gmail-flex-shrink-0" style="box-sizing:border-box;color:rgb(102,102,102);text-decoration-line:none;background-color:transparent;font-size:0.875rem;padding:0px 1em 0px 8px;min-width:50px;display:inline-block;text-align:right">1230</a><span class="gmail-gl-white-space-pre-wrap" style="box-sizing:border-box;white-space:pre-wrap">Log file written to /var/log/fai/fai-make-nfsroot.log and /srv/fai/nfsroot/filesystem.dir/var/tmp</span></div><div class="gmail-js-line gmail-log-line" style="box-sizing:border-box;padding:1px 8px 1px 55px;min-height:1.25rem;color:rgb(255,255,255);font-family:Menlo,"DejaVu Sans Mono","Liberation Mono",Consolas,"Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:13px;background-color:rgb(17,17,17)"><a id="gmail-L1231" href="https://gitlab.ocado.tech/osp-platform-engineering/site-bootstrap/sites/onprem.truganina.coles.cfc.osp.tech/-/jobs/52361133#L1231" class="gmail-gl-link gmail-d-inline-block gmail-text-right gmail-line-number gmail-flex-shrink-0" style="box-sizing:border-box;color:rgb(102,102,102);text-decoration-line:none;background-color:transparent;font-size:0.875rem;padding:0px 1em 0px 8px;min-width:50px;display:inline-block;text-align:right">1231</a><span class="gmail-gl-white-space-pre-wrap" style="box-sizing:border-box;white-space:pre-wrap">ERROR when calling fai-make-nfsroot.</span></div><div class="gmail-js-line gmail-log-line" style="box-sizing:border-box;padding:1px 8px 1px 55px;min-height:1.25rem;color:rgb(255,255,255);font-family:Menlo,"DejaVu Sans Mono","Liberation Mono",Consolas,"Ubuntu Mono","Courier New","andale mono","lucida console",monospace;font-size:13px;background-color:rgb(17,17,17)"><a id="gmail-L1232" href="https://gitlab.ocado.tech/osp-platform-engineering/site-bootstrap/sites/onprem.truganina.coles.cfc.osp.tech/-/jobs/52361133#L1232" class="gmail-gl-link gmail-d-inline-block gmail-text-right gmail-line-number gmail-flex-shrink-0" style="box-sizing:border-box;color:rgb(102,102,102);text-decoration-line:none;background-color:transparent;font-size:0.875rem;padding:0px 1em 0px 8px;min-width:50px;display:inline-block;text-align:right">1232</a><span class="gmail-gl-white-space-pre-wrap" style="box-sizing:border-box;white-space:pre-wrap">Log file written to /var/log/fai/fai-setup.log</span></div></div><div><br></div><div><br></div><div>If I revert that change, it all works again.</div><div><br></div><div>Can we somehow make unshare vs chroot an option ?  Or, even better perhaps, detect docker and don't use unshare in that case ?</div><div><br></div><div><br></div><div><br></div><div><br></div>Cheers,<div>Just</div></div></div></div>

<br>
<p style="margin:0px;background-color:rgb(255,255,255)"><font face="Calibri, sans-serif" color="#aeaaaa"><span style="font-size:14.6667px">Notice: <br>This email is confidential and may contain copyright material of members of the Ocado Group. Opinions and views expressed in this message may not necessarily reflect the opinions and views of the members of the Ocado Group.<br><br>If you are not the intended recipient, please notify us immediately and delete all copies of this message. Please note that it is your responsibility to scan this message for viruses.<br><br>References to the "Ocado Group" are to Ocado Group plc (registered in England and Wales with number 7098618) and its subsidiary undertakings (as that expression is defined in the Companies Act 2006) from time to time. The registered office of Ocado Group plc is Buildings One & Two, Trident Place, Mosquito Way, Hatfield, Hertfordshire, AL10 9UL.</span></font></p>