talvez / tmp seja o problema. tente
$ fakeroot cdebootstrap estável $ HOME / somedir
No Debian, quando rodando:
$ fakeroot cdebootstrap stable /tmp/foo
O cdebootstrap faz o download dos pacotes, mas quando é necessário extraí-los, recebo este erro:
E: Failed to unshare: Operation not permitted
Como posso executar o cdebootstrap como não-root?
Esta parte no manual do unshare parece relevante, mas não tenho certeza de como:
EPERM (since Linux 3.9)
CLONE_NEWUSER was specified in flags and the caller is in a
chroot environment (i.e., the caller's root directory does not
match the root directory of the mount namespace in which it
resides).
talvez / tmp seja o problema. tente
$ fakeroot cdebootstrap estável $ HOME / somedir
Seu problema está relacionado à herança de permissões. cdbootstrap herdará as permissões de fakeroot , que podem ser elevadas via sudo . Problema:
sudo fakeroot cdbootstrap /tmp/foo
Se o comando acima for bem-sucedido, as permissões em /tmp serão o problema. Consulte O que é comum direitos para / tmp? Eu intencionalmente defini tudo publicamente recursivamente , para quais permissões padrão deveriam ser. Geralmente, escrever qualquer coisa em /tmp que não foi colocado lá por uma aplicação é uma má idéia, e fakeroot tem seus próprios problemas. Na página do manual:
LIMITATIONS
Library versions
Every command executed within fakeroot needs to be linked to the
same version of the C library as fakeroot itself.
open()/create()
fakeroot doesn't wrap open(), create(), etc. So, if user joost
does either
touch foo
fakeroot
ls -al foo
or the other way around,
fakeroot
touch foo
ls -al foo
fakeroot has no way of knowing that in the first case, the owner
of foo really should be joost while the second case it should
have been root. For the Debian packaging, defaulting to giving
all "unknown" files uid=gid=0, is always OK. The real way around
this is to wrap open() and create(), but that creates other
problems, as demonstrated by the libtricks package. This package
wrapped many more functions, and tried to do a lot more than
fakeroot . It turned out that a minor upgrade of libc (from one
where the stat() function didn't use open() to one with a stat()
function that did (in some cases) use open()), would cause unex-
plainable segfaults (that is, the libc6 stat() called the
wrapped open(), which would then call the libc6 stat(), etc).
Fixing them wasn't all that easy, but once fixed, it was just a
matter of time before another function started to use open(),
never mind trying to port it to a different operating system.
Thus I decided to keep the number of functions wrapped by fake-
root as small as possible, to limit the likelihood of 'colli-
sions'.
GNU configure (and other such programs)
of the file will be 000. The bug is that if root does the same, open()
will succeed, as the file permissions aren't checked at all for root. I
choose not to wrap open(), as open() is used by many other functions in
libc (also those that are already wrapped), thus creating loops (or
possible future loops, when the implementation of various libc func-
tions slightly change).
Em vez de usar o escalonamento de privilégios para alcançar o que você está tentando fazer, considere usar um chroot adequado, conforme descrito na Documentação do DebootstrapChroot para Ubuntu , ou a Documentação Oficial Debian para DebBootStrap .
Tags debootstrap fakeroot