Quoting Helmut Grohne (2023-02-05 21:23:18) > * It must be possible to mount proc in the unshared user+mount+pid > namespace. > - This should always work but may be restricted by the container > technology for some reason. > - Test case: unshare -U -m -p -f -r --mount-proc true > - Paul tried this in the operational lxc containers. Successfully. > - I tried this in a local autopkgtest-unstable lxc container. > Successfully (unprivileged). > - Johannes reported that this would be the step that fails.
as a datapoint, on salsaci this happens: + runuser -u debci -- unshare -U -m -p -f -r --mount-proc true unshare: mount /proc failed: Operation not permitted Next I'm trying just to bind-mount /proc... lets see...
