On Fri, 15 May 2026 at 08:40:41 +0200, Jerome BENOIT wrote:
I have issues for running autopkgtest in Sid schroot environment.
Even if the uids/gids are available, running containers inside a chroot
environment isn't usually possible, because the syscalls that are
necessary to start a container also make it possible to escape from a
chroot. chroots are not a strong security isolation mechanism, but the
kernel tries not to make them any worse.
(A common symptom of this is that bwrap(1) from the bubblewrap package
also can't run inside a chroot.)
I'd recommend running your autopkgtests outside the chroot, using
autopkgtest-virt-unshare, autopkgtest-virt-podman or
autopkgtest-virt-qemu (depending how much you trust the code under test
and what capabilities it needs), with a sid tarball, container image or
VM image (as appropriate). If the host system is Debian stable,
autopkgtest can be installed from backports if newer features are needed.
smcv
