Stop bind mounting /sys in chroot environments

The only reason we do this is to make systemd's unit test suite
pass. https://github.com/systemd/systemd/pull/30527 fixes systemd's
test suite to not fail when /sys is not mounted, so let's drop this
bit.

diff --git a/NEWS.md b/NEWS.md
index cef198360b0cbb22732bece7fc681e2060a99eaf..ec15f01cfa85be16705e5dcc10758666157e30d2 100644 (file)
--- a/NEWS.md
+++ b/NEWS.md
@@ -2,6 +2,7 @@
 
 ## v20
 
+- We don't mount `/sys` anymore in chroot environments.
 - We don't use the user's SSH public/private keypair anymore for
   `mkosi ssh` but instead use a separate key pair which can be
   generated by `mkosi genkey`. Users using `mkosi ssh` will have to run

diff --git a/mkosi/run.py b/mkosi/run.py
index 56533bd97caddb84a553e5b7fb49a17a64e5de1b..c3b36d62305b5438966f393d246e80b733175b26 100644 (file)
--- a/mkosi/run.py
+++ b/mkosi/run.py
@@ -441,7 +441,6 @@ def bwrap(
         "--die-with-parent",
         "--proc", "/proc",
         "--dev", "/dev",
-        "--ro-bind", "/sys", "/sys",
         "--setenv", "SYSTEMD_OFFLINE", one_zero(network),
     ]
 
@@ -496,7 +495,6 @@ def apivfs_cmd(root: Path) -> list[PathString]:
         "--bind", os.getenv("TMPDIR", "/var/tmp"), root / "var/tmp",
         "--proc", root / "proc",
         "--dev", root / "dev",
-        "--ro-bind", "/sys", root / "sys",
         # APIVFS generally means chrooting is going to happen so unset TMPDIR just to be safe.
         "--unsetenv", "TMPDIR",
     ]