From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Tue, 19 Dec 2023 15:29:02 +0000 (+0100)
Subject: Stop bind mounting /sys in chroot environments
X-Git-Tag: v20~52
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=95eb7511f0b9387a8b5339bf5984df5b15c935df;p=thirdparty%2Fmkosi.git

Stop bind mounting /sys in chroot environments

The only reason we do this is to make systemd's unit test suite
pass. https://github.com/systemd/systemd/pull/30527 fixes systemd's
test suite to not fail when /sys is not mounted, so let's drop this
bit.
---

diff --git a/NEWS.md b/NEWS.md
index cef198360..ec15f01cf 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -2,6 +2,7 @@
 
 ## v20
 
+- We don't mount `/sys` anymore in chroot environments.
 - We don't use the user's SSH public/private keypair anymore for
   `mkosi ssh` but instead use a separate key pair which can be
   generated by `mkosi genkey`. Users using `mkosi ssh` will have to run
diff --git a/mkosi/run.py b/mkosi/run.py
index 56533bd97..c3b36d623 100644
--- a/mkosi/run.py
+++ b/mkosi/run.py
@@ -441,7 +441,6 @@ def bwrap(
         "--die-with-parent",
         "--proc", "/proc",
         "--dev", "/dev",
-        "--ro-bind", "/sys", "/sys",
         "--setenv", "SYSTEMD_OFFLINE", one_zero(network),
     ]
 
@@ -496,7 +495,6 @@ def apivfs_cmd(root: Path) -> list[PathString]:
         "--bind", os.getenv("TMPDIR", "/var/tmp"), root / "var/tmp",
         "--proc", root / "proc",
         "--dev", root / "dev",
-        "--ro-bind", "/sys", root / "sys",
         # APIVFS generally means chrooting is going to happen so unset TMPDIR just to be safe.
         "--unsetenv", "TMPDIR",
     ]