unshare binfmt

Rework how we handle binfmt_misc so it will work inside a user namespace. * Use a custom mountpoint (only accessible inside the mount namespace), this is the crux of the change, allowing us to mount it as non-root and avoid messing with any host configs too! * No longer explicitly modprobe binfmt_misc, any modern system should probe it automatically when we try to mount it... I think so anyways heh Signed-off-by: Casey Connolly <kcxt@postmarketos.org>
2025-07-25 05:25:13 +03:00 · 2025-05-03 20:55:14 +02:00 · 2025-05-03 20:55:14 +02:00 · be5e18cf99
commit be5e18cf99
parent c997ce83c2
8 changed files with 60 additions and 76 deletions
--- a/pmb/helpers/other.py
+++ b/pmb/helpers/other.py
@ -47,31 +47,6 @@ def check_grsec() -> None:
    )


-def check_binfmt_misc() -> None:
-    """Check if the 'binfmt_misc' module is loaded.
-
-    This is done by checking, if /proc/sys/fs/binfmt_misc/ exists.
-    If it exists, then do nothing.
-    Otherwise, load the module and mount binfmt_misc.
-    If that fails as well, raise an exception pointing the user to the wiki.
-    """
-    path = "/proc/sys/fs/binfmt_misc/status"
-    if os.path.exists(path):
-        return
-
-    # check=False: this might be built-in instead of being a module
-    pmb.helpers.run.root(["modprobe", "binfmt_misc"], check=False)
-
-    # check=False: we check it below and print a more helpful message on error
-    pmb.helpers.run.root(
-        ["mount", "-t", "binfmt_misc", "none", "/proc/sys/fs/binfmt_misc"], check=False
-    )
-
-    if not os.path.exists(path):
-        link = "https://postmarketos.org/binfmt_misc"
-        raise RuntimeError(f"Failed to set up binfmt_misc, see: {link}")
-
-
 def migrate_success(work: Path, version: int) -> None:
    logging.info("Migration to version " + str(version) + " done")
    with open(work / "version", "w") as handle: