Probably also falls into the category of "not as much isolation", but sbuild --chroot-mode=unshare allows building packages without root in a user namespaced environment. You can create the the chroot tarballs using mmdebstrap's unshare mode as well.

I've been quite happy with it since bullseye, where username spaces were switched to being enabled by default.

For the pedantic, unshare mode requires newuidmap to be setuid root. So just a little be of root.

@vagrantc yeah 'unshare' is, i think, one of the alternatives i listed in the article

@vagrantc actually i was wrong: i didn't have unshare in the list, will add thanks!

Sign in to participate in the conversation

For people who care about, support, or build Free, Libre, and Open Source Software (FLOSS).