This reverts commit be7d8cfaf1.
This commit missed some previous copyrights mentioned,
in general I think its better to have this per-file to
follow who wrote what and when.
- Added -B src:dest (like -b) but this makes bind mounts in
read-only mode.
- Get rid of setfsuid(), it's unnecessary.
- Make sure chrootdir is not '/', use realpath().
- Always set SECBIT_NOROOT, see capabilities(7).
- Do not mount recursively, right now this only mounts
/dev (ro), /dev/shm (rw), /sys (ro) and /proc (ro).
Previously any mount below any specific mount were recursively
mounted in chrootdir.
- Do not use nftw(3), this won't clean up the tree properly.
Rather use scandir(3) with alphasort, like xbps-create(1).
- Don't drop privs in the parent to make sure that the
temp overlayfs tree can be removed properly.
This fixes the issues while building go modules and others
with xbps-src.
The remount is done to use nosuid, but we can get
rid of the remount just because of this specific
option that does not have too much value for our
general usage (xbps-src).
Go modules seem to have too restrictive permissions on
its builddir, making xbps-uchroot(1) unable to remove
its directory tree due to insufficient permissions.
Run nftw() twice, the first run to set chmod 755, and
second run to remove the file.
Fixes `xbps-src -t` with any pkg that uses `build_style=go`.
This should avoid lots of temp dirs in the buildbot
builders while building go modules and others.
