`docker/build.sh` fails with "/chroot/domjudge/proc: cannot mount proc read-only"

[agcom]

Encountering the following errors while running the docker/build.sh script:

...
W: Failure trying to run: chroot "/chroot/domjudge" mount -t proc proc /proc
W: See /chroot/domjudge/debootstrap/debootstrap.log for details
...
mount: /chroot/domjudge/proc: cannot mount proc read-only.
       dmesg(1) may have more information after failed mount system call.
...

The /chroot/domjudge/debootstrap/debootstrap.log does not exist nor the dmesg (maybe just at my skill level).

I found that doing the change https://github.com/agcom/domjudge-packaging/commit/be9dfb379b90565c0694db9e6a63fa5910921e45 (switching cap-add=sys_admin for --privileged) would fix the problem, but I am not aware of its side-effects. Also, found out that earlier in this repository's history, --privileged was used (see https://github.com/DOMjudge/domjudge-packaging/commit/14092bbd8dcc663916055ba44f3f25cd224ff049).

Maybe it's just my machine; I am using community rootful Docker engine version 24.0.6 on Ubuntu 22.04.3 LTS.

[nickygerritsen]

@vmcj any clue why we switched from --privileged?

[vmcj]

@vmcj any clue why we switched from --privileged?

--privileged would provide more capabilities than was needed (at that moment). So I think the author of that PR tried to limit as it was put in a new script so obfuscates slightly what happens.