bubblewrap should fall back to MS_MOVE if pivot_root() fails

[DaanDeMeyer]

pivot_root() does not work in the initramfs. As a fallback, MS_MOVE can be used together with chroot() to mimick pivot_root() somewhat. bubblewrap should use this fallback if pivot_root() is not possible (e.g. when running bubblewrap from the initramfs) so that bubblewrap can be used from the initramfs.

Currently running bubblewrap from the initramfs fails with bwrap: pivot_root: Invalid argument

[smcv]

so that bubblewrap can be used from the initramfs

What's your use-case for using bubblewrap in an initramfs?

During early boot, at which point you are root and already have every privilege that could possibly exist, a tool that is not constrained by being designed for use by unprivileged users might be more successful.

[DaanDeMeyer]

What's your use-case for using bubblewrap in an initramfs?

I often boot straight into an initramfs as it is faster and easier than building and booting into a full disk image.

During early boot, at which point you are root and already have every privilege that could possibly exist, a tool that is not constrained by being designed for use by unprivileged users might be more successful.

Sure, but the tool I maintain (https://github.com/systemd/mkosi) does have those constraints and is specifically intended to be used by unprivileged users. It just so happens that I also want to be able to run it from an initramfs. Supporting an alternative to bubblewrap in mkosi just to be able to run mkosi from an initramfs seems like a huge amount of work compared to making sure bubblewrap can operate in an initramfs.

[rusty-snake]

Related: #595