From e9b385a6369b18423142eb36eae04ec6a34d5895 Mon Sep 17 00:00:00 2001
From: Jack Rosenthal <jack@rosenth.al>
Date: Fri, 29 Sep 2023 15:35:52 -0600
Subject: [PATCH] alpm: Don't chroot() to "/"

chroot() requires CAP_SYS_CHROOT.  If the caller has put us in the
right root directory already, don't call chroot().  This allows
running pacman in a containerized environment without CAP_SYS_CHROOT.
---
 lib/libalpm/util.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lib/libalpm/util.c b/lib/libalpm/util.c
index b7454e49..55003b9a 100644
--- a/lib/libalpm/util.c
+++ b/lib/libalpm/util.c
@@ -655,7 +655,9 @@ int _alpm_run_chroot(alpm_handle_t *handle, const char *cmd, char *const argv[],
 		}
 
 		/* use fprintf instead of _alpm_log to send output through the parent */
-		if(chroot(handle->root) != 0) {
+		/* don't chroot() to "/": this allows running with less caps when the
+		 * caller puts us in the right root */
+		if(strcmp(handle->root, "/") != 0 && chroot(handle->root) != 0) {
 			fprintf(stderr, _("could not change the root directory (%s)\n"), strerror(errno));
 			exit(1);
 		}