From c9b912bfab8b534f9b20d5569d93c09a356aa4ae Mon Sep 17 00:00:00 2001
From: Mingyang Li <tslmy@outlook.com>
Date: Sat, 30 May 2026 10:10:47 -0700
Subject: [PATCH] Fix: set `vm.mmap_min_addr=0` in the `--privileged` container
 before the chroot.

`sqv` (the ARM OpenPGP verifier used by apt) needs to mmap at address `0x1000`, but `vm.mmap_min_addr` is too high.
---
 Makefile | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/Makefile b/Makefile
index 44568ea..61aad5b 100644
--- a/Makefile
+++ b/Makefile
@@ -159,6 +159,12 @@ brainux:
 	sudo cp /usr/bin/qemu-arm-static brainux/usr/bin/
 	sudo cp ./os-brainux/setup_brainux.sh brainux/
 	sudo ./os-brainux/override-pre.sh ./os-brainux/override ./brainux
+
+	# Allow qemu-arm-static to reserve the guest address space at low virtual
+	# addresses (0x1000).  On Linux hosts vm.mmap_min_addr defaults to 65536
+	# which blocks the reservation, causing armel binaries like sqv (apt's
+	# OpenPGP verifier) to fail.  This requires --privileged in Docker.
+	sudo sh -c 'echo 0 > /proc/sys/vm/mmap_min_addr'
 	sudo -E chroot brainux /setup_brainux.sh
 	sudo rm brainux/setup_brainux.sh
 	sudo ./os-brainux/override.sh ./os-brainux/override ./brainux