Prevent attempted writes to /sys and /proc in containers.

Containers generally bind-mount /sys and /proc, so if dnf or rpm attempts to
write to write to one of them it can cause issues with the host system, or just
fail alltogether.  We set an rpm macro to prevent this from happening.

migrate2rocky/migrate2rocky.sh

@@ -186,6 +186,9 @@ exit_clean () {
     if [[ -d "$tmp_dir" ]]; then
 	rm -rf "$tmp_dir"
     fi
+    if [[ -f "$container_macros" ]]; then
+	rm -f "$container_macros"
+    fi
 }
 
 pre_check () {
@@ -609,7 +612,8 @@ $'because continuing with the migration could cause further damage to system.'
 }
 
 convert_info_dir=/root/convert
-unset convert_to_rocky reinstall_all_rpms verify_all_rpms update_efi
+unset convert_to_rocky reinstall_all_rpms verify_all_rpms update_efi \
+    container_macros
 
 usage() {
   printf '%s\n' \
@@ -850,9 +854,13 @@ efi_check () {
 	exit_message "/sys is not accessible."
     fi
     
-    # Now that we know /sys is reliable, use it to check if we are running on EFI or not
+    # Now that we know /sys is reliable, use it to check if we are running on
-    if [[ -d /sys/firmware/efi/ ]] && ! systemd-detect-virt --quiet --container
+    # EFI or not
-    then
+    if systemd-detect-virt --quiet --container; then
+	declare -g container_macros
+	container_macros=$(mktemp /etc/rpm/macros.zXXXXXX)
+	printf '%s\n' '%_netsharedpath /sys:/proc' > "$container_macros"
+    elif [[ -d /sys/firmware/efi/ ]]; then
 	declare -g update_efi
 	update_efi=true
     fi