GNU bug report logs - #45066
guix environment --container is borken

Previous Next

Package: guix;

Reported by: luhux <luhux <at> outlook.com>

Date: Sun, 6 Dec 2020 09:15:01 UTC

Severity: normal

Merged with 45069

Done: Marius Bakke <marius <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 45066 in the body.
You can then email your comments to 45066 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to bug-guix <at> gnu.org:
bug#45066; Package guix. (Sun, 06 Dec 2020 09:15:02 GMT) Full text and rfc822 format available.

Acknowledgement sent to luhux <luhux <at> outlook.com>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Sun, 06 Dec 2020 09:15:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: luhux <luhux <at> outlook.com>
To: bug-guix <at> gnu.org
Subject: guix environment --container is borken
Date: Sun, 06 Dec 2020 16:59:41 +0800
[Message part 1 (text/plain, inline)]
In the new guix `guix environment --container` is borken.

The reason lies in the 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e of the master branch:



It checks if the file exists and then returns a boolean




None of my 3 Guix System machines have this file but they can still run unprivileged containers.

Please fix it,

thanks very much


luhux
[Message part 2 (text/html, inline)]

Merged 45066 45069. Request was from Tobias Geerinckx-Rice <me <at> tobias.gr> to control <at> debbugs.gnu.org. (Sun, 06 Dec 2020 15:50:02 GMT) Full text and rfc822 format available.

Information forwarded to bug-guix <at> gnu.org:
bug#45066; Package guix. (Sun, 06 Dec 2020 17:11:01 GMT) Full text and rfc822 format available.

Message #10 received at 45066 <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: luhux <luhux <at> outlook.com>, 45066 <at> debbugs.gnu.org
Subject: Re: bug#45066: guix environment --container is borken
Date: Sun, 06 Dec 2020 18:05:49 +0100
Hi,

On Sun, 06 Dec 2020 at 16:59, luhux <luhux <at> outlook.com> wrote:
> In the new guix `guix environment --container` is borken.

It is not broken.

> Please fix it,

Please fix your config. :-)


The message says:

--8<---------------cut here---------------start------------->8---
$ guix environment -C --ad-hoc hello -- hello 
guix environment: error: cannot create container: unprivileged user cannot create user namespaces
guix environment: error: please set /proc/sys/kernel/unprivileged_userns_clone to "1"
--8<---------------cut here---------------end--------------->8---

Have you tried the recommendation?

--8<---------------cut here---------------start------------->8---
$ su -
Password: 
# echo 1 > /proc/sys/kernel/unprivileged_userns_clone 
# logout

$ guix environment -C --ad-hoc hello -- hello 
Hello, world!
--8<---------------cut here---------------end--------------->8---

Feel free to comment on the thread:

<https://yhetil.org/guix/e5c86d238ca5174b745b8ea6cb0cb6ad6b20aa5e.camel <at> yasuaki.com>

if it does not work for you.


If no major objection, I am closing.

All the best,
simon




Reply sent to Marius Bakke <marius <at> gnu.org>:
You have taken responsibility. (Sun, 06 Dec 2020 21:03:02 GMT) Full text and rfc822 format available.

Notification sent to luhux <luhux <at> outlook.com>:
bug acknowledged by developer. (Sun, 06 Dec 2020 21:03:02 GMT) Full text and rfc822 format available.

Message #15 received at 45066-done <at> debbugs.gnu.org (full text, mbox):

From: Marius Bakke <marius <at> gnu.org>
To: zimoun <zimon.toutoune <at> gmail.com>, luhux <luhux <at> outlook.com>,
 45066-done <at> debbugs.gnu.org
Subject: Re: bug#45066: guix environment --container is borken
Date: Sun, 06 Dec 2020 22:02:14 +0100
[Message part 1 (text/plain, inline)]
zimoun <zimon.toutoune <at> gmail.com> skriver:

> Hi,
>
> On Sun, 06 Dec 2020 at 16:59, luhux <luhux <at> outlook.com> wrote:
>> In the new guix `guix environment --container` is borken.
>
> It is not broken.

It was broken.  :-)

> Have you tried the recommendation?
>
> --8<---------------cut here---------------start------------->8---
> $ su -
> Password: 
> # echo 1 > /proc/sys/kernel/unprivileged_userns_clone 
> # logout
>
> $ guix environment -C --ad-hoc hello -- hello 
> Hello, world!
> --8<---------------cut here---------------end--------------->8---

...because this only works on the Debian kernel.

We need to find a more robust test for user namespaces, but for now I
reverted the commit.

Closing!  Thanks for the report luhux.  :-)
[signature.asc (application/pgp-signature, inline)]

Reply sent to Marius Bakke <marius <at> gnu.org>:
You have taken responsibility. (Sun, 06 Dec 2020 21:03:02 GMT) Full text and rfc822 format available.

Notification sent to yasu <yasu <at> yasuaki.com>:
bug acknowledged by developer. (Sun, 06 Dec 2020 21:03:02 GMT) Full text and rfc822 format available.

Information forwarded to bug-guix <at> gnu.org:
bug#45066; Package guix. (Mon, 07 Dec 2020 00:54:01 GMT) Full text and rfc822 format available.

Message #23 received at 45066-done <at> debbugs.gnu.org (full text, mbox):

From: zimoun <zimon.toutoune <at> gmail.com>
To: Marius Bakke <marius <at> gnu.org>, luhux <luhux <at> outlook.com>,
 45066-done <at> debbugs.gnu.org
Subject: Re: bug#45066: guix environment --container is borken
Date: Mon, 07 Dec 2020 01:52:23 +0100
Hi Marius,

On Sun, 06 Dec 2020 at 22:02, Marius Bakke <marius <at> gnu.org> wrote:

>> Have you tried the recommendation?

> It was broken.  :-)

[...]

> ...because this only works on the Debian kernel.

Therefore, what does the recommendation mean?  From [1] on Guix System:

--8<---------------cut here---------------start------------->8---
~/co/guix (master)$ guix environment -C guix
guix environment: error: cannot create container: unprivileged user cannot create user namespaces
guix environment: error: please set /proc/sys/kernel/unprivileged_userns_clone to "1"
--8<---------------cut here---------------end--------------->8---


1: <https://yhetil.org/guix/e5c86d238ca5174b745b8ea6cb0cb6ad6b20aa5e.camel <at> yasuaki.com>


> We need to find a more robust test for user namespaces, but for now I
> reverted the commit.

How do you «set /proc/sys/kernel/unprivileged_userns_clone to "1"» on
Guix System?


BTW, reverting means reopen #31977; I did.


All the best,
simon





bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Wed, 03 Feb 2021 12:24:08 GMT) Full text and rfc822 format available.

This bug report was last modified 3 years and 53 days ago.

Previous Next


GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.