GNU bug report logs - #46292
‘guix environment -C’ fails with Linux 4.19 (Debian)

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.

Package: guix; Reported by: Ludovic Courtès <ludovic.courtes@HIDDEN>; Done: Ludovic Courtès <ludo@HIDDEN>; Maintainer for guix is bug-guix@HIDDEN.

Message received at 46292-done <at> debbugs.gnu.org:


Received: (at 46292-done) by debbugs.gnu.org; 25 Feb 2021 10:43:18 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 25 05:43:18 2021
Received: from localhost ([127.0.0.1]:36757 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lFE74-0007dS-1q
	for submit <at> debbugs.gnu.org; Thu, 25 Feb 2021 05:43:18 -0500
Received: from eggs.gnu.org ([209.51.188.92]:59652)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1lFE72-0007dB-T7
 for 46292-done <at> debbugs.gnu.org; Thu, 25 Feb 2021 05:43:17 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52923)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1lFE6w-0008NX-MQ; Thu, 25 Feb 2021 05:43:10 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=43126 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1lFE6w-0008BH-4E; Thu, 25 Feb 2021 05:43:10 -0500
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
 =?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
References: <87h7ms8658.fsf@HIDDEN>
 <20210210060403.GA15175@HIDDEN> <877dn5sj14.fsf_-_@HIDDEN>
 <20210218132334.GC20744@HIDDEN> <871rd8e8p2.fsf@HIDDEN>
 <20210222105736.GA31789@HIDDEN> <8735xob3ua.fsf@HIDDEN>
Date: Thu, 25 Feb 2021 11:43:08 +0100
In-Reply-To: <8735xob3ua.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?=
 =?utf-8?Q?s?= message of "Mon, 22 Feb 2021 14:59:41 +0100")
Message-ID: <87tuq0zav7.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46292-done
Cc: 46292-done <at> debbugs.gnu.org, Dimitri DELABROYE <dimitri.delabroye@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Pushed as dcb640f02b1f9590c3bd4301a22bf31bd60c56d4, thanks!

Ludo=E2=80=99.




Notification sent to Ludovic Courtès <ludovic.courtes@HIDDEN>:
bug acknowledged by developer. Full text available.
Reply sent to Ludovic Courtès <ludo@HIDDEN>:
You have taken responsibility. Full text available.

Message received at 46292 <at> debbugs.gnu.org:


Received: (at 46292) by debbugs.gnu.org; 22 Feb 2021 16:44:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 11:44:38 2021
Received: from localhost ([127.0.0.1]:57380 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lEEK1-0002Ix-TW
	for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 11:44:38 -0500
Received: from eggs.gnu.org ([209.51.188.92]:44590)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1lEEJz-0002IP-3j
 for 46292 <at> debbugs.gnu.org; Mon, 22 Feb 2021 11:44:32 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:57978)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1lEEJs-0007K8-UJ; Mon, 22 Feb 2021 11:44:24 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39738 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@HIDDEN>)
 id 1lEEJs-0000oc-0P; Mon, 22 Feb 2021 11:44:24 -0500
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 46292 <at> debbugs.gnu.org
Subject: [PATCH 3/3] file-systems: 'mount-file-system' preserves source flags
 for bind mounts.
Date: Mon, 22 Feb 2021 17:44:13 +0100
Message-Id: <20210222164413.30996-3-ludo@HIDDEN>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <20210222164413.30996-1-ludo@HIDDEN>
References: <8735xob3ua.fsf@HIDDEN>
 <20210222164413.30996-1-ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46292
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludovic.courtes@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

From: Ludovic Courtès <ludovic.courtes@HIDDEN>

Fixes <https://bugs.gnu.org/46292>.

* gnu/build/file-systems.scm (mount-file-system): If FS is a bind mount,
add its original mount flags to FLAGS.
---
 gnu/build/file-systems.scm | 45 +++++++++++++++++++++++++-------------
 1 file changed, 30 insertions(+), 15 deletions(-)

diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index ddf6117b67..aca4aad848 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2020 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2020, 2021 Ludovic Courtès <ludo@HIDDEN>
 ;;; Copyright © 2016, 2017 David Craven <david@HIDDEN>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@HIDDEN>
 ;;; Copyright © 2019 Guillaume Le Vaillant <glv@HIDDEN>
@@ -909,12 +909,27 @@ corresponds to the symbols listed in FLAGS."
                             (if options
                                 (string-append "," options)
                                 "")))))
-  (let ((type        (file-system-type fs))
-        (options     (file-system-options fs))
-        (source      (canonicalize-device-spec (file-system-device fs)))
-        (mount-point (string-append root "/"
-                                    (file-system-mount-point fs)))
-        (flags       (mount-flags->bit-mask (file-system-flags fs))))
+  (let* ((type    (file-system-type fs))
+         (source  (canonicalize-device-spec (file-system-device fs)))
+         (target  (string-append root "/"
+                                 (file-system-mount-point fs)))
+         (flags   (logior (mount-flags->bit-mask (file-system-flags fs))
+
+                          ;; For bind mounts, preserve the original flags such
+                          ;; as MS_NOSUID, etc.  Failing to do that, the
+                          ;; MS_REMOUNT call below fails with EPERM.
+                          ;; See <https://bugs.gnu.org/46292>
+                          (if (memq 'bind-mount (file-system-flags fs))
+                              (or (and=> (find (let ((devno (stat:dev
+                                                             (lstat source))))
+                                                 (lambda (mount)
+                                                   (= (mount-device-number mount)
+                                                      devno)))
+                                               (mounts))
+                                         mount-flags)
+                                  0)
+                              0)))
+         (options (file-system-options fs)))
     (when (file-system-check? fs)
       (check-file-system source type))
 
@@ -925,24 +940,24 @@ corresponds to the symbols listed in FLAGS."
         ;; needed.
         (if (and (= MS_BIND (logand flags MS_BIND))
                  (not (file-is-directory? source)))
-            (unless (file-exists? mount-point)
-              (mkdir-p (dirname mount-point))
-              (call-with-output-file mount-point (const #t)))
-            (mkdir-p mount-point))
+            (unless (file-exists? target)
+              (mkdir-p (dirname target))
+              (call-with-output-file target (const #t)))
+            (mkdir-p target))
 
         (cond
          ((string-prefix? "nfs" type)
-          (mount-nfs source mount-point type flags options))
+          (mount-nfs source target type flags options))
          (else
-          (mount source mount-point type flags options)))
+          (mount source target type flags options)))
 
         ;; For read-only bind mounts, an extra remount is needed, as per
         ;; <http://lwn.net/Articles/281157/>, which still applies to Linux
         ;; 4.0.
         (when (and (= MS_BIND (logand flags MS_BIND))
                    (= MS_RDONLY (logand flags MS_RDONLY)))
-          (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY)))
-            (mount source mount-point type flags #f))))
+          (let ((flags (logior MS_REMOUNT flags)))
+            (mount source target type flags options))))
       (lambda args
         (or (file-system-mount-may-fail? fs)
             (apply throw args))))))
-- 
2.30.0





Information forwarded to bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.

Message received at 46292 <at> debbugs.gnu.org:


Received: (at 46292) by debbugs.gnu.org; 22 Feb 2021 16:44:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 11:44:33 2021
Received: from localhost ([127.0.0.1]:57378 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lEEK1-0002Ip-9J
	for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 11:44:33 -0500
Received: from eggs.gnu.org ([209.51.188.92]:44582)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1lEEJy-0002IN-By
 for 46292 <at> debbugs.gnu.org; Mon, 22 Feb 2021 11:44:31 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:57977)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1lEEJr-0007K0-Mg; Mon, 22 Feb 2021 11:44:24 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39738 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@HIDDEN>)
 id 1lEEJr-0000oc-8a; Mon, 22 Feb 2021 11:44:23 -0500
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 46292 <at> debbugs.gnu.org
Subject: [PATCH 2/3] syscalls: Add 'mounts' and the <mount> record type.
Date: Mon, 22 Feb 2021 17:44:12 +0100
Message-Id: <20210222164413.30996-2-ludo@HIDDEN>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <20210222164413.30996-1-ludo@HIDDEN>
References: <8735xob3ua.fsf@HIDDEN>
 <20210222164413.30996-1-ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46292
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

* guix/build/syscalls.scm (<mount>): New record type.
(option-string->mount-flags, mount-flags)
(octal-decode, mounts): New procedures.
(mount-points): Rewrite in terms of 'mount'.
* tests/syscalls.scm ("mounts"): New test.
---
 guix/build/syscalls.scm | 112 +++++++++++++++++++++++++++++++++++++---
 tests/syscalls.scm      |  16 +++++-
 2 files changed, 121 insertions(+), 7 deletions(-)

diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index b19a7a271b..552343a481 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@HIDDEN>
 ;;; Copyright © 2015 David Thompson <davet@HIDDEN>
 ;;; Copyright © 2015 Mark H Weaver <mhw@HIDDEN>
 ;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@HIDDEN>
@@ -54,7 +54,18 @@
             UMOUNT_NOFOLLOW
 
             restart-on-EINTR
+
+            mount?
+            mount-device-number
+            mount-source
+            mount-point
+            mount-type
+            mount-options
+            mount-flags
+
+            mounts
             mount-points
+
             swapon
             swapoff
 
@@ -521,17 +532,106 @@ constants from <sys/mount.h>."
       (when update-mtab?
         (remove-from-mtab target)))))
 
-(define (mount-points)
-  "Return the mounts points for currently mounted file systems."
-  (call-with-input-file "/proc/mounts"
+;; Mount point information.
+(define-record-type <mount>
+  (%mount source point devno type options)
+  mount?
+  (devno    mount-device-number)                  ;st_dev
+  (source   mount-source)                         ;string
+  (point    mount-point)                          ;string
+  (type     mount-type)                           ;string
+  (options  mount-options))                       ;string
+
+(define (option-string->mount-flags str)
+  "Parse the \"option string\" STR as it appears in /proc/mounts and similar,
+and return two values: a mount bitmask (inclusive or of MS_* constants), and
+the remaining unprocessed options."
+  ;; Why do we need to do this?  Because mount flags and mount options are
+  ;; often lumped together; this is the case in /proc/mounts & co., so we need
+  ;; to extract the bits that actually correspond to mount flags.
+
+  (define not-comma
+    (char-set-complement (char-set #\,)))
+
+  (define lst
+    (string-tokenize str not-comma))
+
+  (let loop ((options   lst)
+             (mask      0)
+             (remainder '()))
+    (match options
+      (()
+       (values mask (string-concatenate-reverse remainder)))
+      ((head . tail)
+       (letrec-syntax ((match-options (syntax-rules (=>)
+                                        ((_)
+                                         (loop tail mask
+                                               (cons head remainder)))
+                                        ((_ (str => bit) rest ...)
+                                         (if (string=? str head)
+                                             (loop tail (logior bit mask)
+                                                   remainder)
+                                             (match-options rest ...))))))
+         (match-options ("rw"         => 0)
+                        ("ro"         => MS_RDONLY)
+                        ("nosuid"     => MS_NOSUID)
+                        ("nodev"      => MS_NODEV)
+                        ("noexec"     => MS_NOEXEC)
+                        ("relatime"   => MS_RELATIME)
+                        ("noatime"    => MS_NOATIME)))))))
+
+(define (mount-flags mount)
+  "Return the mount flags of MOUNT, a <mount> record, as an inclusive or of
+MS_* constants."
+  (option-string->mount-flags (mount-options mount)))
+
+(define (octal-decode str)
+  "Decode octal escapes from STR and return the corresponding string.  STR may
+look like this: \"white\\040space\", which is decoded as \"white space\"."
+  (define char-set:octal
+    (char-set #\0 #\1 #\2 #\3 #\4 #\5 #\6 #\7))
+  (define (octal? c)
+    (char-set-contains? char-set:octal c))
+
+  (let loop ((chars (string->list str))
+             (result '()))
+    (match chars
+      (()
+       (list->string (reverse result)))
+      ((#\\ (? octal? a) (? octal? b) (? octal? c) . rest)
+       (loop rest
+             (cons (integer->char
+                    (string->number (list->string (list a b c)) 8))
+                   result)))
+      ((head . tail)
+       (loop tail (cons head result))))))
+
+(define (mounts)
+  "Return the list of mounts (<mount> records) visible in the namespace of the
+current process."
+  (define (string->device-number str)
+    (match (string-split str #\:)
+      (((= string->number major) (= string->number minor))
+       (+ (* major 256) minor))))
+
+  (call-with-input-file "/proc/self/mountinfo"
     (lambda (port)
       (let loop ((result '()))
         (let ((line (read-line port)))
           (if (eof-object? line)
               (reverse result)
               (match (string-tokenize line)
-                ((source mount-point _ ...)
-                 (loop (cons mount-point result))))))))))
+                ((id parent-id major:minor root mount-point
+                     options _ type source _ ...)
+                 (let ((devno (string->device-number major:minor)))
+                   (loop (cons (%mount (octal-decode source)
+                                       (octal-decode mount-point)
+                                       devno type options)
+                               result)))))))))))
+
+(define (mount-points)
+  "Return the mounts points for currently mounted file systems."
+  (map mount-point (mounts)))
 
 (define swapon
   (let ((proc (syscall->procedure int "swapon" (list '* int))))
diff --git a/tests/syscalls.scm b/tests/syscalls.scm
index 09aa228e8e..706dd4177f 100644
--- a/tests/syscalls.scm
+++ b/tests/syscalls.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@HIDDEN>
 ;;; Copyright © 2015 David Thompson <davet@HIDDEN>
 ;;; Copyright © 2020 Simon South <simon@HIDDEN>
 ;;; Copyright © 2020 Mathieu Othacehe <m.othacehe@HIDDEN>
@@ -56,6 +56,20 @@
       ;; Both return values have been encountered in the wild.
       (memv (system-error-errno args) (list EPERM ENOENT)))))
 
+(test-assert "mounts"
+  ;; Check for one of the common mount points.
+  (let ((mounts (mounts)))
+    (any (match-lambda
+           ((point . type)
+            (let ((mount (find (lambda (mount)
+                                 (string=? (mount-point mount) point))
+                               mounts)))
+              (and mount
+                   (string=? (mount-type mount) type)))))
+         '(("/proc"    . "proc")
+           ("/sys"     . "sysfs")
+           ("/dev/shm" . "tmpfs")))))
+
 (test-assert "mount-points"
   ;; Reportedly "/" is not always listed as a mount point, so check a few
   ;; others (see <http://bugs.gnu.org/20261>.)
-- 
2.30.0





Information forwarded to bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.

Message received at 46292 <at> debbugs.gnu.org:


Received: (at 46292) by debbugs.gnu.org; 22 Feb 2021 16:44:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 11:44:33 2021
Received: from localhost ([127.0.0.1]:57376 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lEEK1-0002In-1q
	for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 11:44:33 -0500
Received: from eggs.gnu.org ([209.51.188.92]:44578)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1lEEJy-0002IM-Bb
 for 46292 <at> debbugs.gnu.org; Mon, 22 Feb 2021 11:44:31 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:57976)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1lEEJq-0007Jx-WB; Mon, 22 Feb 2021 11:44:24 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39738 helo=gnu.org)
 by fencepost.gnu.org with esmtpsa
 (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
 (envelope-from <ludo@HIDDEN>)
 id 1lEEJq-0000oc-Gl; Mon, 22 Feb 2021 11:44:22 -0500
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 46292 <at> debbugs.gnu.org
Subject: [PATCH 1/3] syscalls: Define MS_RELATIME.
Date: Mon, 22 Feb 2021 17:44:11 +0100
Message-Id: <20210222164413.30996-1-ludo@HIDDEN>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <8735xob3ua.fsf@HIDDEN>
References: <8735xob3ua.fsf@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46292
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

* guix/build/syscalls.scm (MS_RELATIME): New variable.
---
 guix/build/syscalls.scm | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 85c1c45f81..b19a7a271b 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -43,9 +43,10 @@
             MS_NOEXEC
             MS_REMOUNT
             MS_NOATIME
+            MS_STRICTATIME
+            MS_RELATIME
             MS_BIND
             MS_MOVE
-            MS_STRICTATIME
             MS_LAZYTIME
             MNT_FORCE
             MNT_DETACH
@@ -466,6 +467,7 @@ the returned procedure is called."
 (define MS_NOATIME         1024)
 (define MS_BIND            4096)
 (define MS_MOVE            8192)
+(define MS_RELATIME     2097152)
 (define MS_STRICTATIME 16777216)
 (define MS_LAZYTIME    33554432)
 
-- 
2.30.0





Information forwarded to bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.

Message received at 46292 <at> debbugs.gnu.org:


Received: (at 46292) by debbugs.gnu.org; 22 Feb 2021 13:59:54 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 08:59:54 2021
Received: from localhost ([127.0.0.1]:56027 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lEBkc-0008AR-I6
	for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 08:59:54 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:54182)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludovic.courtes@HIDDEN>) id 1lEBka-0008AC-Pr
 for 46292 <at> debbugs.gnu.org; Mon, 22 Feb 2021 08:59:49 -0500
X-IronPort-AV: E=Sophos;i="5.81,197,1610406000"; d="scan'208";a="373771688"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
 by mail3-relais-sop.national.inria.fr with
 ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Feb 2021 14:59:42 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
 =?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
References: <87h7ms8658.fsf@HIDDEN>
 <20210210060403.GA15175@HIDDEN> <877dn5sj14.fsf_-_@HIDDEN>
 <20210218132334.GC20744@HIDDEN> <871rd8e8p2.fsf@HIDDEN>
 <20210222105736.GA31789@HIDDEN>
Date: Mon, 22 Feb 2021 14:59:41 +0100
In-Reply-To: <20210222105736.GA31789@HIDDEN> (Lucas Nussbaum's
 message of "Mon, 22 Feb 2021 11:57:36 +0100")
Message-ID: <8735xob3ua.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
Cc: 46292 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi,

Lucas Nussbaum <lucas.nussbaum@HIDDEN> skribis:

>>From strace:
> mount("/tmp/t", "/tmp/m", 0x55e75bf38cb0, MS_RDONLY|MS_NOSUID|MS_REMOUNT|=
MS_BIND, NULL) =3D 0
>
> MS_NOSUID is missing from mountflags in your invocation. Apparently data
> can be NULL.

Ooooh, got it.  It=E2=80=99s another instance of the mount flag vs. option
confusion (/proc/mounts & co. lump flags and options together in one
string).

The attached patch solves that.  I=E2=80=99ll polish it and push soon.

Thank you!

Ludo=E2=80=99.


--=-=-=
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index ddf6117b67..527c51cea0 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright =C2=A9 2014, 2015, 2016, 2017, 2018, 2020 Ludovic Court=C3=
=A8s <ludo@HIDDEN>
+;;; Copyright =C2=A9 2014, 2015, 2016, 2017, 2018, 2020, 2021 Ludovic Cour=
t=C3=A8s <ludo@HIDDEN>
 ;;; Copyright =C2=A9 2016, 2017 David Craven <david@HIDDEN>
 ;;; Copyright =C2=A9 2017 Mathieu Othacehe <m.othacehe@HIDDEN>
 ;;; Copyright =C2=A9 2019 Guillaume Le Vaillant <glv@HIDDEN>
@@ -36,6 +36,7 @@
   #:use-module (system foreign)
   #:autoload   (system repl repl) (start-repl)
   #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-9)
   #:use-module (srfi srfi-26)
   #:export (disk-partitions
             partition-label-predicate
@@ -886,6 +887,98 @@ corresponds to the symbols listed in FLAGS."
       (()
        0))))
=20
+;; Mount point information.
+(define-record-type <mount>
+  (%mount source point devno type options)
+  mount?
+  (devno    mount-device-number)                  ;st_dev
+  (source   mount-source)                         ;string
+  (point    mount-point)                          ;string
+  (type     mount-type)                           ;string
+  (options  mount-options))                       ;string
+
+(define (option-string->mount-flags str)
+  "Parse the \"option string\" STR as it appears in /proc/mounts and simil=
ar,
+and return two values: a mount bitmask (inclusive or of MS_* constants), a=
nd
+the remaining unprocessed options."
+  (define not-comma
+    (char-set-complement (char-set #\,)))
+
+  (define lst
+    (string-tokenize str not-comma))
+
+  (let loop ((options   lst)
+             (mask      0)
+             (remainder '()))
+    (match options
+      (()
+       (values mask (string-concatenate-reverse remainder)))
+      ((head . tail)
+       (letrec-syntax ((match-options (syntax-rules (=3D>)
+                                        ((_)
+                                         (loop tail mask
+                                               (cons head remainder)))
+                                        ((_ (str =3D> bit) rest ...)
+                                         (if (string=3D? str head)
+                                             (loop tail (logior bit mask)
+                                                   remainder)
+                                             (match-options rest ...))))))
+         ;; TODO: Add MS_RELATIME and more flags.
+         (match-options ("ro"      =3D> MS_RDONLY)
+                        ("nosuid"  =3D> MS_NOSUID)
+                        ("nodev"   =3D> MS_NODEV)
+                        ("noexec"  =3D> MS_NOEXEC)
+                        ("noatime" =3D> MS_NOATIME)))))))
+
+(define (mount-flags mount)
+  "Return the mount flags of MOUNT, a <mount> record, as an inclusive or of
+MS_* constants."
+  (option-string->mount-flags (mount-options mount)))
+
+(define (octal-decode str)
+  "Decode octal escapes from STR and return the corresponding string.  STR=
 may
+look like this: \"white\\040space\", which is decoded as \"white space\"."
+  (define char-set:octal
+    (char-set #\0 #\1 #\2 #\3 #\4 #\5 #\6 #\7))
+  (define (octal? c)
+    (char-set-contains? char-set:octal c))
+
+  (let loop ((chars (string->list str))
+             (result '()))
+    (match chars
+      (()
+       (list->string (reverse result)))
+      ((#\\ (? octal? a) (? octal? b) (? octal? c) . rest)
+       (loop rest
+             (cons (integer->char
+                    (string->number (list->string (list a b c)) 8))
+                   result)))
+      ((head . tail)
+       (loop tail (cons head result))))))
+
+(define (mounts)
+  "Return the list of mounts (<mount> records) visible in the namespace of=
 the
+current process."
+  (define (string->device-number str)
+    (match (string-split str #\:)
+      (((=3D string->number major) (=3D string->number minor))
+       (+ (* major 256) minor))))
+
+  (call-with-input-file "/proc/self/mountinfo"
+    (lambda (port)
+      (let loop ((result '()))
+        (let ((line (read-line port)))
+          (if (eof-object? line)
+              (reverse result)
+              (match (string-tokenize line)
+                ((id parent-id major:minor root mount-point
+                     options _ type source _ ...)
+                 (let ((devno (string->device-number major:minor)))
+                   (loop (cons (%mount (octal-decode source)
+                                       (octal-decode mount-point)
+                                       devno type options)
+                               result)))))))))))
+
 (define* (mount-file-system fs #:key (root "/root"))
   "Mount the file system described by FS, a <file-system> object, under RO=
OT."
=20
@@ -894,8 +987,8 @@ corresponds to the symbols listed in FLAGS."
            (host-part (string-take source idx))
            ;; Strip [] from around host if present
            (host (match (string-split host-part (string->char-set "[]"))
-                 (("" h "") h)
-                 ((h) h)))
+                   (("" h "") h)
+                   ((h) h)))
            (aa (match (getaddrinfo host "nfs") ((x . _) x)))
            (sa (addrinfo:addr aa))
            (inet-addr (inet-ntop (sockaddr:fam sa)
@@ -909,12 +1002,22 @@ corresponds to the symbols listed in FLAGS."
                             (if options
                                 (string-append "," options)
                                 "")))))
-  (let ((type        (file-system-type fs))
-        (options     (file-system-options fs))
-        (source      (canonicalize-device-spec (file-system-device fs)))
-        (mount-point (string-append root "/"
-                                    (file-system-mount-point fs)))
-        (flags       (mount-flags->bit-mask (file-system-flags fs))))
+  (let* ((type    (file-system-type fs))
+         (source  (canonicalize-device-spec (file-system-device fs)))
+         (target  (string-append root "/"
+                                 (file-system-mount-point fs)))
+         (flags   (logior (mount-flags->bit-mask (file-system-flags fs))
+                          (if (memq 'bind-mount (file-system-flags fs))
+                              (or (and=3D> (find (let ((devno (stat:dev
+                                                             (lstat source=
))))
+                                                 (lambda (mount)
+                                                   (=3D (mount-device-numb=
er mount)
+                                                      devno)))
+                                               (mounts))
+                                         mount-flags)
+                                  0)
+                              0)))
+         (options (file-system-options fs)))
     (when (file-system-check? fs)
       (check-file-system source type))
=20
@@ -925,24 +1028,24 @@ corresponds to the symbols listed in FLAGS."
         ;; needed.
         (if (and (=3D MS_BIND (logand flags MS_BIND))
                  (not (file-is-directory? source)))
-            (unless (file-exists? mount-point)
-              (mkdir-p (dirname mount-point))
-              (call-with-output-file mount-point (const #t)))
-            (mkdir-p mount-point))
+            (unless (file-exists? target)
+              (mkdir-p (dirname target))
+              (call-with-output-file target (const #t)))
+            (mkdir-p target))
=20
         (cond
          ((string-prefix? "nfs" type)
-          (mount-nfs source mount-point type flags options))
+          (mount-nfs source target type flags options))
          (else
-          (mount source mount-point type flags options)))
+          (mount source target type flags options)))
=20
         ;; For read-only bind mounts, an extra remount is needed, as per
         ;; <http://lwn.net/Articles/281157/>, which still applies to Linux
         ;; 4.0.
         (when (and (=3D MS_BIND (logand flags MS_BIND))
                    (=3D MS_RDONLY (logand flags MS_RDONLY)))
-          (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY)))
-            (mount source mount-point type flags #f))))
+          (let ((flags (logior MS_REMOUNT flags)))
+            (mount source target type flags options))))
       (lambda args
         (or (file-system-mount-may-fail? fs)
             (apply throw args))))))

--=-=-=--




Information forwarded to bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.

Message received at 46292 <at> debbugs.gnu.org:


Received: (at 46292) by debbugs.gnu.org; 22 Feb 2021 10:57:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 05:57:48 2021
Received: from localhost ([127.0.0.1]:55786 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lE8uS-0007pt-9V
	for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 05:57:48 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:10454)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lucas.nussbaum@HIDDEN>) id 1lE8uQ-0007pf-0f
 for 46292 <at> debbugs.gnu.org; Mon, 22 Feb 2021 05:57:47 -0500
X-IronPort-AV: E=Sophos;i="5.81,197,1610406000"; d="scan'208";a="373751926"
Received: from xanadu.blop.info ([178.79.145.134])
 by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 22 Feb 2021 11:57:39 +0100
Date: Mon, 22 Feb 2021 11:57:36 +0100
From: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@HIDDEN>
Subject: Re: bug#46292: =?utf-8?B?4oCYZ3VpeCBlbnZp?=
 =?utf-8?Q?ronment_-C=E2=80=99?= fails with Linux 4.19 (Debian)
Message-ID: <20210222105736.GA31789@HIDDEN>
References: <87h7ms8658.fsf@HIDDEN> <20210210060403.GA15175@HIDDEN>
 <877dn5sj14.fsf_-_@HIDDEN>
 <20210218132334.GC20744@HIDDEN> <871rd8e8p2.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <871rd8e8p2.fsf@HIDDEN>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
Cc: 46292 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

On 22/02/21 at 10:46 +0100, Ludovic Courtès wrote:
> Hi Lucas,
> 
> Lucas Nussbaum <lucas.nussbaum@HIDDEN> skribis:
> 
> > On 18/02/21 at 12:38 +0100, Ludovic Courtès wrote:
> 
> [...]
> 
> >> I tried grabbing mount options from there and reapplying them to the
> >> MS_REMOUNT call (patch below).  However, that still doesn’t work:
> >> 
> >> --8<---------------cut here---------------start------------->8---
> >> 14273 mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16", "/tmp/guix-directory.Plgkgt//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16", 0x236a4b0, MS_RDONLY|MS_REMOUNT|MS_BIND, "rw,nosuid,nodev,relatime") = -1 EPERM (Operation not permitted)
> >> --8<---------------cut here---------------end--------------->8---
> >
> > That's strange: it worked in my manual tests.
> 
> I investigated some more and can’t get it to work.  Do you happen to
> have a working invocation or C snippet?

Here is an example:

root@grisou-48:/tmp# mkdir t m

without nosuid:

root@grisou-48:/tmp# unshare -mrf
mesg: cannot open /dev/pts/0: Permission denied
root@grisou-48:/tmp# mount --bind t m
root@grisou-48:/tmp# mount --bind -r -o remount ./t ./m
root@grisou-48:/tmp# logout

now remount with nosuid:

root@grisou-48:/tmp# mount -o remount,nosuid /tmp
root@grisou-48:/tmp# mount |grep /tmp
/dev/sda5 on /tmp type ext4 (rw,nosuid,relatime)

and try again:

root@grisou-48:/tmp# unshare -mrf
mesg: cannot open /dev/pts/0: Permission denied
root@grisou-48:/tmp# mount --bind t m
root@grisou-48:/tmp# mount |grep /tmp
/dev/sda5 on /tmp type ext4 (rw,nosuid,relatime)
/dev/sda5 on /tmp/m type ext4 (rw,nosuid,relatime)
root@grisou-48:/tmp# mount --bind -r -o remount ./t ./m
mount: /tmp/m: permission denied.

^ that's expected
but it works when specifying nosuid:

root@grisou-48:/tmp# mount --bind -r -o remount,nosuid ./t ./m
root@grisou-48:/tmp# 

From strace:
mount("/tmp/t", "/tmp/m", 0x55e75bf38cb0, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_BIND, NULL) = 0

MS_NOSUID is missing from mountflags in your invocation. Apparently data
can be NULL.
-- 
Lucas Nussbaum   <lucas.nussbaum@HIDDEN>   +33 3 54 95 86 19
Responsable du programme plateformes d'expérimentation
DDO-SDT - Direction Générale Déléguée à l'Innovation - Inria




Information forwarded to bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.

Message received at 46292 <at> debbugs.gnu.org:


Received: (at 46292) by debbugs.gnu.org; 22 Feb 2021 09:46:44 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 04:46:44 2021
Received: from localhost ([127.0.0.1]:55667 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lE7nf-00064a-VE
	for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 04:46:44 -0500
Received: from eggs.gnu.org ([209.51.188.92]:50734)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@HIDDEN>) id 1lE7nd-00064M-Vc
 for 46292 <at> debbugs.gnu.org; Mon, 22 Feb 2021 04:46:42 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:51420)
 by eggs.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@HIDDEN>)
 id 1lE7nY-0000bX-1F; Mon, 22 Feb 2021 04:46:36 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=42332 helo=ribbon)
 by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
 (Exim 4.82) (envelope-from <ludo@HIDDEN>)
 id 1lE7nW-000154-TM; Mon, 22 Feb 2021 04:46:35 -0500
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
 =?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
References: <87h7ms8658.fsf@HIDDEN>
 <20210210060403.GA15175@HIDDEN> <877dn5sj14.fsf_-_@HIDDEN>
 <20210218132334.GC20744@HIDDEN>
Date: Mon, 22 Feb 2021 10:46:33 +0100
In-Reply-To: <20210218132334.GC20744@HIDDEN> (Lucas Nussbaum's
 message of "Thu, 18 Feb 2021 14:23:34 +0100")
Message-ID: <871rd8e8p2.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46292
Cc: 46292 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Hi Lucas,

Lucas Nussbaum <lucas.nussbaum@HIDDEN> skribis:

> On 18/02/21 at 12:38 +0100, Ludovic Court=C3=A8s wrote:

[...]

>> I tried grabbing mount options from there and reapplying them to the
>> MS_REMOUNT call (patch below).  However, that still doesn=E2=80=99t work:
>>=20
>> --8<---------------cut here---------------start------------->8---
>> 14273 mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0=
.16", "/tmp/guix-directory.Plgkgt//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2n=
kh-bash-static-5.0.16", 0x236a4b0, MS_RDONLY|MS_REMOUNT|MS_BIND, "rw,nosuid=
,nodev,relatime") =3D -1 EPERM (Operation not permitted)
>> --8<---------------cut here---------------end--------------->8---
>
> That's strange: it worked in my manual tests.

I investigated some more and can=E2=80=99t get it to work.  Do you happen to
have a working invocation or C snippet?

Thanks,
Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.

Message received at 46292 <at> debbugs.gnu.org:


Received: (at 46292) by debbugs.gnu.org; 18 Feb 2021 15:09:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 18 10:09:43 2021
Received: from localhost ([127.0.0.1]:47704 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lCkw3-0000qh-Aw
	for submit <at> debbugs.gnu.org; Thu, 18 Feb 2021 10:09:43 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:54010)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lucas.nussbaum@HIDDEN>) id 1lCjU2-0006gz-P5
 for 46292 <at> debbugs.gnu.org; Thu, 18 Feb 2021 08:36:43 -0500
X-IronPort-AV: E=Sophos;i="5.81,187,1610406000"; d="scan'208";a="373444665"
Received: from xanadu.blop.info ([178.79.145.134])
 by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 18 Feb 2021 14:36:10 +0100
Date: Thu, 18 Feb 2021 14:23:34 +0100
From: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludovic.courtes@HIDDEN>
Subject: Re: bug#46292: =?utf-8?B?4oCYZ3VpeCBlbnZp?=
 =?utf-8?Q?ronment_-C=E2=80=99?= fails with Linux 4.19 (Debian)
Message-ID: <20210218132334.GC20744@HIDDEN>
References: <87h7ms8658.fsf@HIDDEN> <20210210060403.GA15175@HIDDEN>
 <877dn5sj14.fsf_-_@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <877dn5sj14.fsf_-_@HIDDEN>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
X-Mailman-Approved-At: Thu, 18 Feb 2021 10:09:41 -0500
Cc: 46292 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi Ludovic,

On 18/02/21 at 12:38 +0100, Ludovic Courtès wrote:
> Hi Lucas,
> 
> Lucas Nussbaum <lucas.nussbaum@HIDDEN> skribis:
> 
> > This is not due to NFS, but due to the fact that the NFS mount is
> > mounted nosuid (and nodev, probably). I can reproduce it on a local
> > filesystem mounted nosuid.
> >
> > It seems that, when remounting a bind mount which is originally nosuid
> > inside a mount ns, you need to specify explicitely the nosuid option, or
> > else can_change_locked_flags()[1] will return false.
> >
> > [1] https://github.com/torvalds/linux/blame/master/fs/namespace.c#L2480
> >
> > There's a concept of "locked mount flags" that cannot be cleared by a
> > less privileged user (see [2]). Our call to 'mount -o remount' ignores the
> > fact that the filesystem is mounted nosuid (and does not include this
> > flag), so the remount call tries to remove nosuid, and fails.
> >
> > [2] https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705
> 
> Ooh, thanks for investigating!
> 
> > This probably needs to be fixed in Guix by fetching the current mount
> > flags and including them in the bind+remount+readonly call.
> > Unfortunately I did not find an easy way to convert mount flags in
> > /proc/$$/mountinfo to flags for the mount syscall...
> 
> I tried grabbing mount options from there and reapplying them to the
> MS_REMOUNT call (patch below).  However, that still doesn’t work:
> 
> --8<---------------cut here---------------start------------->8---
> 14273 mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16", "/tmp/guix-directory.Plgkgt//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16", 0x236a4b0, MS_RDONLY|MS_REMOUNT|MS_BIND, "rw,nosuid,nodev,relatime") = -1 EPERM (Operation not permitted)
> --8<---------------cut here---------------end--------------->8---

That's strange: it worked in my manual tests.

> Interestingly, the ‘mount’ command does not attempt to re-apply the
> original mount options (“nosuid” & co.):
> 
> --8<---------------cut here---------------start------------->8---
> # strace -e mount mount --bind -o ro t m
> mount("/home/lcourtes/t", "/home/lcourtes/m", 0x564dde270cb0, MS_RDONLY|MS_BIND, NULL) = 0
> mount("none", "/home/lcourtes/m", NULL, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) = -1 EPERM (Operation not permitted)
> mount: /home/lcourtes/m: filesystem was mounted, but any subsequent operation failed: Unknown error 5005.
> +++ exited with 32 +++
> # mount --version
> mount from util-linux 2.33.1 (libmount 2.33.1: selinux, smack, btrfs, namespaces, assert, debug)
> --8<---------------cut here---------------end--------------->8---
> 
> To be continued…

I think that's something I also initially misunderstood as well: mount
-o remount,<flags> essentially means: remount the filesystem with a
fresh set of flags. The set of flags previously configured is completely
ignored.

Lucas




Information forwarded to bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.

Message received at 46292 <at> debbugs.gnu.org:


Received: (at 46292) by debbugs.gnu.org; 18 Feb 2021 11:38:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 18 06:38:30 2021
Received: from localhost ([127.0.0.1]:46222 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lChdb-0005vD-6b
	for submit <at> debbugs.gnu.org; Thu, 18 Feb 2021 06:38:30 -0500
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:9561)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludovic.courtes@HIDDEN>) id 1lChdV-0005ux-Ni
 for 46292 <at> debbugs.gnu.org; Thu, 18 Feb 2021 06:38:25 -0500
X-IronPort-AV: E=Sophos;i="5.81,187,1610406000"; d="scan'208";a="493658513"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
 by mail2-relais-roc.national.inria.fr with
 ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Feb 2021 12:38:15 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
 =?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
References: <87h7ms8658.fsf@HIDDEN> <20210210060403.GA15175@HIDDEN>
Date: Thu, 18 Feb 2021 12:38:15 +0100
In-Reply-To: <20210210060403.GA15175@HIDDEN> (Lucas Nussbaum's
 message of "Wed, 10 Feb 2021 07:04:03 +0100")
Message-ID: <877dn5sj14.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
Cc: 46292 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi Lucas,

Lucas Nussbaum <lucas.nussbaum@HIDDEN> skribis:

> This is not due to NFS, but due to the fact that the NFS mount is
> mounted nosuid (and nodev, probably). I can reproduce it on a local
> filesystem mounted nosuid.
>
> It seems that, when remounting a bind mount which is originally nosuid
> inside a mount ns, you need to specify explicitely the nosuid option, or
> else can_change_locked_flags()[1] will return false.
>
> [1] https://github.com/torvalds/linux/blame/master/fs/namespace.c#L2480
>
> There's a concept of "locked mount flags" that cannot be cleared by a
> less privileged user (see [2]). Our call to 'mount -o remount' ignores the
> fact that the filesystem is mounted nosuid (and does not include this
> flag), so the remount call tries to remove nosuid, and fails.
>
> [2] https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cb=
b878dad75705

Ooh, thanks for investigating!

> This probably needs to be fixed in Guix by fetching the current mount
> flags and including them in the bind+remount+readonly call.
> Unfortunately I did not find an easy way to convert mount flags in
> /proc/$$/mountinfo to flags for the mount syscall...

I tried grabbing mount options from there and reapplying them to the
MS_REMOUNT call (patch below).  However, that still doesn=E2=80=99t work:

--8<---------------cut here---------------start------------->8---
14273 mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16=
", "/tmp/guix-directory.Plgkgt//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-=
bash-static-5.0.16", 0x236a4b0, MS_RDONLY|MS_REMOUNT|MS_BIND, "rw,nosuid,no=
dev,relatime") =3D -1 EPERM (Operation not permitted)
--8<---------------cut here---------------end--------------->8---

Interestingly, the =E2=80=98mount=E2=80=99 command does not attempt to re-a=
pply the
original mount options (=E2=80=9Cnosuid=E2=80=9D & co.):

--8<---------------cut here---------------start------------->8---
# strace -e mount mount --bind -o ro t m
mount("/home/lcourtes/t", "/home/lcourtes/m", 0x564dde270cb0, MS_RDONLY|MS_=
BIND, NULL) =3D 0
mount("none", "/home/lcourtes/m", NULL, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL)=
 =3D -1 EPERM (Operation not permitted)
mount: /home/lcourtes/m: filesystem was mounted, but any subsequent operati=
on failed: Unknown error 5005.
+++ exited with 32 +++
# mount --version
mount from util-linux 2.33.1 (libmount 2.33.1: selinux, smack, btrfs, names=
paces, assert, debug)
--8<---------------cut here---------------end--------------->8---

To be continued=E2=80=A6

Ludo=E2=80=99.


--=-=-=
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index ddf6117b67..4ecb58c8ea 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright =C2=A9 2014, 2015, 2016, 2017, 2018, 2020 Ludovic Court=C3=
=A8s <ludo@HIDDEN>
+;;; Copyright =C2=A9 2014, 2015, 2016, 2017, 2018, 2020, 2021 Ludovic Cour=
t=C3=A8s <ludo@HIDDEN>
 ;;; Copyright =C2=A9 2016, 2017 David Craven <david@HIDDEN>
 ;;; Copyright =C2=A9 2017 Mathieu Othacehe <m.othacehe@HIDDEN>
 ;;; Copyright =C2=A9 2019 Guillaume Le Vaillant <glv@HIDDEN>
@@ -36,6 +36,7 @@
   #:use-module (system foreign)
   #:autoload   (system repl repl) (start-repl)
   #:use-module (srfi srfi-1)
+  #:use-module (srfi srfi-9)
   #:use-module (srfi srfi-26)
   #:export (disk-partitions
             partition-label-predicate
@@ -886,6 +887,59 @@ corresponds to the symbols listed in FLAGS."
       (()
        0))))
=20
+(define-record-type <mount>
+  (%mount source point devno type options)
+  mount?
+  (devno    mount-device-number)                  ;st_dev
+  (source   mount-source)
+  (point    mount-point)
+  (type     mount-type)
+  (options  mount-options))
+
+(define (octal-decode str)
+  "Decode octal escapes from STR and return the corresponding string.  STR=
 may
+look like this: \"white\\040space\", which is decoded as \"white space\"."
+  (define char-set:octal
+    (char-set #\0 #\1 #\2 #\3 #\4 #\5 #\6 #\7))
+  (define (octal? c)
+    (char-set-contains? char-set:octal c))
+
+  (let loop ((chars (string->list str))
+             (result '()))
+    (match chars
+      (()
+       (list->string (reverse result)))
+      ((#\\ (? octal? a) (? octal? b) (? octal? c) . rest)
+       (loop rest
+             (cons (integer->char
+                    (string->number (list->string (list a b c)) 8))
+                   result)))
+      ((head . tail)
+       (loop tail (cons head result))))))
+
+(define (string->device-number str)
+  (match (string-split str #\:)
+    (((=3D string->number major) (=3D string->number minor))
+     (+ (* major 256) minor))))
+
+(define (mounts)
+  "Return the list of mounts (<mount> records) visible in the namespace of=
 the
+current process."
+  (call-with-input-file "/proc/self/mountinfo"
+    (lambda (port)
+      (let loop ((result '()))
+        (let ((line (read-line port)))
+          (if (eof-object? line)
+              (reverse result)
+              (match (string-tokenize line)
+                ((id parent-id major:minor root mount-point
+                     options _ _ type source _ ...)
+                 (let ((devno (string->device-number major:minor)))
+                   (loop (cons (%mount (octal-decode source)
+                                       (octal-decode mount-point)
+                                       devno type options)
+                               result)))))))))))
+
 (define* (mount-file-system fs #:key (root "/root"))
   "Mount the file system described by FS, a <file-system> object, under RO=
OT."
=20
@@ -894,8 +948,8 @@ corresponds to the symbols listed in FLAGS."
            (host-part (string-take source idx))
            ;; Strip [] from around host if present
            (host (match (string-split host-part (string->char-set "[]"))
-                 (("" h "") h)
-                 ((h) h)))
+                   (("" h "") h)
+                   ((h) h)))
            (aa (match (getaddrinfo host "nfs") ((x . _) x)))
            (sa (addrinfo:addr aa))
            (inet-addr (inet-ntop (sockaddr:fam sa)
@@ -912,7 +966,7 @@ corresponds to the symbols listed in FLAGS."
   (let ((type        (file-system-type fs))
         (options     (file-system-options fs))
         (source      (canonicalize-device-spec (file-system-device fs)))
-        (mount-point (string-append root "/"
+        (target      (string-append root "/"
                                     (file-system-mount-point fs)))
         (flags       (mount-flags->bit-mask (file-system-flags fs))))
     (when (file-system-check? fs)
@@ -925,24 +979,30 @@ corresponds to the symbols listed in FLAGS."
         ;; needed.
         (if (and (=3D MS_BIND (logand flags MS_BIND))
                  (not (file-is-directory? source)))
-            (unless (file-exists? mount-point)
-              (mkdir-p (dirname mount-point))
-              (call-with-output-file mount-point (const #t)))
-            (mkdir-p mount-point))
+            (unless (file-exists? target)
+              (mkdir-p (dirname target))
+              (call-with-output-file target (const #t)))
+            (mkdir-p target))
=20
         (cond
          ((string-prefix? "nfs" type)
-          (mount-nfs source mount-point type flags options))
+          (mount-nfs source target type flags options))
          (else
-          (mount source mount-point type flags options)))
+          (mount source target type flags options)))
=20
         ;; For read-only bind mounts, an extra remount is needed, as per
         ;; <http://lwn.net/Articles/281157/>, which still applies to Linux
         ;; 4.0.
         (when (and (=3D MS_BIND (logand flags MS_BIND))
                    (=3D MS_RDONLY (logand flags MS_RDONLY)))
-          (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY)))
-            (mount source mount-point type flags #f))))
+          (let ((flags   (logior MS_BIND MS_REMOUNT MS_RDONLY))
+                (options (and=3D> (find (let ((devno (stat:dev (lstat sour=
ce))))
+                                        (lambda (mount)
+                                          (=3D (mount-device-number mount)
+                                             devno)))
+                                      (mounts))
+                                mount-options)))
+            (mount source target type flags options))))
       (lambda args
         (or (file-system-mount-may-fail? fs)
             (apply throw args))))))

--=-=-=--




Information forwarded to bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.

Message received at 46292 <at> debbugs.gnu.org:


Received: (at 46292) by debbugs.gnu.org; 18 Feb 2021 11:36:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 18 06:36:17 2021
Received: from localhost ([127.0.0.1]:46217 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1lChbU-0005rv-Oy
	for submit <at> debbugs.gnu.org; Thu, 18 Feb 2021 06:36:16 -0500
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:31388)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludovic.courtes@HIDDEN>) id 1lChbS-0005ra-FN
 for 46292 <at> debbugs.gnu.org; Thu, 18 Feb 2021 06:36:15 -0500
X-IronPort-AV: E=Sophos;i="5.81,187,1610406000"; d="scan'208";a="493658226"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
 by mail2-relais-roc.national.inria.fr with
 ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Feb 2021 12:36:07 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: 46292 <at> debbugs.gnu.org
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
 =?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
References: <87h7ms8658.fsf@HIDDEN>
Date: Thu, 18 Feb 2021 12:36:07 +0100
In-Reply-To: <87h7ms8658.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22?=
 =?utf-8?Q?'s?= message of "Thu, 04 Feb 2021 11:43:47 +0100")
Message-ID: <878s7lsj4o.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
Cc: Dimitri DELABROYE <dimitri.delabroye@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> skribis:

> The read-only remount comes from =E2=80=98mount-file-system=E2=80=99 in (=
gnu build
> file-systems):
>
>     ;; For read-only bind mounts, an extra remount is needed, as per
>     ;; <http://lwn.net/Articles/281157/>, which still applies to Linux
>     ;; 4.0.
>     (when (and (=3D MS_BIND (logand flags MS_BIND))
>                (=3D MS_RDONLY (logand flags MS_RDONLY)))
>       (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY)))
>         (mount source mount-point type flags #f)))
>
> This recipe has been working well =E2=80=9Cforever=E2=80=9D, although it=
=E2=80=99s probably
> unnecessary with recent kernels (the LWN article is from 2008).

Apparently the extra remount is still necessary, and the =E2=80=98mount=E2=
=80=99 command
does it for you if you combine =E2=80=98--bind=E2=80=99 with =E2=80=98-o ro=
=E2=80=99:

--8<---------------cut here---------------start------------->8---
# strace -e mount mount --bind -o ro t m
mount("/tmp/t", "/tmp/m", 0xde1930, MS_RDONLY|MS_BIND, NULL) =3D 0
mount("none", "/tmp/m", NULL, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) =3D 0
+++ exited with 0 +++
# mount --version
mount from util-linux 2.35.1 (libmount 2.35.1: btrfs, namespaces, assert, d=
ebug)
# uname -sr
Linux 5.10.10-gnu
--8<---------------cut here---------------end--------------->8---

Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.

Message received at 46292 <at> debbugs.gnu.org:


Received: (at 46292) by debbugs.gnu.org; 10 Feb 2021 08:06:05 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Feb 10 03:06:05 2021
Received: from localhost ([127.0.0.1]:55379 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1l9kVg-0004Q6-Cz
	for submit <at> debbugs.gnu.org; Wed, 10 Feb 2021 03:06:05 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:43478)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <lucas.nussbaum@HIDDEN>) id 1l9ibl-0001Ix-Je
 for 46292 <at> debbugs.gnu.org; Wed, 10 Feb 2021 01:04:15 -0500
X-IronPort-AV: E=Sophos;i="5.81,167,1610406000"; d="scan'208";a="372606394"
Received: from xanadu.blop.info ([178.79.145.134])
 by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 10 Feb 2021 07:04:06 +0100
Date: Wed, 10 Feb 2021 07:04:03 +0100
From: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
To: 46292 <at> debbugs.gnu.org
Subject: more info
Message-ID: <20210210060403.GA15175@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
X-Mailman-Approved-At: Wed, 10 Feb 2021 03:06:02 -0500
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Hi,

This is not due to NFS, but due to the fact that the NFS mount is
mounted nosuid (and nodev, probably). I can reproduce it on a local
filesystem mounted nosuid.

It seems that, when remounting a bind mount which is originally nosuid
inside a mount ns, you need to specify explicitely the nosuid option, or
else can_change_locked_flags()[1] will return false.

[1] https://github.com/torvalds/linux/blame/master/fs/namespace.c#L2480

There's a concept of "locked mount flags" that cannot be cleared by a
less privileged user (see [2]). Our call to 'mount -o remount' ignores the
fact that the filesystem is mounted nosuid (and does not include this
flag), so the remount call tries to remove nosuid, and fails.

[2] https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705

This probably needs to be fixed in Guix by fetching the current mount
flags and including them in the bind+remount+readonly call.
Unfortunately I did not find an easy way to convert mount flags in
/proc/$$/mountinfo to flags for the mount syscall...

Lucas




Information forwarded to bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.

Message received at 46292 <at> debbugs.gnu.org:


Received: (at 46292) by debbugs.gnu.org; 4 Feb 2021 14:41:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 04 09:41:17 2021
Received: from localhost ([127.0.0.1]:40341 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1l7foq-0007WH-W8
	for submit <at> debbugs.gnu.org; Thu, 04 Feb 2021 09:41:17 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:50776)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludovic.courtes@HIDDEN>) id 1l7foo-0007W2-BA
 for 46292 <at> debbugs.gnu.org; Thu, 04 Feb 2021 09:41:16 -0500
X-IronPort-AV: E=Sophos;i="5.79,401,1602540000"; d="scan'208";a="372101709"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
 by mail3-relais-sop.national.inria.fr with
 ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2021 15:41:07 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: 46292 <at> debbugs.gnu.org
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
 =?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
References: <87h7ms8658.fsf@HIDDEN>
Date: Thu, 04 Feb 2021 15:41:07 +0100
In-Reply-To: <87h7ms8658.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22?=
 =?utf-8?Q?'s?= message of "Thu, 04 Feb 2021 11:43:47 +0100")
Message-ID: <87im777v5o.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
Cc: Dimitri DELABROYE <dimitri.delabroye@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> skribis:

> The problem may have to do with the fact that /gnu/store is an NFS
> mount.

Maybe not?  I tested on a similar setup where it Just Works:

--8<---------------cut here---------------start------------->8---
$ guix describe
Generation 6    Feb 04 2021 15:37:16    (current)
  guix e7195e8
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: e7195e83c85a83131c0981bae2b6e5613669ebd1
$ df -h /gnu/store
Filesystem                                Size  Used Avail Use% Mounted on
<redacted>:/GNUSTORE                      973G  118G  856G  13% /gnu/store
$ uname -rv
4.9.0-11-amd64 #1 SMP Debian 4.9.189-3+deb9u2 (2019-11-11)
$ guix environment -C --ad-hoc coreutils
[env]$ id
uid=3D11279(lcourtes) gid=3D10038(users) groups=3D10038(users),65534(overfl=
ow)
--8<---------------cut here---------------end--------------->8---

Ludo=E2=80=99.




Information forwarded to bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.

Message received at 46292 <at> debbugs.gnu.org:


Received: (at 46292) by debbugs.gnu.org; 4 Feb 2021 12:40:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 04 07:40:11 2021
Received: from localhost ([127.0.0.1]:40148 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1l7dvf-0004aE-9T
	for submit <at> debbugs.gnu.org; Thu, 04 Feb 2021 07:40:11 -0500
Received: from mail-wr1-f54.google.com ([209.85.221.54]:44620)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <zimon.toutoune@HIDDEN>) id 1l7dvZ-0004ZZ-Us
 for 46292 <at> debbugs.gnu.org; Thu, 04 Feb 2021 07:40:09 -0500
Received: by mail-wr1-f54.google.com with SMTP id d16so3268161wro.11
 for <46292 <at> debbugs.gnu.org>; Thu, 04 Feb 2021 04:40:05 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=from:to:cc:subject:in-reply-to:references:date:message-id
 :mime-version:content-transfer-encoding;
 bh=NEyvz63bq77D/FzZzZ2qP0bnwHPfpPRG27Ny9y4s/h0=;
 b=iV3Oe3gmS1plK7a0LL1qjrCBZW5COhBeknjsEfvuz84OO/Dpea/dosIFiHJ6eZK3ea
 dU3J6v2ZjN+WHw1ORa1OVk6BdZ3601ZVdhs7i3EyN+Fe9JS6ZQsn0i+8SEoj4/ObxiN0
 ERmBASQxPvXBdDVWmWgSlUSQPD3o/0jJaEf2chfC4g5uLXTHkyaUTr+CD+zjfHnfhVG4
 BgocMjr+iBPgZHN+j0zwuxzX5RXLx8tQwo0RnunhqLgc+RU4RwIFWelr4DjwnIP9nWxp
 R6aUvRpaUkiY3SKFoEcj8rEIZzXCg8mYNmxfH3Na/rZX8UHHxP8x3a7TLMaKlyjUS8sX
 EOcA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date
 :message-id:mime-version:content-transfer-encoding;
 bh=NEyvz63bq77D/FzZzZ2qP0bnwHPfpPRG27Ny9y4s/h0=;
 b=qUJ8v3agBtGbav2ITLFfQPumNWChT2WVqVJ7ho05i42CtfdPQmF4gl+aXwTJ+Jquem
 WErSvP+ukJDIQJfk2NBz8iQjXkn/Ngu6HZT6ipC2a2oDv3vu76I8e1GskhUx6ql3VFzQ
 QI6kV7Op3fgmF+ZO5VKmXNzc3Tk0YBkDCn0ckthqKqoyXU+8XIYOjtvr7qGXcKe/01N1
 cCur6rd++L5LH+8MC9SbIjzzc3MDXk7Jm3cmAv2nll8XL6zSQWnjW3OiyjyrTDS9k++t
 LAR8OOhecvuKjkBXpYrhMyp2qo7CJioTXOzXQnc6J3o1LBF9nfJvbJXVGgb3QkwJCwWG
 txqQ==
X-Gm-Message-State: AOAM532LCXntANK1rFVfSEswA+XuAMiDuc1oDHqB2OHFoJS8/aJPNpZy
 Rpe18DZGgzE1Q3taCpihKX0=
X-Google-Smtp-Source: ABdhPJy4CsFFvY+OXu06QwC+5wlKj1i02WelwpLdByIbXMagNZjLh9wr0dEsNFbTDIbqJz6EKCkwtQ==
X-Received: by 2002:adf:e4c9:: with SMTP id v9mr9009815wrm.277.1612442400014; 
 Thu, 04 Feb 2021 04:40:00 -0800 (PST)
Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e])
 by smtp.gmail.com with ESMTPSA id j7sm8531104wrp.72.2021.02.04.04.39.59
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Thu, 04 Feb 2021 04:39:59 -0800 (PST)
From: zimoun <zimon.toutoune@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>,
 46292 <at> debbugs.gnu.org
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
 =?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
In-Reply-To: <87h7ms8658.fsf@HIDDEN>
References: <87h7ms8658.fsf@HIDDEN>
Date: Thu, 04 Feb 2021 13:38:51 +0100
Message-ID: <868s84c8is.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 46292
Cc: Dimitri DELABROYE <dimitri.delabroye@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

On Thu, 04 Feb 2021 at 11:43, Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN=
r> wrote:

> --8<---------------cut here---------------start------------->8---
> $ guix environment --ad-hoc coreutils -C
> guix environment: error: mount: mount "/gnu/store/mmhimfwmmidf09jw1plw3aw=
1g1zn2nkh-bash-static-5.0.16" on "/tmp/guix-directory.Nagh8Y//gnu/store/mmh=
imfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16": Operation not permitted
> $ uname -rv
> 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28)
> $ cat /proc/sys/kernel/unprivileged_userns_clone
> 1
> --8<---------------cut here---------------end--------------->8---

With a bit older Debian than yours:

--8<---------------cut here---------------start------------->8---
$ guix environment --ad-hoc coreutils -C
[env]$ uname -rv
4.19.0-8-amd64 #1 SMP Debian 4.19.98-1 (2020-01-26)
[env]$ cat /proc/sys/kernel/unprivileged_userns_clone
1
[env]$ exit
exit
--8<---------------cut here---------------end--------------->8---

On another machine with the same kernel:

--8<---------------cut here---------------start------------->8---
$ guix environment --ad-hoc coreutils -C
[env]$ uname -rv
4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28)
[env]$ cat /proc/sys/kernel/unprivileged_userns_clone
1
[env]$ exit
exit
--8<---------------cut here---------------end--------------->8---


Maybe I misconfigured mines or something is different on yours. :-)


All the best,
simon




Information forwarded to bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 4 Feb 2021 10:43:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 04 05:43:56 2021
Received: from localhost ([127.0.0.1]:39825 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1l7c7A-0000x0-4o
	for submit <at> debbugs.gnu.org; Thu, 04 Feb 2021 05:43:56 -0500
Received: from lists.gnu.org ([209.51.188.17]:58858)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludovic.courtes@HIDDEN>) id 1l7c78-0000ws-Kz
 for submit <at> debbugs.gnu.org; Thu, 04 Feb 2021 05:43:55 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:35260)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludovic.courtes@HIDDEN>)
 id 1l7c78-0000Eb-Dd
 for bug-guix@HIDDEN; Thu, 04 Feb 2021 05:43:54 -0500
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:51632)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludovic.courtes@HIDDEN>)
 id 1l7c74-00033c-OT
 for bug-guix@HIDDEN; Thu, 04 Feb 2021 05:43:53 -0500
X-IronPort-AV: E=Sophos;i="5.79,400,1602540000"; d="scan'208";a="490816946"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
 by mail2-relais-roc.national.inria.fr with
 ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2021 11:43:47 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: <bug-guix@HIDDEN>
Subject: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C=E2=80=99?= fails
 with Linux 4.19 (Debian)
X-Debbugs-Cc: Dimitri DELABROYE <dimitri.delabroye@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 16 =?utf-8?Q?Pluvi=C3=B4se?= an 229 de la
 =?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 04 Feb 2021 11:43:47 +0100
Message-ID: <87h7ms8658.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=192.134.164.83;
 envelope-from=ludovic.courtes@HIDDEN;
 helo=mail2-relais-roc.national.inria.fr
X-Spam_score_int: -41
X-Spam_score: -4.2
X-Spam_bar: ----
X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)

I=E2=80=99m observing this:

--8<---------------cut here---------------start------------->8---
$ guix environment --ad-hoc coreutils -C
guix environment: error: mount: mount "/gnu/store/mmhimfwmmidf09jw1plw3aw1g=
1zn2nkh-bash-static-5.0.16" on "/tmp/guix-directory.Nagh8Y//gnu/store/mmhim=
fwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16": Operation not permitted
$ uname -rv
4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28)
$ cat /proc/sys/kernel/unprivileged_userns_clone
1
--8<---------------cut here---------------end--------------->8---

Excerpt of the strace log:

--8<---------------cut here---------------start------------->8---
7605  mkdir("/tmp/guix-directory.EtXAVT/dev/mqueue", 0777) =3D 0
7605  mount("mqueue", "/tmp/guix-directory.EtXAVT//dev/mqueue", "mqueue", M=
S_NOSUID|MS_NODEV|MS_NOEXEC, NULL) =3D 0
7605  stat("/home/lcourtes", {st_mode=3DS_IFDIR|0710, st_size=3D4096, ...})=
 =3D 0
7605  mkdir("/tmp", 0777)               =3D -1 EEXIST (File exists)
7605  mkdir("/tmp/guix-directory.EtXAVT", 0777) =3D -1 EEXIST (File exists)
7605  mkdir("/tmp/guix-directory.EtXAVT/home", 0777) =3D 0
7605  mkdir("/tmp/guix-directory.EtXAVT/home/lcourtes", 0777) =3D 0
7605  mount("/home/lcourtes", "/tmp/guix-directory.EtXAVT//home/lcourtes", =
0xeea390, MS_BIND, NULL) =3D 0
7605  stat("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16"=
, {st_mode=3DS_IFDIR|0555, st_size=3D4096, ...}) =3D 0
7605  mkdir("/tmp", 0777)               =3D -1 EEXIST (File exists)
7605  mkdir("/tmp/guix-directory.EtXAVT", 0777) =3D -1 EEXIST (File exists)
7605  mkdir("/tmp/guix-directory.EtXAVT/gnu", 0777) =3D 0
7605  mkdir("/tmp/guix-directory.EtXAVT/gnu/store", 0777) =3D 0
7605  mkdir("/tmp/guix-directory.EtXAVT/gnu/store/mmhimfwmmidf09jw1plw3aw1g=
1zn2nkh-bash-static-5.0.16", 0777) =3D 0
7605  mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16=
", "/tmp/guix-directory.EtXAVT//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-=
bash-static-5.0.16", 0xeea3b0, MS_RDONLY|MS_BIND, NULL) =3D 0
7605  mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16=
", "/tmp/guix-directory.EtXAVT//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-=
bash-static-5.0.16", 0xeea3d0, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) =3D -1 E=
PERM (Operation not permitted)
--8<---------------cut here---------------end--------------->8---

The read-only remount comes from =E2=80=98mount-file-system=E2=80=99 in (gn=
u build
file-systems):

    ;; For read-only bind mounts, an extra remount is needed, as per
    ;; <http://lwn.net/Articles/281157/>, which still applies to Linux
    ;; 4.0.
    (when (and (=3D MS_BIND (logand flags MS_BIND))
               (=3D MS_RDONLY (logand flags MS_RDONLY)))
      (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY)))
        (mount source mount-point type flags #f)))

This recipe has been working well =E2=80=9Cforever=E2=80=9D, although it=E2=
=80=99s probably
unnecessary with recent kernels (the LWN article is from 2008).

The problem may have to do with the fact that /gnu/store is an NFS
mount.  Indeed, similar commands fail on $HOME (also an NFS mount):

--8<---------------cut here---------------start------------->8---
$ mkdir t m
$ unshare -mrf
# mount --bind ./t ./m
# mount --bind -r -o remount ./t ./m
mount: /home/lcourtes/m: permission denied.
--8<---------------cut here---------------end--------------->8---

=E2=80=A6 but they succeed on /tmp (not an NFS mount):

--8<---------------cut here---------------start------------->8---
$ mkdir /tmp/t
$ mkdir /tmp/m
$ unshare -mrf
# mount --bind /tmp/{t,m}
# mount --bind -r -o remount /tmp/{t,m}
--8<---------------cut here---------------end--------------->8---

To be continued=E2=80=A6

Ludo=E2=80=99.




Acknowledgement sent to Ludovic Courtès <ludovic.courtes@HIDDEN>:
New bug report received and forwarded. Copy sent to dimitri.delabroye@HIDDEN, bug-guix@HIDDEN. Full text available.
Report forwarded to dimitri.delabroye@HIDDEN, bug-guix@HIDDEN:
bug#46292; Package guix. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Thu, 25 Feb 2021 10:45:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.