Received: (at 46292-done) by debbugs.gnu.org; 25 Feb 2021 10:43:18 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 25 05:43:18 2021
Received: from localhost ([127.0.0.1]:36757 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lFE74-0007dS-1q
for submit <at> debbugs.gnu.org; Thu, 25 Feb 2021 05:43:18 -0500
Received: from eggs.gnu.org ([209.51.188.92]:59652)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1lFE72-0007dB-T7
for 46292-done <at> debbugs.gnu.org; Thu, 25 Feb 2021 05:43:17 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:52923)
by eggs.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <ludo@HIDDEN>)
id 1lFE6w-0008NX-MQ; Thu, 25 Feb 2021 05:43:10 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=43126 helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
(Exim 4.82) (envelope-from <ludo@HIDDEN>)
id 1lFE6w-0008BH-4E; Thu, 25 Feb 2021 05:43:10 -0500
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
=?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
References: <87h7ms8658.fsf@HIDDEN>
<20210210060403.GA15175@HIDDEN> <877dn5sj14.fsf_-_@HIDDEN>
<20210218132334.GC20744@HIDDEN> <871rd8e8p2.fsf@HIDDEN>
<20210222105736.GA31789@HIDDEN> <8735xob3ua.fsf@HIDDEN>
Date: Thu, 25 Feb 2021 11:43:08 +0100
In-Reply-To: <8735xob3ua.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?=
=?utf-8?Q?s?= message of "Mon, 22 Feb 2021 14:59:41 +0100")
Message-ID: <87tuq0zav7.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46292-done
Cc: 46292-done <at> debbugs.gnu.org, Dimitri DELABROYE <dimitri.delabroye@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
Pushed as dcb640f02b1f9590c3bd4301a22bf31bd60c56d4, thanks!
Ludo=E2=80=99.
Ludovic Courtès <ludovic.courtes@HIDDEN>:Ludovic Courtès <ludo@HIDDEN>:
Received: (at 46292) by debbugs.gnu.org; 22 Feb 2021 16:44:38 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 11:44:38 2021
Received: from localhost ([127.0.0.1]:57380 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lEEK1-0002Ix-TW
for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 11:44:38 -0500
Received: from eggs.gnu.org ([209.51.188.92]:44590)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1lEEJz-0002IP-3j
for 46292 <at> debbugs.gnu.org; Mon, 22 Feb 2021 11:44:32 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:57978)
by eggs.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <ludo@HIDDEN>)
id 1lEEJs-0007K8-UJ; Mon, 22 Feb 2021 11:44:24 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39738 helo=gnu.org)
by fencepost.gnu.org with esmtpsa
(TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
(envelope-from <ludo@HIDDEN>)
id 1lEEJs-0000oc-0P; Mon, 22 Feb 2021 11:44:24 -0500
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 46292 <at> debbugs.gnu.org
Subject: [PATCH 3/3] file-systems: 'mount-file-system' preserves source flags
for bind mounts.
Date: Mon, 22 Feb 2021 17:44:13 +0100
Message-Id: <20210222164413.30996-3-ludo@HIDDEN>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <20210222164413.30996-1-ludo@HIDDEN>
References: <8735xob3ua.fsf@HIDDEN>
<20210222164413.30996-1-ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46292
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludovic.courtes@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
From: Ludovic Courtès <ludovic.courtes@HIDDEN>
Fixes <https://bugs.gnu.org/46292>.
* gnu/build/file-systems.scm (mount-file-system): If FS is a bind mount,
add its original mount flags to FLAGS.
---
gnu/build/file-systems.scm | 45 +++++++++++++++++++++++++-------------
1 file changed, 30 insertions(+), 15 deletions(-)
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index ddf6117b67..aca4aad848 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2020 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2020, 2021 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2016, 2017 David Craven <david@HIDDEN>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@HIDDEN>
;;; Copyright © 2019 Guillaume Le Vaillant <glv@HIDDEN>
@@ -909,12 +909,27 @@ corresponds to the symbols listed in FLAGS."
(if options
(string-append "," options)
"")))))
- (let ((type (file-system-type fs))
- (options (file-system-options fs))
- (source (canonicalize-device-spec (file-system-device fs)))
- (mount-point (string-append root "/"
- (file-system-mount-point fs)))
- (flags (mount-flags->bit-mask (file-system-flags fs))))
+ (let* ((type (file-system-type fs))
+ (source (canonicalize-device-spec (file-system-device fs)))
+ (target (string-append root "/"
+ (file-system-mount-point fs)))
+ (flags (logior (mount-flags->bit-mask (file-system-flags fs))
+
+ ;; For bind mounts, preserve the original flags such
+ ;; as MS_NOSUID, etc. Failing to do that, the
+ ;; MS_REMOUNT call below fails with EPERM.
+ ;; See <https://bugs.gnu.org/46292>
+ (if (memq 'bind-mount (file-system-flags fs))
+ (or (and=> (find (let ((devno (stat:dev
+ (lstat source))))
+ (lambda (mount)
+ (= (mount-device-number mount)
+ devno)))
+ (mounts))
+ mount-flags)
+ 0)
+ 0)))
+ (options (file-system-options fs)))
(when (file-system-check? fs)
(check-file-system source type))
@@ -925,24 +940,24 @@ corresponds to the symbols listed in FLAGS."
;; needed.
(if (and (= MS_BIND (logand flags MS_BIND))
(not (file-is-directory? source)))
- (unless (file-exists? mount-point)
- (mkdir-p (dirname mount-point))
- (call-with-output-file mount-point (const #t)))
- (mkdir-p mount-point))
+ (unless (file-exists? target)
+ (mkdir-p (dirname target))
+ (call-with-output-file target (const #t)))
+ (mkdir-p target))
(cond
((string-prefix? "nfs" type)
- (mount-nfs source mount-point type flags options))
+ (mount-nfs source target type flags options))
(else
- (mount source mount-point type flags options)))
+ (mount source target type flags options)))
;; For read-only bind mounts, an extra remount is needed, as per
;; <http://lwn.net/Articles/281157/>, which still applies to Linux
;; 4.0.
(when (and (= MS_BIND (logand flags MS_BIND))
(= MS_RDONLY (logand flags MS_RDONLY)))
- (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY)))
- (mount source mount-point type flags #f))))
+ (let ((flags (logior MS_REMOUNT flags)))
+ (mount source target type flags options))))
(lambda args
(or (file-system-mount-may-fail? fs)
(apply throw args))))))
--
2.30.0
bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.
Received: (at 46292) by debbugs.gnu.org; 22 Feb 2021 16:44:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 11:44:33 2021
Received: from localhost ([127.0.0.1]:57378 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lEEK1-0002Ip-9J
for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 11:44:33 -0500
Received: from eggs.gnu.org ([209.51.188.92]:44582)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1lEEJy-0002IN-By
for 46292 <at> debbugs.gnu.org; Mon, 22 Feb 2021 11:44:31 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:57977)
by eggs.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <ludo@HIDDEN>)
id 1lEEJr-0007K0-Mg; Mon, 22 Feb 2021 11:44:24 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39738 helo=gnu.org)
by fencepost.gnu.org with esmtpsa
(TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
(envelope-from <ludo@HIDDEN>)
id 1lEEJr-0000oc-8a; Mon, 22 Feb 2021 11:44:23 -0500
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 46292 <at> debbugs.gnu.org
Subject: [PATCH 2/3] syscalls: Add 'mounts' and the <mount> record type.
Date: Mon, 22 Feb 2021 17:44:12 +0100
Message-Id: <20210222164413.30996-2-ludo@HIDDEN>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <20210222164413.30996-1-ludo@HIDDEN>
References: <8735xob3ua.fsf@HIDDEN>
<20210222164413.30996-1-ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46292
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
* guix/build/syscalls.scm (<mount>): New record type.
(option-string->mount-flags, mount-flags)
(octal-decode, mounts): New procedures.
(mount-points): Rewrite in terms of 'mount'.
* tests/syscalls.scm ("mounts"): New test.
---
guix/build/syscalls.scm | 112 +++++++++++++++++++++++++++++++++++++---
tests/syscalls.scm | 16 +++++-
2 files changed, 121 insertions(+), 7 deletions(-)
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index b19a7a271b..552343a481 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2015 David Thompson <davet@HIDDEN>
;;; Copyright © 2015 Mark H Weaver <mhw@HIDDEN>
;;; Copyright © 2017 Mathieu Othacehe <m.othacehe@HIDDEN>
@@ -54,7 +54,18 @@
UMOUNT_NOFOLLOW
restart-on-EINTR
+
+ mount?
+ mount-device-number
+ mount-source
+ mount-point
+ mount-type
+ mount-options
+ mount-flags
+
+ mounts
mount-points
+
swapon
swapoff
@@ -521,17 +532,106 @@ constants from <sys/mount.h>."
(when update-mtab?
(remove-from-mtab target)))))
-(define (mount-points)
- "Return the mounts points for currently mounted file systems."
- (call-with-input-file "/proc/mounts"
+;; Mount point information.
+(define-record-type <mount>
+ (%mount source point devno type options)
+ mount?
+ (devno mount-device-number) ;st_dev
+ (source mount-source) ;string
+ (point mount-point) ;string
+ (type mount-type) ;string
+ (options mount-options)) ;string
+
+(define (option-string->mount-flags str)
+ "Parse the \"option string\" STR as it appears in /proc/mounts and similar,
+and return two values: a mount bitmask (inclusive or of MS_* constants), and
+the remaining unprocessed options."
+ ;; Why do we need to do this? Because mount flags and mount options are
+ ;; often lumped together; this is the case in /proc/mounts & co., so we need
+ ;; to extract the bits that actually correspond to mount flags.
+
+ (define not-comma
+ (char-set-complement (char-set #\,)))
+
+ (define lst
+ (string-tokenize str not-comma))
+
+ (let loop ((options lst)
+ (mask 0)
+ (remainder '()))
+ (match options
+ (()
+ (values mask (string-concatenate-reverse remainder)))
+ ((head . tail)
+ (letrec-syntax ((match-options (syntax-rules (=>)
+ ((_)
+ (loop tail mask
+ (cons head remainder)))
+ ((_ (str => bit) rest ...)
+ (if (string=? str head)
+ (loop tail (logior bit mask)
+ remainder)
+ (match-options rest ...))))))
+ (match-options ("rw" => 0)
+ ("ro" => MS_RDONLY)
+ ("nosuid" => MS_NOSUID)
+ ("nodev" => MS_NODEV)
+ ("noexec" => MS_NOEXEC)
+ ("relatime" => MS_RELATIME)
+ ("noatime" => MS_NOATIME)))))))
+
+(define (mount-flags mount)
+ "Return the mount flags of MOUNT, a <mount> record, as an inclusive or of
+MS_* constants."
+ (option-string->mount-flags (mount-options mount)))
+
+(define (octal-decode str)
+ "Decode octal escapes from STR and return the corresponding string. STR may
+look like this: \"white\\040space\", which is decoded as \"white space\"."
+ (define char-set:octal
+ (char-set #\0 #\1 #\2 #\3 #\4 #\5 #\6 #\7))
+ (define (octal? c)
+ (char-set-contains? char-set:octal c))
+
+ (let loop ((chars (string->list str))
+ (result '()))
+ (match chars
+ (()
+ (list->string (reverse result)))
+ ((#\\ (? octal? a) (? octal? b) (? octal? c) . rest)
+ (loop rest
+ (cons (integer->char
+ (string->number (list->string (list a b c)) 8))
+ result)))
+ ((head . tail)
+ (loop tail (cons head result))))))
+
+(define (mounts)
+ "Return the list of mounts (<mount> records) visible in the namespace of the
+current process."
+ (define (string->device-number str)
+ (match (string-split str #\:)
+ (((= string->number major) (= string->number minor))
+ (+ (* major 256) minor))))
+
+ (call-with-input-file "/proc/self/mountinfo"
(lambda (port)
(let loop ((result '()))
(let ((line (read-line port)))
(if (eof-object? line)
(reverse result)
(match (string-tokenize line)
- ((source mount-point _ ...)
- (loop (cons mount-point result))))))))))
+ ((id parent-id major:minor root mount-point
+ options _ type source _ ...)
+ (let ((devno (string->device-number major:minor)))
+ (loop (cons (%mount (octal-decode source)
+ (octal-decode mount-point)
+ devno type options)
+ result)))))))))))
+
+(define (mount-points)
+ "Return the mounts points for currently mounted file systems."
+ (map mount-point (mounts)))
(define swapon
(let ((proc (syscall->procedure int "swapon" (list '* int))))
diff --git a/tests/syscalls.scm b/tests/syscalls.scm
index 09aa228e8e..706dd4177f 100644
--- a/tests/syscalls.scm
+++ b/tests/syscalls.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2014, 2015, 2016, 2017, 2018, 2019, 2020, 2021 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2015 David Thompson <davet@HIDDEN>
;;; Copyright © 2020 Simon South <simon@HIDDEN>
;;; Copyright © 2020 Mathieu Othacehe <m.othacehe@HIDDEN>
@@ -56,6 +56,20 @@
;; Both return values have been encountered in the wild.
(memv (system-error-errno args) (list EPERM ENOENT)))))
+(test-assert "mounts"
+ ;; Check for one of the common mount points.
+ (let ((mounts (mounts)))
+ (any (match-lambda
+ ((point . type)
+ (let ((mount (find (lambda (mount)
+ (string=? (mount-point mount) point))
+ mounts)))
+ (and mount
+ (string=? (mount-type mount) type)))))
+ '(("/proc" . "proc")
+ ("/sys" . "sysfs")
+ ("/dev/shm" . "tmpfs")))))
+
(test-assert "mount-points"
;; Reportedly "/" is not always listed as a mount point, so check a few
;; others (see <http://bugs.gnu.org/20261>.)
--
2.30.0
bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.
Received: (at 46292) by debbugs.gnu.org; 22 Feb 2021 16:44:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 11:44:33 2021
Received: from localhost ([127.0.0.1]:57376 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lEEK1-0002In-1q
for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 11:44:33 -0500
Received: from eggs.gnu.org ([209.51.188.92]:44578)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1lEEJy-0002IM-Bb
for 46292 <at> debbugs.gnu.org; Mon, 22 Feb 2021 11:44:31 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:57976)
by eggs.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <ludo@HIDDEN>)
id 1lEEJq-0007Jx-WB; Mon, 22 Feb 2021 11:44:24 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=39738 helo=gnu.org)
by fencepost.gnu.org with esmtpsa
(TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82)
(envelope-from <ludo@HIDDEN>)
id 1lEEJq-0000oc-Gl; Mon, 22 Feb 2021 11:44:22 -0500
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 46292 <at> debbugs.gnu.org
Subject: [PATCH 1/3] syscalls: Define MS_RELATIME.
Date: Mon, 22 Feb 2021 17:44:11 +0100
Message-Id: <20210222164413.30996-1-ludo@HIDDEN>
X-Mailer: git-send-email 2.30.0
In-Reply-To: <8735xob3ua.fsf@HIDDEN>
References: <8735xob3ua.fsf@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46292
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
* guix/build/syscalls.scm (MS_RELATIME): New variable.
---
guix/build/syscalls.scm | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 85c1c45f81..b19a7a271b 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -43,9 +43,10 @@
MS_NOEXEC
MS_REMOUNT
MS_NOATIME
+ MS_STRICTATIME
+ MS_RELATIME
MS_BIND
MS_MOVE
- MS_STRICTATIME
MS_LAZYTIME
MNT_FORCE
MNT_DETACH
@@ -466,6 +467,7 @@ the returned procedure is called."
(define MS_NOATIME 1024)
(define MS_BIND 4096)
(define MS_MOVE 8192)
+(define MS_RELATIME 2097152)
(define MS_STRICTATIME 16777216)
(define MS_LAZYTIME 33554432)
--
2.30.0
bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.
Received: (at 46292) by debbugs.gnu.org; 22 Feb 2021 13:59:54 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 08:59:54 2021
Received: from localhost ([127.0.0.1]:56027 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lEBkc-0008AR-I6
for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 08:59:54 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:54182)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1lEBka-0008AC-Pr
for 46292 <at> debbugs.gnu.org; Mon, 22 Feb 2021 08:59:49 -0500
X-IronPort-AV: E=Sophos;i="5.81,197,1610406000"; d="scan'208";a="373771688"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
by mail3-relais-sop.national.inria.fr with
ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 22 Feb 2021 14:59:42 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
=?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
References: <87h7ms8658.fsf@HIDDEN>
<20210210060403.GA15175@HIDDEN> <877dn5sj14.fsf_-_@HIDDEN>
<20210218132334.GC20744@HIDDEN> <871rd8e8p2.fsf@HIDDEN>
<20210222105736.GA31789@HIDDEN>
Date: Mon, 22 Feb 2021 14:59:41 +0100
In-Reply-To: <20210222105736.GA31789@HIDDEN> (Lucas Nussbaum's
message of "Mon, 22 Feb 2021 11:57:36 +0100")
Message-ID: <8735xob3ua.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
Cc: 46292 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi,
Lucas Nussbaum <lucas.nussbaum@HIDDEN> skribis:
>>From strace:
> mount("/tmp/t", "/tmp/m", 0x55e75bf38cb0, MS_RDONLY|MS_NOSUID|MS_REMOUNT|=
MS_BIND, NULL) =3D 0
>
> MS_NOSUID is missing from mountflags in your invocation. Apparently data
> can be NULL.
Ooooh, got it. It=E2=80=99s another instance of the mount flag vs. option
confusion (/proc/mounts & co. lump flags and options together in one
string).
The attached patch solves that. I=E2=80=99ll polish it and push soon.
Thank you!
Ludo=E2=80=99.
--=-=-=
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index ddf6117b67..527c51cea0 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright =C2=A9 2014, 2015, 2016, 2017, 2018, 2020 Ludovic Court=C3=
=A8s <ludo@HIDDEN>
+;;; Copyright =C2=A9 2014, 2015, 2016, 2017, 2018, 2020, 2021 Ludovic Cour=
t=C3=A8s <ludo@HIDDEN>
;;; Copyright =C2=A9 2016, 2017 David Craven <david@HIDDEN>
;;; Copyright =C2=A9 2017 Mathieu Othacehe <m.othacehe@HIDDEN>
;;; Copyright =C2=A9 2019 Guillaume Le Vaillant <glv@HIDDEN>
@@ -36,6 +36,7 @@
#:use-module (system foreign)
#:autoload (system repl repl) (start-repl)
#:use-module (srfi srfi-1)
+ #:use-module (srfi srfi-9)
#:use-module (srfi srfi-26)
#:export (disk-partitions
partition-label-predicate
@@ -886,6 +887,98 @@ corresponds to the symbols listed in FLAGS."
(()
0))))
=20
+;; Mount point information.
+(define-record-type <mount>
+ (%mount source point devno type options)
+ mount?
+ (devno mount-device-number) ;st_dev
+ (source mount-source) ;string
+ (point mount-point) ;string
+ (type mount-type) ;string
+ (options mount-options)) ;string
+
+(define (option-string->mount-flags str)
+ "Parse the \"option string\" STR as it appears in /proc/mounts and simil=
ar,
+and return two values: a mount bitmask (inclusive or of MS_* constants), a=
nd
+the remaining unprocessed options."
+ (define not-comma
+ (char-set-complement (char-set #\,)))
+
+ (define lst
+ (string-tokenize str not-comma))
+
+ (let loop ((options lst)
+ (mask 0)
+ (remainder '()))
+ (match options
+ (()
+ (values mask (string-concatenate-reverse remainder)))
+ ((head . tail)
+ (letrec-syntax ((match-options (syntax-rules (=3D>)
+ ((_)
+ (loop tail mask
+ (cons head remainder)))
+ ((_ (str =3D> bit) rest ...)
+ (if (string=3D? str head)
+ (loop tail (logior bit mask)
+ remainder)
+ (match-options rest ...))))))
+ ;; TODO: Add MS_RELATIME and more flags.
+ (match-options ("ro" =3D> MS_RDONLY)
+ ("nosuid" =3D> MS_NOSUID)
+ ("nodev" =3D> MS_NODEV)
+ ("noexec" =3D> MS_NOEXEC)
+ ("noatime" =3D> MS_NOATIME)))))))
+
+(define (mount-flags mount)
+ "Return the mount flags of MOUNT, a <mount> record, as an inclusive or of
+MS_* constants."
+ (option-string->mount-flags (mount-options mount)))
+
+(define (octal-decode str)
+ "Decode octal escapes from STR and return the corresponding string. STR=
may
+look like this: \"white\\040space\", which is decoded as \"white space\"."
+ (define char-set:octal
+ (char-set #\0 #\1 #\2 #\3 #\4 #\5 #\6 #\7))
+ (define (octal? c)
+ (char-set-contains? char-set:octal c))
+
+ (let loop ((chars (string->list str))
+ (result '()))
+ (match chars
+ (()
+ (list->string (reverse result)))
+ ((#\\ (? octal? a) (? octal? b) (? octal? c) . rest)
+ (loop rest
+ (cons (integer->char
+ (string->number (list->string (list a b c)) 8))
+ result)))
+ ((head . tail)
+ (loop tail (cons head result))))))
+
+(define (mounts)
+ "Return the list of mounts (<mount> records) visible in the namespace of=
the
+current process."
+ (define (string->device-number str)
+ (match (string-split str #\:)
+ (((=3D string->number major) (=3D string->number minor))
+ (+ (* major 256) minor))))
+
+ (call-with-input-file "/proc/self/mountinfo"
+ (lambda (port)
+ (let loop ((result '()))
+ (let ((line (read-line port)))
+ (if (eof-object? line)
+ (reverse result)
+ (match (string-tokenize line)
+ ((id parent-id major:minor root mount-point
+ options _ type source _ ...)
+ (let ((devno (string->device-number major:minor)))
+ (loop (cons (%mount (octal-decode source)
+ (octal-decode mount-point)
+ devno type options)
+ result)))))))))))
+
(define* (mount-file-system fs #:key (root "/root"))
"Mount the file system described by FS, a <file-system> object, under RO=
OT."
=20
@@ -894,8 +987,8 @@ corresponds to the symbols listed in FLAGS."
(host-part (string-take source idx))
;; Strip [] from around host if present
(host (match (string-split host-part (string->char-set "[]"))
- (("" h "") h)
- ((h) h)))
+ (("" h "") h)
+ ((h) h)))
(aa (match (getaddrinfo host "nfs") ((x . _) x)))
(sa (addrinfo:addr aa))
(inet-addr (inet-ntop (sockaddr:fam sa)
@@ -909,12 +1002,22 @@ corresponds to the symbols listed in FLAGS."
(if options
(string-append "," options)
"")))))
- (let ((type (file-system-type fs))
- (options (file-system-options fs))
- (source (canonicalize-device-spec (file-system-device fs)))
- (mount-point (string-append root "/"
- (file-system-mount-point fs)))
- (flags (mount-flags->bit-mask (file-system-flags fs))))
+ (let* ((type (file-system-type fs))
+ (source (canonicalize-device-spec (file-system-device fs)))
+ (target (string-append root "/"
+ (file-system-mount-point fs)))
+ (flags (logior (mount-flags->bit-mask (file-system-flags fs))
+ (if (memq 'bind-mount (file-system-flags fs))
+ (or (and=3D> (find (let ((devno (stat:dev
+ (lstat source=
))))
+ (lambda (mount)
+ (=3D (mount-device-numb=
er mount)
+ devno)))
+ (mounts))
+ mount-flags)
+ 0)
+ 0)))
+ (options (file-system-options fs)))
(when (file-system-check? fs)
(check-file-system source type))
=20
@@ -925,24 +1028,24 @@ corresponds to the symbols listed in FLAGS."
;; needed.
(if (and (=3D MS_BIND (logand flags MS_BIND))
(not (file-is-directory? source)))
- (unless (file-exists? mount-point)
- (mkdir-p (dirname mount-point))
- (call-with-output-file mount-point (const #t)))
- (mkdir-p mount-point))
+ (unless (file-exists? target)
+ (mkdir-p (dirname target))
+ (call-with-output-file target (const #t)))
+ (mkdir-p target))
=20
(cond
((string-prefix? "nfs" type)
- (mount-nfs source mount-point type flags options))
+ (mount-nfs source target type flags options))
(else
- (mount source mount-point type flags options)))
+ (mount source target type flags options)))
=20
;; For read-only bind mounts, an extra remount is needed, as per
;; <http://lwn.net/Articles/281157/>, which still applies to Linux
;; 4.0.
(when (and (=3D MS_BIND (logand flags MS_BIND))
(=3D MS_RDONLY (logand flags MS_RDONLY)))
- (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY)))
- (mount source mount-point type flags #f))))
+ (let ((flags (logior MS_REMOUNT flags)))
+ (mount source target type flags options))))
(lambda args
(or (file-system-mount-may-fail? fs)
(apply throw args))))))
--=-=-=--
bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.
Received: (at 46292) by debbugs.gnu.org; 22 Feb 2021 10:57:48 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 05:57:48 2021
Received: from localhost ([127.0.0.1]:55786 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lE8uS-0007pt-9V
for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 05:57:48 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:10454)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <lucas.nussbaum@HIDDEN>) id 1lE8uQ-0007pf-0f
for 46292 <at> debbugs.gnu.org; Mon, 22 Feb 2021 05:57:47 -0500
X-IronPort-AV: E=Sophos;i="5.81,197,1610406000"; d="scan'208";a="373751926"
Received: from xanadu.blop.info ([178.79.145.134])
by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
22 Feb 2021 11:57:39 +0100
Date: Mon, 22 Feb 2021 11:57:36 +0100
From: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@HIDDEN>
Subject: Re: bug#46292: =?utf-8?B?4oCYZ3VpeCBlbnZp?=
=?utf-8?Q?ronment_-C=E2=80=99?= fails with Linux 4.19 (Debian)
Message-ID: <20210222105736.GA31789@HIDDEN>
References: <87h7ms8658.fsf@HIDDEN> <20210210060403.GA15175@HIDDEN>
<877dn5sj14.fsf_-_@HIDDEN>
<20210218132334.GC20744@HIDDEN> <871rd8e8p2.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <871rd8e8p2.fsf@HIDDEN>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
Cc: 46292 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
On 22/02/21 at 10:46 +0100, Ludovic Courtès wrote:
> Hi Lucas,
>
> Lucas Nussbaum <lucas.nussbaum@HIDDEN> skribis:
>
> > On 18/02/21 at 12:38 +0100, Ludovic Courtès wrote:
>
> [...]
>
> >> I tried grabbing mount options from there and reapplying them to the
> >> MS_REMOUNT call (patch below). However, that still doesn’t work:
> >>
> >> --8<---------------cut here---------------start------------->8---
> >> 14273 mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16", "/tmp/guix-directory.Plgkgt//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16", 0x236a4b0, MS_RDONLY|MS_REMOUNT|MS_BIND, "rw,nosuid,nodev,relatime") = -1 EPERM (Operation not permitted)
> >> --8<---------------cut here---------------end--------------->8---
> >
> > That's strange: it worked in my manual tests.
>
> I investigated some more and can’t get it to work. Do you happen to
> have a working invocation or C snippet?
Here is an example:
root@grisou-48:/tmp# mkdir t m
without nosuid:
root@grisou-48:/tmp# unshare -mrf
mesg: cannot open /dev/pts/0: Permission denied
root@grisou-48:/tmp# mount --bind t m
root@grisou-48:/tmp# mount --bind -r -o remount ./t ./m
root@grisou-48:/tmp# logout
now remount with nosuid:
root@grisou-48:/tmp# mount -o remount,nosuid /tmp
root@grisou-48:/tmp# mount |grep /tmp
/dev/sda5 on /tmp type ext4 (rw,nosuid,relatime)
and try again:
root@grisou-48:/tmp# unshare -mrf
mesg: cannot open /dev/pts/0: Permission denied
root@grisou-48:/tmp# mount --bind t m
root@grisou-48:/tmp# mount |grep /tmp
/dev/sda5 on /tmp type ext4 (rw,nosuid,relatime)
/dev/sda5 on /tmp/m type ext4 (rw,nosuid,relatime)
root@grisou-48:/tmp# mount --bind -r -o remount ./t ./m
mount: /tmp/m: permission denied.
^ that's expected
but it works when specifying nosuid:
root@grisou-48:/tmp# mount --bind -r -o remount,nosuid ./t ./m
root@grisou-48:/tmp#
From strace:
mount("/tmp/t", "/tmp/m", 0x55e75bf38cb0, MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_BIND, NULL) = 0
MS_NOSUID is missing from mountflags in your invocation. Apparently data
can be NULL.
--
Lucas Nussbaum <lucas.nussbaum@HIDDEN> +33 3 54 95 86 19
Responsable du programme plateformes d'expérimentation
DDO-SDT - Direction Générale Déléguée à l'Innovation - Inria
bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.
Received: (at 46292) by debbugs.gnu.org; 22 Feb 2021 09:46:44 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon Feb 22 04:46:44 2021
Received: from localhost ([127.0.0.1]:55667 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lE7nf-00064a-VE
for submit <at> debbugs.gnu.org; Mon, 22 Feb 2021 04:46:44 -0500
Received: from eggs.gnu.org ([209.51.188.92]:50734)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1lE7nd-00064M-Vc
for 46292 <at> debbugs.gnu.org; Mon, 22 Feb 2021 04:46:42 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e]:51420)
by eggs.gnu.org with esmtp (Exim 4.90_1)
(envelope-from <ludo@HIDDEN>)
id 1lE7nY-0000bX-1F; Mon, 22 Feb 2021 04:46:36 -0500
Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=42332 helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256)
(Exim 4.82) (envelope-from <ludo@HIDDEN>)
id 1lE7nW-000154-TM; Mon, 22 Feb 2021 04:46:35 -0500
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
=?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
References: <87h7ms8658.fsf@HIDDEN>
<20210210060403.GA15175@HIDDEN> <877dn5sj14.fsf_-_@HIDDEN>
<20210218132334.GC20744@HIDDEN>
Date: Mon, 22 Feb 2021 10:46:33 +0100
In-Reply-To: <20210218132334.GC20744@HIDDEN> (Lucas Nussbaum's
message of "Thu, 18 Feb 2021 14:23:34 +0100")
Message-ID: <871rd8e8p2.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-Debbugs-Envelope-To: 46292
Cc: 46292 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)
Hi Lucas,
Lucas Nussbaum <lucas.nussbaum@HIDDEN> skribis:
> On 18/02/21 at 12:38 +0100, Ludovic Court=C3=A8s wrote:
[...]
>> I tried grabbing mount options from there and reapplying them to the
>> MS_REMOUNT call (patch below). However, that still doesn=E2=80=99t work:
>>=20
>> --8<---------------cut here---------------start------------->8---
>> 14273 mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0=
.16", "/tmp/guix-directory.Plgkgt//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2n=
kh-bash-static-5.0.16", 0x236a4b0, MS_RDONLY|MS_REMOUNT|MS_BIND, "rw,nosuid=
,nodev,relatime") =3D -1 EPERM (Operation not permitted)
>> --8<---------------cut here---------------end--------------->8---
>
> That's strange: it worked in my manual tests.
I investigated some more and can=E2=80=99t get it to work. Do you happen to
have a working invocation or C snippet?
Thanks,
Ludo=E2=80=99.
bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.
Received: (at 46292) by debbugs.gnu.org; 18 Feb 2021 15:09:43 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 18 10:09:43 2021
Received: from localhost ([127.0.0.1]:47704 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lCkw3-0000qh-Aw
for submit <at> debbugs.gnu.org; Thu, 18 Feb 2021 10:09:43 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:54010)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <lucas.nussbaum@HIDDEN>) id 1lCjU2-0006gz-P5
for 46292 <at> debbugs.gnu.org; Thu, 18 Feb 2021 08:36:43 -0500
X-IronPort-AV: E=Sophos;i="5.81,187,1610406000"; d="scan'208";a="373444665"
Received: from xanadu.blop.info ([178.79.145.134])
by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
18 Feb 2021 14:36:10 +0100
Date: Thu, 18 Feb 2021 14:23:34 +0100
From: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludovic.courtes@HIDDEN>
Subject: Re: bug#46292: =?utf-8?B?4oCYZ3VpeCBlbnZp?=
=?utf-8?Q?ronment_-C=E2=80=99?= fails with Linux 4.19 (Debian)
Message-ID: <20210218132334.GC20744@HIDDEN>
References: <87h7ms8658.fsf@HIDDEN> <20210210060403.GA15175@HIDDEN>
<877dn5sj14.fsf_-_@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <877dn5sj14.fsf_-_@HIDDEN>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
X-Mailman-Approved-At: Thu, 18 Feb 2021 10:09:41 -0500
Cc: 46292 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi Ludovic,
On 18/02/21 at 12:38 +0100, Ludovic Courtès wrote:
> Hi Lucas,
>
> Lucas Nussbaum <lucas.nussbaum@HIDDEN> skribis:
>
> > This is not due to NFS, but due to the fact that the NFS mount is
> > mounted nosuid (and nodev, probably). I can reproduce it on a local
> > filesystem mounted nosuid.
> >
> > It seems that, when remounting a bind mount which is originally nosuid
> > inside a mount ns, you need to specify explicitely the nosuid option, or
> > else can_change_locked_flags()[1] will return false.
> >
> > [1] https://github.com/torvalds/linux/blame/master/fs/namespace.c#L2480
> >
> > There's a concept of "locked mount flags" that cannot be cleared by a
> > less privileged user (see [2]). Our call to 'mount -o remount' ignores the
> > fact that the filesystem is mounted nosuid (and does not include this
> > flag), so the remount call tries to remove nosuid, and fails.
> >
> > [2] https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705
>
> Ooh, thanks for investigating!
>
> > This probably needs to be fixed in Guix by fetching the current mount
> > flags and including them in the bind+remount+readonly call.
> > Unfortunately I did not find an easy way to convert mount flags in
> > /proc/$$/mountinfo to flags for the mount syscall...
>
> I tried grabbing mount options from there and reapplying them to the
> MS_REMOUNT call (patch below). However, that still doesn’t work:
>
> --8<---------------cut here---------------start------------->8---
> 14273 mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16", "/tmp/guix-directory.Plgkgt//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16", 0x236a4b0, MS_RDONLY|MS_REMOUNT|MS_BIND, "rw,nosuid,nodev,relatime") = -1 EPERM (Operation not permitted)
> --8<---------------cut here---------------end--------------->8---
That's strange: it worked in my manual tests.
> Interestingly, the ‘mount’ command does not attempt to re-apply the
> original mount options (“nosuid” & co.):
>
> --8<---------------cut here---------------start------------->8---
> # strace -e mount mount --bind -o ro t m
> mount("/home/lcourtes/t", "/home/lcourtes/m", 0x564dde270cb0, MS_RDONLY|MS_BIND, NULL) = 0
> mount("none", "/home/lcourtes/m", NULL, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) = -1 EPERM (Operation not permitted)
> mount: /home/lcourtes/m: filesystem was mounted, but any subsequent operation failed: Unknown error 5005.
> +++ exited with 32 +++
> # mount --version
> mount from util-linux 2.33.1 (libmount 2.33.1: selinux, smack, btrfs, namespaces, assert, debug)
> --8<---------------cut here---------------end--------------->8---
>
> To be continued…
I think that's something I also initially misunderstood as well: mount
-o remount,<flags> essentially means: remount the filesystem with a
fresh set of flags. The set of flags previously configured is completely
ignored.
Lucas
bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.
Received: (at 46292) by debbugs.gnu.org; 18 Feb 2021 11:38:30 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 18 06:38:30 2021
Received: from localhost ([127.0.0.1]:46222 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lChdb-0005vD-6b
for submit <at> debbugs.gnu.org; Thu, 18 Feb 2021 06:38:30 -0500
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:9561)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1lChdV-0005ux-Ni
for 46292 <at> debbugs.gnu.org; Thu, 18 Feb 2021 06:38:25 -0500
X-IronPort-AV: E=Sophos;i="5.81,187,1610406000"; d="scan'208";a="493658513"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
by mail2-relais-roc.national.inria.fr with
ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Feb 2021 12:38:15 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: Lucas Nussbaum <lucas.nussbaum@HIDDEN>
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
=?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
References: <87h7ms8658.fsf@HIDDEN> <20210210060403.GA15175@HIDDEN>
Date: Thu, 18 Feb 2021 12:38:15 +0100
In-Reply-To: <20210210060403.GA15175@HIDDEN> (Lucas Nussbaum's
message of "Wed, 10 Feb 2021 07:04:03 +0100")
Message-ID: <877dn5sj14.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
Cc: 46292 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi Lucas,
Lucas Nussbaum <lucas.nussbaum@HIDDEN> skribis:
> This is not due to NFS, but due to the fact that the NFS mount is
> mounted nosuid (and nodev, probably). I can reproduce it on a local
> filesystem mounted nosuid.
>
> It seems that, when remounting a bind mount which is originally nosuid
> inside a mount ns, you need to specify explicitely the nosuid option, or
> else can_change_locked_flags()[1] will return false.
>
> [1] https://github.com/torvalds/linux/blame/master/fs/namespace.c#L2480
>
> There's a concept of "locked mount flags" that cannot be cleared by a
> less privileged user (see [2]). Our call to 'mount -o remount' ignores the
> fact that the filesystem is mounted nosuid (and does not include this
> flag), so the remount call tries to remove nosuid, and fails.
>
> [2] https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cb=
b878dad75705
Ooh, thanks for investigating!
> This probably needs to be fixed in Guix by fetching the current mount
> flags and including them in the bind+remount+readonly call.
> Unfortunately I did not find an easy way to convert mount flags in
> /proc/$$/mountinfo to flags for the mount syscall...
I tried grabbing mount options from there and reapplying them to the
MS_REMOUNT call (patch below). However, that still doesn=E2=80=99t work:
--8<---------------cut here---------------start------------->8---
14273 mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16=
", "/tmp/guix-directory.Plgkgt//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-=
bash-static-5.0.16", 0x236a4b0, MS_RDONLY|MS_REMOUNT|MS_BIND, "rw,nosuid,no=
dev,relatime") =3D -1 EPERM (Operation not permitted)
--8<---------------cut here---------------end--------------->8---
Interestingly, the =E2=80=98mount=E2=80=99 command does not attempt to re-a=
pply the
original mount options (=E2=80=9Cnosuid=E2=80=9D & co.):
--8<---------------cut here---------------start------------->8---
# strace -e mount mount --bind -o ro t m
mount("/home/lcourtes/t", "/home/lcourtes/m", 0x564dde270cb0, MS_RDONLY|MS_=
BIND, NULL) =3D 0
mount("none", "/home/lcourtes/m", NULL, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL)=
=3D -1 EPERM (Operation not permitted)
mount: /home/lcourtes/m: filesystem was mounted, but any subsequent operati=
on failed: Unknown error 5005.
+++ exited with 32 +++
# mount --version
mount from util-linux 2.33.1 (libmount 2.33.1: selinux, smack, btrfs, names=
paces, assert, debug)
--8<---------------cut here---------------end--------------->8---
To be continued=E2=80=A6
Ludo=E2=80=99.
--=-=-=
Content-Type: text/x-patch; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index ddf6117b67..4ecb58c8ea 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright =C2=A9 2014, 2015, 2016, 2017, 2018, 2020 Ludovic Court=C3=
=A8s <ludo@HIDDEN>
+;;; Copyright =C2=A9 2014, 2015, 2016, 2017, 2018, 2020, 2021 Ludovic Cour=
t=C3=A8s <ludo@HIDDEN>
;;; Copyright =C2=A9 2016, 2017 David Craven <david@HIDDEN>
;;; Copyright =C2=A9 2017 Mathieu Othacehe <m.othacehe@HIDDEN>
;;; Copyright =C2=A9 2019 Guillaume Le Vaillant <glv@HIDDEN>
@@ -36,6 +36,7 @@
#:use-module (system foreign)
#:autoload (system repl repl) (start-repl)
#:use-module (srfi srfi-1)
+ #:use-module (srfi srfi-9)
#:use-module (srfi srfi-26)
#:export (disk-partitions
partition-label-predicate
@@ -886,6 +887,59 @@ corresponds to the symbols listed in FLAGS."
(()
0))))
=20
+(define-record-type <mount>
+ (%mount source point devno type options)
+ mount?
+ (devno mount-device-number) ;st_dev
+ (source mount-source)
+ (point mount-point)
+ (type mount-type)
+ (options mount-options))
+
+(define (octal-decode str)
+ "Decode octal escapes from STR and return the corresponding string. STR=
may
+look like this: \"white\\040space\", which is decoded as \"white space\"."
+ (define char-set:octal
+ (char-set #\0 #\1 #\2 #\3 #\4 #\5 #\6 #\7))
+ (define (octal? c)
+ (char-set-contains? char-set:octal c))
+
+ (let loop ((chars (string->list str))
+ (result '()))
+ (match chars
+ (()
+ (list->string (reverse result)))
+ ((#\\ (? octal? a) (? octal? b) (? octal? c) . rest)
+ (loop rest
+ (cons (integer->char
+ (string->number (list->string (list a b c)) 8))
+ result)))
+ ((head . tail)
+ (loop tail (cons head result))))))
+
+(define (string->device-number str)
+ (match (string-split str #\:)
+ (((=3D string->number major) (=3D string->number minor))
+ (+ (* major 256) minor))))
+
+(define (mounts)
+ "Return the list of mounts (<mount> records) visible in the namespace of=
the
+current process."
+ (call-with-input-file "/proc/self/mountinfo"
+ (lambda (port)
+ (let loop ((result '()))
+ (let ((line (read-line port)))
+ (if (eof-object? line)
+ (reverse result)
+ (match (string-tokenize line)
+ ((id parent-id major:minor root mount-point
+ options _ _ type source _ ...)
+ (let ((devno (string->device-number major:minor)))
+ (loop (cons (%mount (octal-decode source)
+ (octal-decode mount-point)
+ devno type options)
+ result)))))))))))
+
(define* (mount-file-system fs #:key (root "/root"))
"Mount the file system described by FS, a <file-system> object, under RO=
OT."
=20
@@ -894,8 +948,8 @@ corresponds to the symbols listed in FLAGS."
(host-part (string-take source idx))
;; Strip [] from around host if present
(host (match (string-split host-part (string->char-set "[]"))
- (("" h "") h)
- ((h) h)))
+ (("" h "") h)
+ ((h) h)))
(aa (match (getaddrinfo host "nfs") ((x . _) x)))
(sa (addrinfo:addr aa))
(inet-addr (inet-ntop (sockaddr:fam sa)
@@ -912,7 +966,7 @@ corresponds to the symbols listed in FLAGS."
(let ((type (file-system-type fs))
(options (file-system-options fs))
(source (canonicalize-device-spec (file-system-device fs)))
- (mount-point (string-append root "/"
+ (target (string-append root "/"
(file-system-mount-point fs)))
(flags (mount-flags->bit-mask (file-system-flags fs))))
(when (file-system-check? fs)
@@ -925,24 +979,30 @@ corresponds to the symbols listed in FLAGS."
;; needed.
(if (and (=3D MS_BIND (logand flags MS_BIND))
(not (file-is-directory? source)))
- (unless (file-exists? mount-point)
- (mkdir-p (dirname mount-point))
- (call-with-output-file mount-point (const #t)))
- (mkdir-p mount-point))
+ (unless (file-exists? target)
+ (mkdir-p (dirname target))
+ (call-with-output-file target (const #t)))
+ (mkdir-p target))
=20
(cond
((string-prefix? "nfs" type)
- (mount-nfs source mount-point type flags options))
+ (mount-nfs source target type flags options))
(else
- (mount source mount-point type flags options)))
+ (mount source target type flags options)))
=20
;; For read-only bind mounts, an extra remount is needed, as per
;; <http://lwn.net/Articles/281157/>, which still applies to Linux
;; 4.0.
(when (and (=3D MS_BIND (logand flags MS_BIND))
(=3D MS_RDONLY (logand flags MS_RDONLY)))
- (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY)))
- (mount source mount-point type flags #f))))
+ (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY))
+ (options (and=3D> (find (let ((devno (stat:dev (lstat sour=
ce))))
+ (lambda (mount)
+ (=3D (mount-device-number mount)
+ devno)))
+ (mounts))
+ mount-options)))
+ (mount source target type flags options))))
(lambda args
(or (file-system-mount-may-fail? fs)
(apply throw args))))))
--=-=-=--
bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.
Received: (at 46292) by debbugs.gnu.org; 18 Feb 2021 11:36:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 18 06:36:17 2021
Received: from localhost ([127.0.0.1]:46217 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1lChbU-0005rv-Oy
for submit <at> debbugs.gnu.org; Thu, 18 Feb 2021 06:36:16 -0500
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:31388)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1lChbS-0005ra-FN
for 46292 <at> debbugs.gnu.org; Thu, 18 Feb 2021 06:36:15 -0500
X-IronPort-AV: E=Sophos;i="5.81,187,1610406000"; d="scan'208";a="493658226"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
by mail2-relais-roc.national.inria.fr with
ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Feb 2021 12:36:07 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: 46292 <at> debbugs.gnu.org
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
=?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
References: <87h7ms8658.fsf@HIDDEN>
Date: Thu, 18 Feb 2021 12:36:07 +0100
In-Reply-To: <87h7ms8658.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22?=
=?utf-8?Q?'s?= message of "Thu, 04 Feb 2021 11:43:47 +0100")
Message-ID: <878s7lsj4o.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
Cc: Dimitri DELABROYE <dimitri.delabroye@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> skribis:
> The read-only remount comes from =E2=80=98mount-file-system=E2=80=99 in (=
gnu build
> file-systems):
>
> ;; For read-only bind mounts, an extra remount is needed, as per
> ;; <http://lwn.net/Articles/281157/>, which still applies to Linux
> ;; 4.0.
> (when (and (=3D MS_BIND (logand flags MS_BIND))
> (=3D MS_RDONLY (logand flags MS_RDONLY)))
> (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY)))
> (mount source mount-point type flags #f)))
>
> This recipe has been working well =E2=80=9Cforever=E2=80=9D, although it=
=E2=80=99s probably
> unnecessary with recent kernels (the LWN article is from 2008).
Apparently the extra remount is still necessary, and the =E2=80=98mount=E2=
=80=99 command
does it for you if you combine =E2=80=98--bind=E2=80=99 with =E2=80=98-o ro=
=E2=80=99:
--8<---------------cut here---------------start------------->8---
# strace -e mount mount --bind -o ro t m
mount("/tmp/t", "/tmp/m", 0xde1930, MS_RDONLY|MS_BIND, NULL) =3D 0
mount("none", "/tmp/m", NULL, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) =3D 0
+++ exited with 0 +++
# mount --version
mount from util-linux 2.35.1 (libmount 2.35.1: btrfs, namespaces, assert, d=
ebug)
# uname -sr
Linux 5.10.10-gnu
--8<---------------cut here---------------end--------------->8---
Ludo=E2=80=99.
bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.Received: (at 46292) by debbugs.gnu.org; 10 Feb 2021 08:06:05 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Feb 10 03:06:05 2021 Received: from localhost ([127.0.0.1]:55379 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1l9kVg-0004Q6-Cz for submit <at> debbugs.gnu.org; Wed, 10 Feb 2021 03:06:05 -0500 Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:43478) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <lucas.nussbaum@HIDDEN>) id 1l9ibl-0001Ix-Je for 46292 <at> debbugs.gnu.org; Wed, 10 Feb 2021 01:04:15 -0500 X-IronPort-AV: E=Sophos;i="5.81,167,1610406000"; d="scan'208";a="372606394" Received: from xanadu.blop.info ([178.79.145.134]) by mail3-relais-sop.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 10 Feb 2021 07:04:06 +0100 Date: Wed, 10 Feb 2021 07:04:03 +0100 From: Lucas Nussbaum <lucas.nussbaum@HIDDEN> To: 46292 <at> debbugs.gnu.org Subject: more info Message-ID: <20210210060403.GA15175@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 46292 X-Mailman-Approved-At: Wed, 10 Feb 2021 03:06:02 -0500 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi, This is not due to NFS, but due to the fact that the NFS mount is mounted nosuid (and nodev, probably). I can reproduce it on a local filesystem mounted nosuid. It seems that, when remounting a bind mount which is originally nosuid inside a mount ns, you need to specify explicitely the nosuid option, or else can_change_locked_flags()[1] will return false. [1] https://github.com/torvalds/linux/blame/master/fs/namespace.c#L2480 There's a concept of "locked mount flags" that cannot be cleared by a less privileged user (see [2]). Our call to 'mount -o remount' ignores the fact that the filesystem is mounted nosuid (and does not include this flag), so the remount call tries to remove nosuid, and fails. [2] https://github.com/torvalds/linux/commit/9566d6742852c527bf5af38af5cbb878dad75705 This probably needs to be fixed in Guix by fetching the current mount flags and including them in the bind+remount+readonly call. Unfortunately I did not find an easy way to convert mount flags in /proc/$$/mountinfo to flags for the mount syscall... Lucas
bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.
Received: (at 46292) by debbugs.gnu.org; 4 Feb 2021 14:41:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 04 09:41:17 2021
Received: from localhost ([127.0.0.1]:40341 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1l7foq-0007WH-W8
for submit <at> debbugs.gnu.org; Thu, 04 Feb 2021 09:41:17 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104]:50776)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1l7foo-0007W2-BA
for 46292 <at> debbugs.gnu.org; Thu, 04 Feb 2021 09:41:16 -0500
X-IronPort-AV: E=Sophos;i="5.79,401,1602540000"; d="scan'208";a="372101709"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
by mail3-relais-sop.national.inria.fr with
ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2021 15:41:07 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: 46292 <at> debbugs.gnu.org
Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?=
=?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian)
References: <87h7ms8658.fsf@HIDDEN>
Date: Thu, 04 Feb 2021 15:41:07 +0100
In-Reply-To: <87h7ms8658.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22?=
=?utf-8?Q?'s?= message of "Thu, 04 Feb 2021 11:43:47 +0100")
Message-ID: <87im777v5o.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 46292
Cc: Dimitri DELABROYE <dimitri.delabroye@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> skribis:
> The problem may have to do with the fact that /gnu/store is an NFS
> mount.
Maybe not? I tested on a similar setup where it Just Works:
--8<---------------cut here---------------start------------->8---
$ guix describe
Generation 6 Feb 04 2021 15:37:16 (current)
guix e7195e8
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: e7195e83c85a83131c0981bae2b6e5613669ebd1
$ df -h /gnu/store
Filesystem Size Used Avail Use% Mounted on
<redacted>:/GNUSTORE 973G 118G 856G 13% /gnu/store
$ uname -rv
4.9.0-11-amd64 #1 SMP Debian 4.9.189-3+deb9u2 (2019-11-11)
$ guix environment -C --ad-hoc coreutils
[env]$ id
uid=3D11279(lcourtes) gid=3D10038(users) groups=3D10038(users),65534(overfl=
ow)
--8<---------------cut here---------------end--------------->8---
Ludo=E2=80=99.
bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.Received: (at 46292) by debbugs.gnu.org; 4 Feb 2021 12:40:11 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 04 07:40:11 2021 Received: from localhost ([127.0.0.1]:40148 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1l7dvf-0004aE-9T for submit <at> debbugs.gnu.org; Thu, 04 Feb 2021 07:40:11 -0500 Received: from mail-wr1-f54.google.com ([209.85.221.54]:44620) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <zimon.toutoune@HIDDEN>) id 1l7dvZ-0004ZZ-Us for 46292 <at> debbugs.gnu.org; Thu, 04 Feb 2021 07:40:09 -0500 Received: by mail-wr1-f54.google.com with SMTP id d16so3268161wro.11 for <46292 <at> debbugs.gnu.org>; Thu, 04 Feb 2021 04:40:05 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:in-reply-to:references:date:message-id :mime-version:content-transfer-encoding; bh=NEyvz63bq77D/FzZzZ2qP0bnwHPfpPRG27Ny9y4s/h0=; b=iV3Oe3gmS1plK7a0LL1qjrCBZW5COhBeknjsEfvuz84OO/Dpea/dosIFiHJ6eZK3ea dU3J6v2ZjN+WHw1ORa1OVk6BdZ3601ZVdhs7i3EyN+Fe9JS6ZQsn0i+8SEoj4/ObxiN0 ERmBASQxPvXBdDVWmWgSlUSQPD3o/0jJaEf2chfC4g5uLXTHkyaUTr+CD+zjfHnfhVG4 BgocMjr+iBPgZHN+j0zwuxzX5RXLx8tQwo0RnunhqLgc+RU4RwIFWelr4DjwnIP9nWxp R6aUvRpaUkiY3SKFoEcj8rEIZzXCg8mYNmxfH3Na/rZX8UHHxP8x3a7TLMaKlyjUS8sX EOcA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:in-reply-to:references:date :message-id:mime-version:content-transfer-encoding; bh=NEyvz63bq77D/FzZzZ2qP0bnwHPfpPRG27Ny9y4s/h0=; b=qUJ8v3agBtGbav2ITLFfQPumNWChT2WVqVJ7ho05i42CtfdPQmF4gl+aXwTJ+Jquem WErSvP+ukJDIQJfk2NBz8iQjXkn/Ngu6HZT6ipC2a2oDv3vu76I8e1GskhUx6ql3VFzQ QI6kV7Op3fgmF+ZO5VKmXNzc3Tk0YBkDCn0ckthqKqoyXU+8XIYOjtvr7qGXcKe/01N1 cCur6rd++L5LH+8MC9SbIjzzc3MDXk7Jm3cmAv2nll8XL6zSQWnjW3OiyjyrTDS9k++t LAR8OOhecvuKjkBXpYrhMyp2qo7CJioTXOzXQnc6J3o1LBF9nfJvbJXVGgb3QkwJCwWG txqQ== X-Gm-Message-State: AOAM532LCXntANK1rFVfSEswA+XuAMiDuc1oDHqB2OHFoJS8/aJPNpZy Rpe18DZGgzE1Q3taCpihKX0= X-Google-Smtp-Source: ABdhPJy4CsFFvY+OXu06QwC+5wlKj1i02WelwpLdByIbXMagNZjLh9wr0dEsNFbTDIbqJz6EKCkwtQ== X-Received: by 2002:adf:e4c9:: with SMTP id v9mr9009815wrm.277.1612442400014; Thu, 04 Feb 2021 04:40:00 -0800 (PST) Received: from lili ([2a01:e0a:59b:9120:65d2:2476:f637:db1e]) by smtp.gmail.com with ESMTPSA id j7sm8531104wrp.72.2021.02.04.04.39.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Feb 2021 04:39:59 -0800 (PST) From: zimoun <zimon.toutoune@HIDDEN> To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>, 46292 <at> debbugs.gnu.org Subject: Re: bug#46292: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C?= =?utf-8?Q?=E2=80=99?= fails with Linux 4.19 (Debian) In-Reply-To: <87h7ms8658.fsf@HIDDEN> References: <87h7ms8658.fsf@HIDDEN> Date: Thu, 04 Feb 2021 13:38:51 +0100 Message-ID: <868s84c8is.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 46292 Cc: Dimitri DELABROYE <dimitri.delabroye@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hi, On Thu, 04 Feb 2021 at 11:43, Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN= r> wrote: > --8<---------------cut here---------------start------------->8--- > $ guix environment --ad-hoc coreutils -C > guix environment: error: mount: mount "/gnu/store/mmhimfwmmidf09jw1plw3aw= 1g1zn2nkh-bash-static-5.0.16" on "/tmp/guix-directory.Nagh8Y//gnu/store/mmh= imfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16": Operation not permitted > $ uname -rv > 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) > $ cat /proc/sys/kernel/unprivileged_userns_clone > 1 > --8<---------------cut here---------------end--------------->8--- With a bit older Debian than yours: --8<---------------cut here---------------start------------->8--- $ guix environment --ad-hoc coreutils -C [env]$ uname -rv 4.19.0-8-amd64 #1 SMP Debian 4.19.98-1 (2020-01-26) [env]$ cat /proc/sys/kernel/unprivileged_userns_clone 1 [env]$ exit exit --8<---------------cut here---------------end--------------->8--- On another machine with the same kernel: --8<---------------cut here---------------start------------->8--- $ guix environment --ad-hoc coreutils -C [env]$ uname -rv 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) [env]$ cat /proc/sys/kernel/unprivileged_userns_clone 1 [env]$ exit exit --8<---------------cut here---------------end--------------->8--- Maybe I misconfigured mines or something is different on yours. :-) All the best, simon
bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.
Received: (at submit) by debbugs.gnu.org; 4 Feb 2021 10:43:56 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Feb 04 05:43:56 2021
Received: from localhost ([127.0.0.1]:39825 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1l7c7A-0000x0-4o
for submit <at> debbugs.gnu.org; Thu, 04 Feb 2021 05:43:56 -0500
Received: from lists.gnu.org ([209.51.188.17]:58858)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1l7c78-0000ws-Kz
for submit <at> debbugs.gnu.org; Thu, 04 Feb 2021 05:43:55 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:35260)
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludovic.courtes@HIDDEN>)
id 1l7c78-0000Eb-Dd
for bug-guix@HIDDEN; Thu, 04 Feb 2021 05:43:54 -0500
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:51632)
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludovic.courtes@HIDDEN>)
id 1l7c74-00033c-OT
for bug-guix@HIDDEN; Thu, 04 Feb 2021 05:43:53 -0500
X-IronPort-AV: E=Sophos;i="5.79,400,1602540000"; d="scan'208";a="490816946"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
by mail2-relais-roc.national.inria.fr with
ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2021 11:43:47 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: <bug-guix@HIDDEN>
Subject: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C=E2=80=99?= fails
with Linux 4.19 (Debian)
X-Debbugs-Cc: Dimitri DELABROYE <dimitri.delabroye@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 16 =?utf-8?Q?Pluvi=C3=B4se?= an 229 de la
=?utf-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 04 Feb 2021 11:43:47 +0100
Message-ID: <87h7ms8658.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=192.134.164.83;
envelope-from=ludovic.courtes@HIDDEN;
helo=mail2-relais-roc.national.inria.fr
X-Spam_score_int: -41
X-Spam_score: -4.2
X-Spam_bar: ----
X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3,
RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
I=E2=80=99m observing this:
--8<---------------cut here---------------start------------->8---
$ guix environment --ad-hoc coreutils -C
guix environment: error: mount: mount "/gnu/store/mmhimfwmmidf09jw1plw3aw1g=
1zn2nkh-bash-static-5.0.16" on "/tmp/guix-directory.Nagh8Y//gnu/store/mmhim=
fwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16": Operation not permitted
$ uname -rv
4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28)
$ cat /proc/sys/kernel/unprivileged_userns_clone
1
--8<---------------cut here---------------end--------------->8---
Excerpt of the strace log:
--8<---------------cut here---------------start------------->8---
7605 mkdir("/tmp/guix-directory.EtXAVT/dev/mqueue", 0777) =3D 0
7605 mount("mqueue", "/tmp/guix-directory.EtXAVT//dev/mqueue", "mqueue", M=
S_NOSUID|MS_NODEV|MS_NOEXEC, NULL) =3D 0
7605 stat("/home/lcourtes", {st_mode=3DS_IFDIR|0710, st_size=3D4096, ...})=
=3D 0
7605 mkdir("/tmp", 0777) =3D -1 EEXIST (File exists)
7605 mkdir("/tmp/guix-directory.EtXAVT", 0777) =3D -1 EEXIST (File exists)
7605 mkdir("/tmp/guix-directory.EtXAVT/home", 0777) =3D 0
7605 mkdir("/tmp/guix-directory.EtXAVT/home/lcourtes", 0777) =3D 0
7605 mount("/home/lcourtes", "/tmp/guix-directory.EtXAVT//home/lcourtes", =
0xeea390, MS_BIND, NULL) =3D 0
7605 stat("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16"=
, {st_mode=3DS_IFDIR|0555, st_size=3D4096, ...}) =3D 0
7605 mkdir("/tmp", 0777) =3D -1 EEXIST (File exists)
7605 mkdir("/tmp/guix-directory.EtXAVT", 0777) =3D -1 EEXIST (File exists)
7605 mkdir("/tmp/guix-directory.EtXAVT/gnu", 0777) =3D 0
7605 mkdir("/tmp/guix-directory.EtXAVT/gnu/store", 0777) =3D 0
7605 mkdir("/tmp/guix-directory.EtXAVT/gnu/store/mmhimfwmmidf09jw1plw3aw1g=
1zn2nkh-bash-static-5.0.16", 0777) =3D 0
7605 mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16=
", "/tmp/guix-directory.EtXAVT//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-=
bash-static-5.0.16", 0xeea3b0, MS_RDONLY|MS_BIND, NULL) =3D 0
7605 mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16=
", "/tmp/guix-directory.EtXAVT//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-=
bash-static-5.0.16", 0xeea3d0, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) =3D -1 E=
PERM (Operation not permitted)
--8<---------------cut here---------------end--------------->8---
The read-only remount comes from =E2=80=98mount-file-system=E2=80=99 in (gn=
u build
file-systems):
;; For read-only bind mounts, an extra remount is needed, as per
;; <http://lwn.net/Articles/281157/>, which still applies to Linux
;; 4.0.
(when (and (=3D MS_BIND (logand flags MS_BIND))
(=3D MS_RDONLY (logand flags MS_RDONLY)))
(let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY)))
(mount source mount-point type flags #f)))
This recipe has been working well =E2=80=9Cforever=E2=80=9D, although it=E2=
=80=99s probably
unnecessary with recent kernels (the LWN article is from 2008).
The problem may have to do with the fact that /gnu/store is an NFS
mount. Indeed, similar commands fail on $HOME (also an NFS mount):
--8<---------------cut here---------------start------------->8---
$ mkdir t m
$ unshare -mrf
# mount --bind ./t ./m
# mount --bind -r -o remount ./t ./m
mount: /home/lcourtes/m: permission denied.
--8<---------------cut here---------------end--------------->8---
=E2=80=A6 but they succeed on /tmp (not an NFS mount):
--8<---------------cut here---------------start------------->8---
$ mkdir /tmp/t
$ mkdir /tmp/m
$ unshare -mrf
# mount --bind /tmp/{t,m}
# mount --bind -r -o remount /tmp/{t,m}
--8<---------------cut here---------------end--------------->8---
To be continued=E2=80=A6
Ludo=E2=80=99.
Ludovic Courtès <ludovic.courtes@HIDDEN>:dimitri.delabroye@HIDDEN, bug-guix@HIDDEN.
Full text available.dimitri.delabroye@HIDDEN, bug-guix@HIDDEN:bug#46292; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.