GNU logs - #55358, boring messages

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#55358: docker containers stopped when doing guix install or guix shell
Resent-From: Remco van 't Veer <remco@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Wed, 11 May 2022 07:14:01 +0000
Resent-Message-ID: <handler.55358.B.165225318621871 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 55358
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 55358 <at> debbugs.gnu.org
Cc: zimoun <zimon.toutoune@HIDDEN>
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.165225318621871
          (code B ref -1); Wed, 11 May 2022 07:14:01 +0000
Received: (at submit) by debbugs.gnu.org; 11 May 2022 07:13:06 +0000
Received: from localhost ([127.0.0.1]:35826 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1nogWw-0005gg-G2
	for submit <at> debbugs.gnu.org; Wed, 11 May 2022 03:13:06 -0400
Received: from lists.gnu.org ([209.51.188.17]:51520)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <remco@HIDDEN>) id 1nogWu-0005gY-QT
 for submit <at> debbugs.gnu.org; Wed, 11 May 2022 03:13:05 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:41130)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <remco@HIDDEN>)
 id 1nogWu-00017Q-K5
 for bug-guix@HIDDEN; Wed, 11 May 2022 03:13:04 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:41135)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <remco@HIDDEN>)
 id 1nogWq-000321-Ss
 for bug-guix@HIDDEN; Wed, 11 May 2022 03:13:02 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id 569C15C00F3;
 Wed, 11 May 2022 03:12:57 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute5.internal (MEProxy); Wed, 11 May 2022 03:12:57 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h=
 cc:cc:content-transfer-encoding:content-type:date:date:from:from
 :in-reply-to:message-id:mime-version:reply-to:sender:subject
 :subject:to:to; s=fm3; t=1652253177; x=1652339577; bh=loE5vFK9un
 FzlnPdZgbEvMM3cEbsDNmtQsPhkoZZyp4=; b=NJeaST9NfekGnlVdyO2FGPsKdu
 EDzlhH4ph453RCPawJEBtLn5JlR9pXUcpvF75tnaYYNGHR3rNTSe2Pju7dFEfhHH
 zo+garGvKAaplp0Q7anmAaMZcv3Ro/4Nw6myO3eF4UACD600eQOUAJRquzRRAeTw
 1I/2NCHK5OHQUBJ9R/pkIHq5OD0XGyn0NZm6bXOjIliPmSbzLnwG5hOYY6U7ENAE
 JfOpXk3gfPRlbrcjtB0ZBzgYy53KgU5arzxdmvzaGM0xKAsMxsB6KP6qY/dyKcq8
 x31EHXaA2OziLYdCr1oJ+Qo2bUlGlbm0Z3EZK0DzaSM1yln7LNH8F57rlqnw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:date:date:from:from:in-reply-to:message-id
 :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
 1652253177; x=1652339577; bh=loE5vFK9unFzlnPdZgbEvMM3cEbsDNmtQsP
 hkoZZyp4=; b=NiA/IcW2L9wr9EHAr0eSwEaTI1Wfh1XNSYWALWPIKOp0KQAxHue
 4kRuFCSs11jR+savsrnPlRjB6y6j19G4k+9d6p12vS7EwLiGFe60Cy5n1YT/CF9h
 hZbRbUAH6dMA7lYrIg56aT66fQezj3ExtdMQyfsyTI+WXQyoTxiKls5RqdyuZkUD
 frjv1faq7bBdq1m1cJEfapWxNnIqSZrND6bhg3k0OnWSkABJcqf4HuIJJfBg3nmY
 KHojikMgp/eOVPKSjuwpWlMJfk2KDmebYgrybJLDQFLz7Tz1OJsoWSQwFnrXUnFf
 twj6xAd9OG4ReHcL9O0ozkqA/tHYoAlaSUg==
X-ME-Sender: <xms:-GF7YoXujJn8fyk5zbfT-Sb1hQX5PLa6snEAH6F_GcmCR67ExcY3xQ>
 <xme:-GF7Ysko33-ppCDuNfkAuN1dPXqNqyYWZnvSEjr2rrAr2ULfbmICbWne_QAh_BzMm
 U9bTRlQMUNuOMzk4Q>
X-ME-Received: <xmr:-GF7YsZLVc_llLe5tDMafo9D35SLgUKXlKqvqaHSxcqbC25ycZ5wFPpAw6-7WaykUFvSL6Y4FPNf42y00jFpymyuJ4h2lM_QIYrGjk5bSco>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrgeeggdduudegucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucenucfjughrpegfhffvvefufffkgggtgfesthhqre
 dttderjeenucfhrhhomheptfgvmhgtohcuvhgrnhcukdhtucggvggvrhcuoehrvghmtgho
 sehrvghmfihorhhkshdrnhgvtheqnecuggftrfgrthhtvghrnhepkeevgedujeefhfehle
 evtedutdeufffgkeekgedtledtheevteeftddvhedvjeejnecuffhomhgrihhnpehgnhhu
 rdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomh
 eprhgvmhgtohesrhgvmhifohhrkhhsrdhnvght
X-ME-Proxy: <xmx:-GF7YnWT0LwZ_amtMR3ehOIzU9FDCGPJjCVApXMCj3EK_9tjVDqRIA>
 <xmx:-GF7YimraWuFONrpwg7vxe6KMA5aue-9R2GBRPSwqBNI11HLfTeN1g>
 <xmx:-GF7YsdSd4RnWkAHu9nujp9Wpc6Sby5qb10XINOpfzCtPPsekQNlbg>
 <xmx:-WF7Ypvb-cmN-vAjYjC3gY33761Gq9nILdAbEiZhzUyzFvZagiTBYQ>
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed,
 11 May 2022 03:12:56 -0400 (EDT)
User-agent: mu4e 1.6.10; emacs 27.2
From: Remco van 't Veer <remco@HIDDEN>
Date: Wed, 11 May 2022 09:12:54 +0200
Message-ID: <87ilqch79l.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=66.111.4.28; envelope-from=remco@HIDDEN;
 helo=out4-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001,
 T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.7 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.7 (--)

On a Guix system host, some running docker containers are stopped when
doing guix install or other guix operations like shell.  I noticed this
happing to mysql and postgres containers but an elasticsearch container
just keeps running.

Here's an example session:

  $ docker ps
  CONTAINER ID  IMAGE           COMMAND                  CREATED         ST=
ATUS        PORTS     NAMES
  $ docker run -d postgres:10.10
  ..
  2b52ee072b1f5584cae597afb033cdcc0e560bbe9145b17b41502c204034e60b
  $ docker ps
  CONTAINER ID  IMAGE           COMMAND                  CREATED         ST=
ATUS        PORTS     NAMES
  2b52ee072b1f  postgres:10.10  "docker-entrypoint.s=E2=80=A6"  2 seconds a=
go   Up 1 seconds  5432/tcp  blah_blah
  $ guix shell xeyes -- xeyes
  substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
  0.0 MB will be downloaded
   xeyes-1.1.2  11KiB                                                      =
                     613KiB/s 00:00 [##################] 100.0%
  The following derivation will be built:
    /gnu/store/xc002hxl4g8mskqmpm0grsk8s45m91gz-profile.drv

  applying 4 grafts for xeyes-1.1.2 ...
  building CA certificate bundle...
  listing Emacs sub-directories...
  building fonts directory...
  building directory of Info manuals...
  building profile with 1 package...
  $ docker ps
  CONTAINER ID  IMAGE           COMMAND                  CREATED         ST=
ATUS        PORTS     NAMES
  $ exit

First we see no docker containers are running, then we start postgres-10
from docker hub, we see its container is running, then we do something
using guix-shell on an application *not already available on this
system*, and now the container died.  This does not work the second time
when the "derivation" is already "built".

Cheers,
Remco

Message sent:


Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.505 (Entity 5.505)
Content-Type: text/plain; charset=utf-8
X-Loop: help-debbugs@HIDDEN
From: help-debbugs@HIDDEN (GNU bug Tracking System)
To: Remco van 't Veer <remco@HIDDEN>
Subject: bug#55358: Acknowledgement (docker containers stopped when doing
 guix install or guix shell)
Message-ID: <handler.55358.B.165225318621871.ack <at> debbugs.gnu.org>
References: <87ilqch79l.fsf@HIDDEN>
X-Gnu-PR-Message: ack 55358
X-Gnu-PR-Package: guix
Reply-To: 55358 <at> debbugs.gnu.org
Date: Wed, 11 May 2022 07:14:01 +0000

Thank you for filing a new bug report with debbugs.gnu.org.

This is an automatically generated reply to let you know your message
has been received.

Your message is being forwarded to the package maintainers and other
interested parties for their attention; they will reply in due course.

Your message has been sent to the package maintainer(s):
 bug-guix@HIDDEN

If you wish to submit further information on this problem, please
send it to 55358 <at> debbugs.gnu.org.

Please do not send mail to help-debbugs@HIDDEN unless you wish
to report a problem with the Bug-tracking system.

--=20
55358: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D55358
GNU Bug Tracking System
Contact help-debbugs@HIDDEN with problems

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#55358: docker containers stopped when doing guix install or guix shell
Resent-From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Tue, 12 Jul 2022 13:49:02 +0000
Resent-Message-ID: <handler.55358.B55358.165763372927923 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 55358
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Remco van 't Veer <remco@HIDDEN>
Cc: 55358 <at> debbugs.gnu.org, zimoun <zimon.toutoune@HIDDEN>
Received: via spool by 55358-submit <at> debbugs.gnu.org id=B55358.165763372927923
          (code B ref 55358); Tue, 12 Jul 2022 13:49:02 +0000
Received: (at 55358) by debbugs.gnu.org; 12 Jul 2022 13:48:49 +0000
Received: from localhost ([127.0.0.1]:42068 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oBGFt-0007GI-0c
	for submit <at> debbugs.gnu.org; Tue, 12 Jul 2022 09:48:49 -0400
Received: from mail-qv1-f43.google.com ([209.85.219.43]:37760)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <maxim.cournoyer@HIDDEN>) id 1oBGFr-0007Fq-7K
 for 55358 <at> debbugs.gnu.org; Tue, 12 Jul 2022 09:48:47 -0400
Received: by mail-qv1-f43.google.com with SMTP id m10so1307805qvu.4
 for <55358 <at> debbugs.gnu.org>; Tue, 12 Jul 2022 06:48:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112;
 h=from:to:cc:subject:references:date:in-reply-to:message-id
 :user-agent:mime-version:content-transfer-encoding;
 bh=8gcO2B/XDxQLW6u/AJJxIVJz/rpn2kb9Tn/JCPt3KQw=;
 b=hvRkTrzQaB6xWszFwRXytiuWVua+porQUw9D6adfBrkHZd524WU/itfq9WXQEcatq1
 kI940nzj3/2nBR13tkmvK9AO/DtEg3aoqvB7iJczmx0dk78F9DoGeOrYGS/ojBtmM6k/
 9EAMC38bl2S0g+yj156KIcKZ4DXhFyaSLoANwEydM1p2QPn7Sxf1tnaD3APZ4K3cJiND
 JnFr+BY0F0mbnsxhA9GGYsbuyxR53eIdpg68sqmwtxYFjpbOimd1b5HbnEiKOdAlRMCA
 kjaIpRgl0ZQUkXT1zVAhZ+vxPDwEkaxedRRqwSJSDeFl2kieIz0QAdT6EpH0FlCU+3GL
 QsBA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to
 :message-id:user-agent:mime-version:content-transfer-encoding;
 bh=8gcO2B/XDxQLW6u/AJJxIVJz/rpn2kb9Tn/JCPt3KQw=;
 b=FFxmlJkBVnRg+yU0SanbGXfSASBepFqI3uSexJYEh180CHNXm+ww9rhgfgzMmxeglc
 T5LrZ121Lsh7L0jmt3oM3wYUVeJJs8ffsEZ/vwk3paUC4I15LPqWNsiLd2KYGDiHMqAV
 uZvitRgGWRZvCqmTZEbVuoK5CNPofBSlV32BBjnnkt1S4ARCgW3qrRQDBrtQv3XuHAks
 dyBk7+ZeVJFM1gOXq6xoT/aBC1lmXghmWfSLh6QWagg+punIyrQDZlbXoF+ZzcKTU9VC
 ZB13rnaibmGjcaGxzDPLrxsrwetgdYy2xQvds5JmFBmT3CtmHt7uVuCHobC99KN4vpCd
 XZ7g==
X-Gm-Message-State: AJIora+NpO5OEnQwgs8O18wNMSZpjeRzp2wFz1K/+dIgzQsf30XZBAVn
 yIP8Vx/TJN1uCvUa9o+Z637ZvfcHBXhYp8W/
X-Google-Smtp-Source: AGRyM1sSVtzWBGmsvpSVjMP5VHGgfc4/5T+D1HbPzZWPitUNDlhMqz6+ilafGEyEPoS97lZASiNWCw==
X-Received: by 2002:a05:6214:1d08:b0:473:3a2e:588f with SMTP id
 e8-20020a0562141d0800b004733a2e588fmr17507377qvd.114.1657633721684; 
 Tue, 12 Jul 2022 06:48:41 -0700 (PDT)
Received: from hurd (dsl-155-226.b2b2c.ca. [66.158.155.226])
 by smtp.gmail.com with ESMTPSA id
 7-20020a370307000000b006b47dc92e15sm8820306qkd.36.2022.07.12.06.48.40
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 12 Jul 2022 06:48:41 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
References: <87ilqch79l.fsf@HIDDEN>
Date: Tue, 12 Jul 2022 09:48:40 -0400
In-Reply-To: <87ilqch79l.fsf@HIDDEN> (Remco van t. Veer's message of
 "Wed, 11 May 2022 09:12:54 +0200")
Message-ID: <87mtde8mrr.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Hi,

Remco van 't Veer <remco@HIDDEN> writes:

> On a Guix system host, some running docker containers are stopped when
> doing guix install or other guix operations like shell.  I noticed this
> happing to mysql and postgres containers but an elasticsearch container
> just keeps running.
>
> Here's an example session:
>
>   $ docker ps
>   CONTAINER ID  IMAGE           COMMAND                  CREATED         =
STATUS        PORTS     NAMES
>   $ docker run -d postgres:10.10
>   ..
>   2b52ee072b1f5584cae597afb033cdcc0e560bbe9145b17b41502c204034e60b
>   $ docker ps
>   CONTAINER ID  IMAGE           COMMAND                  CREATED         =
STATUS        PORTS     NAMES
>   2b52ee072b1f  postgres:10.10  "docker-entrypoint.s=E2=80=A6"  2 seconds=
 ago   Up 1 seconds  5432/tcp  blah_blah
>   $ guix shell xeyes -- xeyes
>   substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.=
0%
>   0.0 MB will be downloaded
>    xeyes-1.1.2  11KiB                                                    =
                       613KiB/s 00:00 [##################] 100.0%
>   The following derivation will be built:
>     /gnu/store/xc002hxl4g8mskqmpm0grsk8s45m91gz-profile.drv
>
>   applying 4 grafts for xeyes-1.1.2 ...
>   building CA certificate bundle...
>   listing Emacs sub-directories...
>   building fonts directory...
>   building directory of Info manuals...
>   building profile with 1 package...
>   $ docker ps
>   CONTAINER ID  IMAGE           COMMAND                  CREATED         =
STATUS        PORTS     NAMES
>   $ exit
>
> First we see no docker containers are running, then we start postgres-10
> from docker hub, we see its container is running, then we do something
> using guix-shell on an application *not already available on this
> system*, and now the container died.  This does not work the second time
> when the "derivation" is already "built".

Are you still able to reproduce this using the new version of docker
packaged in Guix?

Thanks,

Maxim

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#55358: docker containers stopped when doing guix install or guix shell
Resent-From: Remco van 't Veer <remco@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Tue, 12 Jul 2022 14:38:01 +0000
Resent-Message-ID: <handler.55358.B55358.165763664410495 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 55358
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Cc: 55358 <at> debbugs.gnu.org, zimoun <zimon.toutoune@HIDDEN>
Received: via spool by 55358-submit <at> debbugs.gnu.org id=B55358.165763664410495
          (code B ref 55358); Tue, 12 Jul 2022 14:38:01 +0000
Received: (at 55358) by debbugs.gnu.org; 12 Jul 2022 14:37:24 +0000
Received: from localhost ([127.0.0.1]:43408 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1oBH0u-0002jC-Fp
	for submit <at> debbugs.gnu.org; Tue, 12 Jul 2022 10:37:24 -0400
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:51579)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <remco@HIDDEN>) id 1oBH0s-0002iy-Cq
 for 55358 <at> debbugs.gnu.org; Tue, 12 Jul 2022 10:37:23 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.nyi.internal (Postfix) with ESMTP id 32DF85C0136;
 Tue, 12 Jul 2022 10:37:15 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute5.internal (MEProxy); Tue, 12 Jul 2022 10:37:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h=
 cc:cc:content-transfer-encoding:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:sender:subject:subject:to:to; s=fm2; t=1657636635; x=
 1657723035; bh=xEMRWMh9/iBcQyrjb6nYU1LRHhTJAI7P+p6QomdQ1wk=; b=R
 mypFoG39GySqgxWaB3JJzyZFL08C1wu3XyCvgiuRGbN5JcxegLKeTZ1dCv7sTPW7
 +dr1t6nFCyHNfTw1nSxUXBthm6EhC4g0px831DSu6rcMTbSpwGSacRUkZmZ2ezBV
 7GSUtRAeILi9rYHvnTAhLSPp0q+hNw8YkCC4LBIyDvrmEbZMmOdce2oBO5kYKqD1
 hAXJ42IN9S4rWt02bqAjhyZ8DAF4DPGyieNswEMfPjpMjDL7ZpFwax+RQAu9mzAp
 /brIfNENhzdXYwd0GtOjrTZdbGBq9D9kb+LWKx5Ii8H4FcDwTRj0Xe4d9IGwzvfA
 /0K2dvZwBzlLEE+ZW00Tw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:date:date:feedback-id:feedback-id:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; t=1657636635; x=
 1657723035; bh=xEMRWMh9/iBcQyrjb6nYU1LRHhTJAI7P+p6QomdQ1wk=; b=C
 SPSLUUN9BKrD6u9HGfdF+8OSd/kddFFgPedoLf07ZUhKt0ETeIR8Lxo/KkY4v25z
 7HhSyBr801TOXYQ1CkhivhEQxqRQtyoafU9kSa/r1H1jfNF6C1IJ/rnc2ScA0CZt
 7ou5FoSas/Jc9eeYK/W54SD/B9/C47fMMLKDTz6YCJpFWEtapnuT/i8tPPVyJV/t
 /oEVl3VIeAWR4Jrj2fCkaiqJO/odmceEDl6b1+X3iFBC5PftZ4Ap8i8NmzE2yPKT
 lyVjTXC/aqgVMxyHa8wolEGlRoCYknrJjP9u0gADhciZIIK50sRFp6gj82vo8MM8
 S1kjCb7PE6g62H2NcG4qw==
X-ME-Sender: <xms:GofNYnOq1IP7vrKdF3KV97UQ7unUErEftmqhUwcNwaSEBPqdEDo9qg>
 <xme:GofNYh8BqlZ4okAKPrUsd_w0eiNpyjz7IgcrPyBFq8p9jZPdsG53Yv-bj459JrOvw
 IDAxBmZg9p16CeZhw>
X-ME-Received: <xmr:GofNYmSsWIVzlMQUqpEbjaCs4KuMu8VHhTvi8oP9P9Jd9DXQUVWwq9GGEObqQLoNfV4NpLQVI2CxNkEaFWlNyVGtT_z9h5qFzAtPjfAQXgs>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvfedrudejhedgjeekucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhepfhgfhffvvefujgffkfggtgfgsehtqhertddtreejnecuhfhrohhmpeftvghm
 tghouchvrghnucdkthcugggvvghruceorhgvmhgtohesrhgvmhifohhrkhhsrdhnvghtqe
 enucggtffrrghtthgvrhhnpeehvdffteetffdtheekgfegjeffvdfhvddugeeffffggffg
 keeivdekleefvdfggeenucffohhmrghinhepghhnuhdrohhrghenucevlhhushhtvghruf
 hiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehrvghmtghosehrvghmfihorhhk
 shdrnhgvth
X-ME-Proxy: <xmx:GofNYruqtloADAgvDxuqpzOBBYvWBlKwUeS717rgxYIyhAU9hiAQog>
 <xmx:GofNYvd30of-N_jWyHK90Z7X9YiSdilxBv3hZ84ClwN2cdDOGcxgIA>
 <xmx:GofNYn2a_zaTzBBNpeioGbRw7X0hC1u5CA1azj1msVjvMmuCiN9pnA>
 <xmx:G4fNYnEy9BIX6lt0KqRsbnN5Md8951y3hreybjG88FllQBso_N08Qg>
Feedback-ID: i568842cc:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 12 Jul 2022 10:37:14 -0400 (EDT)
References: <87ilqch79l.fsf@HIDDEN> <87mtde8mrr.fsf@HIDDEN>
User-agent: mu4e 1.6.11; emacs 28.1
From: Remco van 't Veer <remco@HIDDEN>
In-reply-to: <87mtde8mrr.fsf@HIDDEN>
Date: Tue, 12 Jul 2022 16:37:08 +0200
Message-ID: <87h73m9z3f.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


2022/07/12 09:48, Maxim Cournoyer:

> Hi,
>
> Remco van 't Veer <remco@HIDDEN> writes:
>
>> On a Guix system host, some running docker containers are stopped when
>> doing guix install or other guix operations like shell.  I noticed this
>> happing to mysql and postgres containers but an elasticsearch container
>> just keeps running.
>>
>> Here's an example session:
>>
>>   $ docker ps
>>   CONTAINER ID  IMAGE           COMMAND                  CREATED        =
 STATUS        PORTS     NAMES
>>   $ docker run -d postgres:10.10
>>   ..
>>   2b52ee072b1f5584cae597afb033cdcc0e560bbe9145b17b41502c204034e60b
>>   $ docker ps
>>   CONTAINER ID  IMAGE           COMMAND                  CREATED        =
 STATUS        PORTS     NAMES
>>   2b52ee072b1f  postgres:10.10  "docker-entrypoint.s=E2=80=A6"  2 second=
s ago   Up 1 seconds  5432/tcp  blah_blah
>>   $ guix shell xeyes -- xeyes
>>   substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100=
.0%
>>   0.0 MB will be downloaded
>>    xeyes-1.1.2  11KiB                                                   =
                        613KiB/s 00:00 [##################] 100.0%
>>   The following derivation will be built:
>>     /gnu/store/xc002hxl4g8mskqmpm0grsk8s45m91gz-profile.drv
>>
>>   applying 4 grafts for xeyes-1.1.2 ...
>>   building CA certificate bundle...
>>   listing Emacs sub-directories...
>>   building fonts directory...
>>   building directory of Info manuals...
>>   building profile with 1 package...
>>   $ docker ps
>>   CONTAINER ID  IMAGE           COMMAND                  CREATED        =
 STATUS        PORTS     NAMES
>>   $ exit
>>
>> First we see no docker containers are running, then we start postgres-10
>> from docker hub, we see its container is running, then we do something
>> using guix-shell on an application *not already available on this
>> system*, and now the container died.  This does not work the second time
>> when the "derivation" is already "built".
>
> Are you still able to reproduce this using the new version of docker
> packaged in Guix?

Yes, same problem after a guix pull and guix system reconfigure just now.

  $ guix describe
  Generation 72	Jul 12 2022 16:11:38	(current)
    guix 9173cb5
      repository URL: https://git.savannah.gnu.org/git/guix.git
      branch: master
      commit: 9173cb522ddc4f31f21948cee3fb214fd67ef616

Cheers,
Remco

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#55358: docker containers stopped when doing guix install or guix shell
Resent-From: Remco van 't Veer <remco@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 09 Feb 2023 12:27:02 +0000
Resent-Message-ID: <handler.55358.B55358.167594561524197 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 55358
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Cc: 55358 <at> debbugs.gnu.org, zimoun <zimon.toutoune@HIDDEN>
Received: via spool by 55358-submit <at> debbugs.gnu.org id=B55358.167594561524197
          (code B ref 55358); Thu, 09 Feb 2023 12:27:02 +0000
Received: (at 55358) by debbugs.gnu.org; 9 Feb 2023 12:26:55 +0000
Received: from localhost ([127.0.0.1]:57789 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1pQ60s-0006IC-Ls
	for submit <at> debbugs.gnu.org; Thu, 09 Feb 2023 07:26:55 -0500
Received: from out4-smtp.messagingengine.com ([66.111.4.28]:40105)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <remco@HIDDEN>) id 1pQ60q-0006Hy-CF
 for 55358 <at> debbugs.gnu.org; Thu, 09 Feb 2023 07:26:53 -0500
Received: from compute2.internal (compute2.nyi.internal [10.202.2.46])
 by mailout.nyi.internal (Postfix) with ESMTP id F16295C007D;
 Thu,  9 Feb 2023 07:26:46 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
 by compute2.internal (MEProxy); Thu, 09 Feb 2023 07:26:46 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h=
 cc:cc:content-transfer-encoding:content-type:date:date:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:sender:subject:subject:to:to; s=fm3; t=1675945606; x=
 1676032006; bh=V9cpWk88+UXVw8tRRojYSrTJRogDIWeGynNGDsI0vjA=; b=Y
 MUI3eZloRzHMHiDS9CehzqSKFLBeFzrkObl8sKxx3Hk0N7ivyNXaAjIreqSmWs3+
 kMOwwZMkfIiJcGd8POzU8PSF/9yFmq5JhjT51ndlrHQCtDvDNFAU++ULpTqHbQo7
 9D1nHaikP2dUCj8o91qTgi/4BkRFjBwh7bsxJm5xKm+hR2bAzSwZueDT26LOP90b
 /fek80aCdxwnutHSaSRD8H8CX+rTe3R/lvnjVkh+xsStwmtwXk619hSIL0WcqtNV
 YImmhZ6xDMj3sjPayqydeEuTRkQNhIe4Dy4N+MzvHPDooXU9fQ0/44FFe3FNy+Fb
 p1YKQy1mHVlx98dTvTw0Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:date:date:feedback-id:feedback-id:from:from
 :in-reply-to:in-reply-to:message-id:mime-version:references
 :reply-to:sender:subject:subject:to:to:x-me-proxy:x-me-proxy
 :x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=1675945606; x=
 1676032006; bh=V9cpWk88+UXVw8tRRojYSrTJRogDIWeGynNGDsI0vjA=; b=c
 WIsXbqqAZPC2e9Z9u6TQshK+GVC5eI504UHd/XP/K/GQn1RnwzLu7NAkF9EiykS9
 hhShT+x2qZQq+uuiFPc8lUIbZt5ZVRZnrthw3s7HIEA2lXdKOy+DkAjKRtvL5FVh
 /AToHCFNkHcxJpwkz4NTaxRQgPUlnz7HaMLUCwPTsF9rdeL9Tm2GVW5BYUdLM6I1
 WkMVLQzgg/S+kXW0ar+7496UT1UHkLjkrdweYXPFSqneMc1fBEGmuLPnmTNexEOM
 vTAyVgiF7HjFbjfIGWp5h2eQVNVQhkR8Irr4gZUX3y+Pq9NZLulRm/Ar5zGhU38R
 Eifp1MUeY9Yf+MlT4hIpg==
X-ME-Sender: <xms:hubkY-8FCY9kR5aWnEKBTUXDlS-_dW1-Twp7gjXguo12yIbBhq7mQQ>
 <xme:hubkY-tcdgR-QRETjlPQYraBYDkhMY1SOf11lJXYopSCuL0L_6CgVJP68DOuYtsdW
 e4a-mlNDPeC0rphmg>
X-ME-Received: <xmr:hubkY0AK5adrTtuGJkx3gP2fzDW-rTQ8QAG_5B4DKKgW6PXJz-zjX5_HML7UH-uW2UJSa8vnDvwTCWtz1560njmNHQNc-RYnWIx6NbElGgM>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrudehfedgfeekucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhepfhgfhffvvefujgffkfggtgfgsehtqhertddtreejnecuhfhrohhmpeftvghm
 tghouchvrghnucdkthcugggvvghruceorhgvmhgtohesrhgvmhifohhrkhhsrdhnvghtqe
 enucggtffrrghtthgvrhhnpeehvdffteetffdtheekgfegjeffvdfhvddugeeffffggffg
 keeivdekleefvdfggeenucffohhmrghinhepghhnuhdrohhrghenucevlhhushhtvghruf
 hiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehrvghmtghosehrvghmfihorhhk
 shdrnhgvth
X-ME-Proxy: <xmx:hubkY2dJnnt_JgnP7QahaZ7eICTCOs2IRvKJAraUV9hqfHsVfxeQQg>
 <xmx:hubkYzOPjxF1pTQF_G8aRfDkn8XYIg9mI5jNjCv84p-sX7XIRJDA5w>
 <xmx:hubkYwlnsjIYS8xawH9DcV_nf0LbjqMOK2EW7QvWVRH1nMUIQ8XfgA>
 <xmx:hubkY516OO_CJ0-5irXbv0TdIqUdl9bIE2CXOnAANq5eOEtQxHhzKQ>
Feedback-ID: i568842cc:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Thu,
 9 Feb 2023 07:26:46 -0500 (EST)
References: <87ilqch79l.fsf@HIDDEN> <87mtde8mrr.fsf@HIDDEN>
 <87h73m9z3f.fsf@HIDDEN>
User-agent: mu4e 1.8.13; emacs 28.2
From: Remco van 't Veer <remco@HIDDEN>
In-reply-to: <87h73m9z3f.fsf@HIDDEN>
Date: Thu, 09 Feb 2023 13:26:43 +0100
Message-ID: <875ycb6n3w.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

I think I know what is causing the issue.  Both the "standard" mysql and
postgres containers use user-id 999 to run the database service (this
seems like a common practice because the redis container is configured
similarly).  That user-id is also configured as guixbuilder01 so I guess
the guix daemon is killing those when processes when it finishes doing
builds.

Does that make sense?  If so can guix daemon be fixed to be a tad more
gentile to the processes not spawned on its behalf?


2022/07/12 16:37, Remco van 't Veer:

> 2022/07/12 09:48, Maxim Cournoyer:
>
>> Hi,
>>
>> Remco van 't Veer <remco@HIDDEN> writes:
>>
>>> On a Guix system host, some running docker containers are stopped when
>>> doing guix install or other guix operations like shell.  I noticed this
>>> happing to mysql and postgres containers but an elasticsearch container
>>> just keeps running.
>>>
>>> Here's an example session:
>>>
>>>   $ docker ps
>>>   CONTAINER ID  IMAGE           COMMAND                  CREATED       =
  STATUS        PORTS     NAMES
>>>   $ docker run -d postgres:10.10
>>>   ..
>>>   2b52ee072b1f5584cae597afb033cdcc0e560bbe9145b17b41502c204034e60b
>>>   $ docker ps
>>>   CONTAINER ID  IMAGE           COMMAND                  CREATED       =
  STATUS        PORTS     NAMES
>>>   2b52ee072b1f  postgres:10.10  "docker-entrypoint.s=E2=80=A6"  2 secon=
ds ago   Up 1 seconds  5432/tcp  blah_blah
>>>   $ guix shell xeyes -- xeyes
>>>   substitute: updating substitutes from 'https://ci.guix.gnu.org'... 10=
0.0%
>>>   0.0 MB will be downloaded
>>>    xeyes-1.1.2  11KiB                                                  =
                         613KiB/s 00:00 [##################] 100.0%
>>>   The following derivation will be built:
>>>     /gnu/store/xc002hxl4g8mskqmpm0grsk8s45m91gz-profile.drv
>>>
>>>   applying 4 grafts for xeyes-1.1.2 ...
>>>   building CA certificate bundle...
>>>   listing Emacs sub-directories...
>>>   building fonts directory...
>>>   building directory of Info manuals...
>>>   building profile with 1 package...
>>>   $ docker ps
>>>   CONTAINER ID  IMAGE           COMMAND                  CREATED       =
  STATUS        PORTS     NAMES
>>>   $ exit
>>>
>>> First we see no docker containers are running, then we start postgres-10
>>> from docker hub, we see its container is running, then we do something
>>> using guix-shell on an application *not already available on this
>>> system*, and now the container died.  This does not work the second time
>>> when the "derivation" is already "built".
>>
>> Are you still able to reproduce this using the new version of docker
>> packaged in Guix?
>
> Yes, same problem after a guix pull and guix system reconfigure just now.
>
>   $ guix describe
>   Generation 72	Jul 12 2022 16:11:38	(current)
>     guix 9173cb5
>       repository URL: https://git.savannah.gnu.org/git/guix.git
>       branch: master
>       commit: 9173cb522ddc4f31f21948cee3fb214fd67ef616
>
> Cheers,
> Remco

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#55358: docker containers stopped when doing guix install or guix shell
Resent-From: Remco van 't Veer <remco@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Fri, 19 May 2023 15:52:03 +0000
Resent-Message-ID: <handler.55358.B55358.16845114676417 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 55358
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 55358 <at> debbugs.gnu.org
Cc: guix-devel@HIDDEN, Maxim Cournoyer <maxim.cournoyer@HIDDEN>, zimoun <zimon.toutoune@HIDDEN>
Received: via spool by 55358-submit <at> debbugs.gnu.org id=B55358.16845114676417
          (code B ref 55358); Fri, 19 May 2023 15:52:03 +0000
Received: (at 55358) by debbugs.gnu.org; 19 May 2023 15:51:07 +0000
Received: from localhost ([127.0.0.1]:57205 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1q02Nm-0001fN-Jx
	for submit <at> debbugs.gnu.org; Fri, 19 May 2023 11:51:07 -0400
Received: from wout3-smtp.messagingengine.com ([64.147.123.19]:37147)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <remco@HIDDEN>) id 1q02Nk-0001eF-Eu
 for 55358 <at> debbugs.gnu.org; Fri, 19 May 2023 11:51:05 -0400
Received: from compute4.internal (compute4.nyi.internal [10.202.2.44])
 by mailout.west.internal (Postfix) with ESMTP id 1549B3200909;
 Fri, 19 May 2023 11:50:58 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute4.internal (MEProxy); Fri, 19 May 2023 11:50:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h=
 cc:cc:content-type:content-type:date:date:from:from:in-reply-to
 :in-reply-to:message-id:mime-version:references:reply-to:sender
 :subject:subject:to:to; s=fm3; t=1684511457; x=1684597857; bh=rJ
 Rzx1Gl3VTBb7SXYGoXFc+pgPYeksTMBswG4Qk8Afo=; b=S86rLJlJEjJi1ecqhm
 oSzSLTyUOPORoYzwYWLS9kYf2/fT6L90FVzziBYDQPkePjKTGXulWJK2TqsaXSCW
 Q/UDEb9SZ1tL7AZcTXwuEKROvZaJy+Xe19+S1sQ76CRz55qb/dhiuE8NC/Gm/Iij
 T3tfhOkPs+WIRDp81hY/a5pzDT0HYMofGVnCEHZEH9z52rvmF3OYVnyovHbKsCrc
 D6nucCWHYMuVENeNqnx/ZH+nB3rPxzQb8pX+HyLFyjSeBTT001fQf79ZcsYc8mJo
 kiZi7RrG4jWVNuKM0JurBPyNn/kLNuVsLqDNJYJUQPPHhw2Rt259B/IY5Q5Y+JF/
 wXHA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:content-type:date:date
 :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm1; t=1684511457; x=1684597857; bh=rJRzx1Gl3VTBb
 7SXYGoXFc+pgPYeksTMBswG4Qk8Afo=; b=PdAiQm97GKiRaP5kPHUsxanOPxi0i
 ZHQ2GhSeVZIEnpGEVZptO8CvSzqpRGQvaK9jiy3U5MzN0EgJcLM9RhKqexQ/0Fdm
 SRKNJYzXuALLCLMKWCXcBra1kWxRQ6LdDXuK4bP7HZvZtZu6W10a0+NOYsi1CTH5
 rKTBG/2+iPvU0xoA8xkzI9PJi0GX6Weh12egrbwGVX0IJWjcpFemxKj+mmQWnmlb
 KRV+02gMrTA88Ai172y2Terid6CP6tWBZb5yyckpfsgCw9FL+5+5VQD04nYEKryJ
 HNd4CSnnlZiAz9//wgRZyfQS+vJ7p3Uj8DuLqIS5lqAwep2qEg5gADRyg==
X-ME-Sender: <xms:4ZpnZInGfra5W_KvqMpQcEXUbvZ8-qUiclL6FKqCyEZTqLuxpN8kvw>
 <xme:4ZpnZH26m7ZUZoA3k2WXksI6EVS_yX-Av7tpUnH4kmmKFzt01GDY6t6hhqQuEbV3B
 ysDMlDRyo97gMoiig>
X-ME-Received: <xmr:4ZpnZGoNd_Ib1DA5tK3eDoANBSd575kCX_tBTxd-iCMxUUkyTR6DuO9jfOIlcM0cycS70xFjob14FEspY5iE4Zgma7-m4Z2O9QYByn7Ay2Y>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeeihedgleegucetufdoteggodetrfdotf
 fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen
 uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne
 cujfgurhepfhgfhffvvefujgffkfggtgesthdtredttdertdenucfhrhhomheptfgvmhgt
 ohcuvhgrnhcukdhtucggvggvrhcuoehrvghmtghosehrvghmfihorhhkshdrnhgvtheqne
 cuggftrfgrthhtvghrnheptdduveehgfeukeejtdelvdeuudfgfeevvdefkeejffekvddt
 udfgieeuudfgueegnecuffhomhgrihhnpegtohhnthgrihhnvghrrdhinhdpughotghkvg
 hrrdgtohhmpdhgnhhurdhorhhgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghm
 pehmrghilhhfrhhomheprhgvmhgtohesrhgvmhifohhrkhhsrdhnvght
X-ME-Proxy: <xmx:4ZpnZEleWcFTz1KkJHcuLR3QBar04ypJ8Tru0-n8yLFdFjgyeS96vA>
 <xmx:4ZpnZG1_UhOcDQiLrkgda2jTu4si4uCL9guFHYwLYu-CZiZ1OJmHZw>
 <xmx:4ZpnZLvL_tdO7S2jq1Q2HkKLaIRRGfUBRlHuweROMzACkHCFy5uJkw>
 <xmx:4ZpnZEAtU5VblI6te4iZCtpF5ZihSi6Mn0JzqOpEsdOBqjkxMBIQfQ>
Feedback-ID: i7e59465b:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Fri,
 19 May 2023 11:50:56 -0400 (EDT)
References: <87ilqch79l.fsf@HIDDEN> <87mtde8mrr.fsf@HIDDEN>
 <87h73m9z3f.fsf@HIDDEN> <875ycb6n3w.fsf@HIDDEN>
User-agent: mu4e 1.10.2; emacs 28.2
From: Remco van 't Veer <remco@HIDDEN>
In-reply-to: <875ycb6n3w.fsf@HIDDEN>
Date: Fri, 19 May 2023 17:50:54 +0200
Message-ID: <878rdk8gm9.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Hi Maxim and Zimoun,

2023/02/09 13:26, Remco van 't Veer:

> I think I know what is causing the issue.  Both the "standard" mysql and
> postgres containers use user-id 999 to run the database service (this
> seems like a common practice because the redis container is configured
> similarly).  That user-id is also configured as guixbuilder01 so I guess
> the guix daemon is killing those when processes when it finishes doing
> builds.

I found a solution / workaround for this problem by using
"userns-remap".  This feature allows the remapping of uids and guids to
different ranges.  I tried it by hacking the required files into my
etc-directory and it works; guix no long kills my database containers.

I'd like to add this feature to docker-service-type having a new
configuration option named enable-userns-remap? which introduces a new
user and group (both named dockremap) to do the remapping by adding some
configurable number to the uids and guids of the running container.  In
/etc/subuid and /etc/subgid it would look like:

  dockremap:100000:65536

See https://docs.docker.com/engine/security/userns-remap/ for
documentation about this.

WDYT?

Cheers,
Remco


--
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=55358

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#55358: docker containers stopped when doing guix install or guix shell
Resent-From: Csepp <raingloom@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Fri, 19 May 2023 22:32:01 +0000
Resent-Message-ID: <handler.55358.B55358.16845354734675 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 55358
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Remco van 't Veer <remco@HIDDEN>
Cc: guix-devel@HIDDEN, 55358 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@HIDDEN>, zimoun <zimon.toutoune@HIDDEN>
Received: via spool by 55358-submit <at> debbugs.gnu.org id=B55358.16845354734675
          (code B ref 55358); Fri, 19 May 2023 22:32:01 +0000
Received: (at 55358) by debbugs.gnu.org; 19 May 2023 22:31:13 +0000
Received: from localhost ([127.0.0.1]:57573 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1q08cy-0001DL-Mq
	for submit <at> debbugs.gnu.org; Fri, 19 May 2023 18:31:13 -0400
Received: from mx0.riseup.net ([198.252.153.6]:41934)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <raingloom@HIDDEN>) id 1q08cw-0001D8-M7
 for 55358 <at> debbugs.gnu.org; Fri, 19 May 2023 18:31:11 -0400
Received: from fews02-sea.riseup.net (fews02-sea-pn.riseup.net [10.0.1.112])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "mail.riseup.net", Issuer "R3" (not verified))
 by mx0.riseup.net (Postfix) with ESMTPS id 4QNM4n0zzmz9t2P;
 Fri, 19 May 2023 22:31:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1684535465; bh=/GrahwEFf/xXU+h0QcWSRAAVoSFKlAvqnjHAXBNtNgc=;
 h=References:From:To:Cc:Subject:Date:In-reply-to:From;
 b=CkHZfHvdgzJgJz2DcA9beLB9VBXv/7n6SFIFjw9TUMdGyEA0B/qLtL+4CtVkbmcpT
 pFCalbAnq9O6b6RNm4WsPZYgiwWQ7wsx8FV6zNDcucFxvkGxdcqmERY5FySvdTylBX
 Ana65Z3Zxqgl0ONkOvvdeI9XDxA06OnGRN+Q0Zn4=
X-Riseup-User-ID: AAACF75D1959359CD356FC6D12B7D9C47D3CB43CF624C75D57AC60D846449D43
Received: from [127.0.0.1] (localhost [127.0.0.1])
 by fews02-sea.riseup.net (Postfix) with ESMTPSA id 4QNM4m1JhdzFqhy;
 Fri, 19 May 2023 22:31:03 +0000 (UTC)
References: <87ilqch79l.fsf@HIDDEN> <87mtde8mrr.fsf@HIDDEN>
 <87h73m9z3f.fsf@HIDDEN> <875ycb6n3w.fsf@HIDDEN>
 <878rdk8gm9.fsf@HIDDEN>
From: Csepp <raingloom@HIDDEN>
Date: Sat, 20 May 2023 00:29:04 +0200
In-reply-to: <878rdk8gm9.fsf@HIDDEN>
Message-ID: <87fs7st0m3.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)


Remco van 't Veer <remco@HIDDEN> writes:

> Hi Maxim and Zimoun,
>
> 2023/02/09 13:26, Remco van 't Veer:
>
>> I think I know what is causing the issue.  Both the "standard" mysql and
>> postgres containers use user-id 999 to run the database service (this
>> seems like a common practice because the redis container is configured
>> similarly).  That user-id is also configured as guixbuilder01 so I guess
>> the guix daemon is killing those when processes when it finishes doing
>> builds.
>
> I found a solution / workaround for this problem by using
> "userns-remap".  This feature allows the remapping of uids and guids to
> different ranges.  I tried it by hacking the required files into my
> etc-directory and it works; guix no long kills my database containers.
>
> I'd like to add this feature to docker-service-type having a new
> configuration option named enable-userns-remap? which introduces a new
> user and group (both named dockremap) to do the remapping by adding some
> configurable number to the uids and guids of the running container.  In
> /etc/subuid and /etc/subgid it would look like:
>
>   dockremap:100000:65536
>
> See https://docs.docker.com/engine/security/userns-remap/ for
> documentation about this.
>
> WDYT?
>
> Cheers,
> Remco

The rootless podman example that was shared a few months ago could be
relevant to this, since that also adds a subuid/subgid mapping.

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#55358: [PATCH] services: docker: Add 'enable-userns-remap?' argument.
Resent-From: Remco van 't Veer <remco@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Tue, 23 May 2023 07:50:02 +0000
Resent-Message-ID: <handler.55358.B55358.168482817524494 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 55358
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 55358 <at> debbugs.gnu.org
Cc: guix-devel@HIDDEN, Remco van 't Veer <remco@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>, zimoun <zimon.toutoune@HIDDEN>
Received: via spool by 55358-submit <at> debbugs.gnu.org id=B55358.168482817524494
          (code B ref 55358); Tue, 23 May 2023 07:50:02 +0000
Received: (at 55358) by debbugs.gnu.org; 23 May 2023 07:49:35 +0000
Received: from localhost ([127.0.0.1]:38165 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1q1Mlz-0006Mz-7u
	for submit <at> debbugs.gnu.org; Tue, 23 May 2023 03:49:35 -0400
Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:41651)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <rwv@HIDDEN>) id 1q1Mlw-0006Mm-Vf
 for 55358 <at> debbugs.gnu.org; Tue, 23 May 2023 03:49:34 -0400
Received: from compute3.internal (compute3.nyi.internal [10.202.2.43])
 by mailout.west.internal (Postfix) with ESMTP id DF052320095E;
 Tue, 23 May 2023 03:49:26 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute3.internal (MEProxy); Tue, 23 May 2023 03:49:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h=
 cc:cc:content-transfer-encoding:content-type:content-type:date
 :date:from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:sender:subject:subject:to:to; s=fm3; t=
 1684828166; x=1684914566; bh=djE70iYqcK23pNxNm74GYYh+c4Jbchp/vmh
 ela8Q/Cc=; b=d7a4AQHi1B4cZ+RlbkeMnkBFobocTevAhC4BP+YbsVPnfpsphPT
 wDDDT/6KqllDa6fow8EveIZD1cjdODMnMJwDsp+g3Wx0Mm5TzPpBD2WKl+o+j+Cu
 lcny/Dd2dEDhuDLVV4a37DoSsg1zVoLVIvtnxm6I/UJLW+eMlxDfWsMU8sc1o2hH
 XqC0ENXoGLEq8TYkv384+zLpfh3qAwJEBtSgKsoYzY+qB5LXLklQirCy75xE00gN
 kj3LZkXpL+t4EepvL/WzSXAN/fI1uOvtCrNtA06N6Kdg4vuRh/8vbERp4iRoF9lS
 VbG5YkoEy4HW5U842ujcnb0Nv3oqwgY1JXg==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-transfer-encoding
 :content-type:content-type:date:date:feedback-id:feedback-id
 :from:from:in-reply-to:in-reply-to:message-id:mime-version
 :references:reply-to:sender:subject:subject:to:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; t=
 1684828166; x=1684914566; bh=djE70iYqcK23pNxNm74GYYh+c4Jbchp/vmh
 ela8Q/Cc=; b=xC61PPk8FyHRcbsSOm5l7QNPzlu0Dd19mexfyhAcPbIt0REiW5A
 AGBBwQdGdz8PCbsd7iUiEhtbchzSVBy3NkXuoLukxzYEeSzQgAADkKAD+sjadlKo
 BuQtF7OvELcxk6opJYn0adDKPSYGLvSzv5uz71VCljnsTgOFG/+ROozBNzB0DiKw
 IBEefDErLe8p2OZOYI4pNivKRbdj7MKqVHYCeadxxayq4Ji0/xuSOhUrVrmhaPXm
 0XlKNh+wQxv1m8fn0qz1ikKQ1HxqRO8pQ32sU6Dk91HyuEwgKMOopDTYFRh+UHfR
 lxJkSfHAnqxwwx71TiG4sZoIWULQuhNOaCQ==
X-ME-Sender: <xms:BnBsZEMbz6lop7np4JyxrQvJ18_AxiAzZcLz8e0ywuKDHntGZzJbAw>
 <xme:BnBsZK_pZuMO_3AYvushjMn5xYpHiiQgxe9gppx225T6AHVFt6l2aFDyJCKhdyvQ0
 dwcnBah-VuvF7WpwQ>
X-ME-Received: <xmr:BnBsZLQReW-JAkivIjSBode_mrCUOL7ITnjF2XUkSJ8my0bLOPWH85Ie2w9XxJxI5BOQUYxTopUaJsDru7oQic7xqKWkzA>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeejvddguddvhecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
 enucfjughrpefhvfevufffkffojghfgggtgfesthekredtredtjeenucfhrhhomheptfgv
 mhgtohcuvhgrnhcukdhtucggvggvrhcuoehrvghmtghosehrvghmfihorhhkshdrnhgvth
 eqnecuggftrfgrthhtvghrnhephfetueelgefgvdefledvleekheegtdevgeeljeeihefg
 hefhtdeukeduhedvveffnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrg
 hilhhfrhhomheprhifvhesfhgrshhtmhgrihhlrdgtohhm
X-ME-Proxy: <xmx:BnBsZMutR-uBUJ7o0HhilxMNMkkiWyZQFJOi1OWFv8db-KgUd8fRuA>
 <xmx:BnBsZMclERFUPPcXB-GumixHz-ZuJyoE6gQ4MPsCnvtNoLEwwvtrIg>
 <xmx:BnBsZA18mJL4PTYSOkq26oRgSImiklTAseqsHUtR9foRghlDl53Jpg>
 <xmx:BnBsZE52PYFcz5JHPcqeoXtqreOzGPk70sfb6HkPAc5kJwpllWzoBw>
Feedback-ID: i7e59465b:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 23 May 2023 03:49:25 -0400 (EDT)
From: Remco van 't Veer <remco@HIDDEN>
Date: Tue, 23 May 2023 09:49:21 +0200
Message-Id: <de9934e88bf492bc64bd6db330646290eff4fd75.1684828084.git.remco@HIDDEN>
X-Mailer: git-send-email 2.40.1
In-Reply-To: <878rdk8gm9.fsf@HIDDEN>
References: <878rdk8gm9.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.5 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.5 (-)

* gnu/services/docker.scm (docker-configuration): Define the argument.
* gnu/services/docker.scm (docker-shepherd-service): Use it.
* doc/guix.texi (Docker Service): Document it.
---
 doc/guix.texi           | 27 ++++++++++++++++++++++++++-
 gnu/services/docker.scm | 28 +++++++++++++++++++++++++++-
 2 files changed, 53 insertions(+), 2 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index f4cca66d76..ae185ced61 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -100,7 +100,7 @@
 Copyright @copyright{} 2021 muradm@*
 Copyright @copyright{} 2021, 2022 Andrew Tropin@*
 Copyright @copyright{} 2021 Sarah Morgensen@*
-Copyright @copyright{} 2022 Remco van 't Veer@*
+Copyright @copyright{} 2022, 2023 Remco van 't Veer@*
 Copyright @copyright{} 2022 Aleksandr Vityazev@*
 Copyright @copyright{} 2022 Philip M@sup{c}Grath@*
 Copyright @copyright{} 2022 Karl Hallsby@*
@@ -38533,6 +38533,31 @@ Miscellaneous Services
 @item @code{enable-iptables?} (default @code{#t})
 Enable or disable the addition of iptables rules.
 
+@item @code{enable-userns-remap?} (default @code{#f})
+Enable remapping and subordinate user and group IDs.
+
+A system user account named @code{dockremap} and user group named
+@code{dockremap} will be created.  They must be mapped using the
+@file{/etc/subuid} and @file{/etc/subguid} files otherwise docker fail
+to startup.
+
+Here's an example service to setup both files:
+
+@lisp
+(simple-service
+   'subuid-subgid etc-service-type
+   (list `("subuid"
+           ,(plain-file "subuid"
+                        "dockremap:65536:65536\n"))
+         `("subgid"
+           ,(plain-file "subgid"
+                        "dockremap:65536:65536\n"))))
+@end lisp
+
+The above will remap to UID 0 (root) to 65536, UID 1 to 65537 etc.  For
+more information regarding the format of these files, consult
+@command{man 5 subuid} and @command{man 5 subgid}.
+
 @item @code{environment-variables} (default: @code{()})
 List of environment variables to set for @command{dockerd}.
 
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 741bab5a8c..e138a6be7e 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -5,6 +5,7 @@
 ;;; Copyright © 2020 Efraim Flashner <efraim@HIDDEN>
 ;;; Copyright © 2020 Jesse Dowell <jessedowell@HIDDEN>
 ;;; Copyright © 2021 Brice Waegeneire <brice@HIDDEN>
+;;; Copyright © 2023 Remco van 't Veer <remco@HIDDEN>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -29,6 +30,7 @@ (define-module (gnu services docker)
   #:use-module (gnu services shepherd)
   #:use-module (gnu system setuid)
   #:use-module (gnu system shadow)
+  #:use-module (gnu packages admin)
   #:use-module (gnu packages docker)
   #:use-module (gnu packages linux)               ;singularity
   #:use-module (guix records)
@@ -62,6 +64,9 @@ (define-configuration docker-configuration
   (enable-iptables?
    (boolean #t)
    "Enable addition of iptables rules (enabled by default).")
+  (enable-userns-remap?
+   (boolean #f)
+   "Enable remapping and subordinate user and group IDs (disabled by default).")
   (environment-variables
    (list '())
    "Environment variables to set for dockerd")
@@ -107,6 +112,7 @@ (define (docker-shepherd-service config)
   (let* ((docker (docker-configuration-docker config))
          (enable-proxy? (docker-configuration-enable-proxy? config))
          (enable-iptables? (docker-configuration-enable-iptables? config))
+         (enable-userns-remap? (docker-configuration-enable-userns-remap? config))
          (environment-variables (docker-configuration-environment-variables config))
          (proxy (docker-configuration-proxy config))
          (debug? (docker-configuration-debug? config)))
@@ -135,6 +141,9 @@ (define (docker-shepherd-service config)
                                         #~(string-append
                                            "--userland-proxy-path=" #$proxy "/bin/proxy"))
                                   '("--userland-proxy=false"))
+                           #$@(if enable-userns-remap?
+                                  '("--userns-remap=dockremap")
+                                  '())
                            (if #$enable-iptables?
                                "--iptables"
                                "--iptables=false")
@@ -145,6 +154,18 @@ (define (docker-shepherd-service config)
                      #:log-file "/var/log/docker.log"))
            (stop #~(make-kill-destructor)))))
 
+(define %docker-remap-user-group
+  (user-group (name "dockremap")
+              (system? #t)))
+
+(define %docker-remap-user-account
+  (user-account (name "dockremap")
+                (group "dockremap")
+                (system? #t)
+                (comment "Docker user namespace remap user")
+                (home-directory "/var/empty")
+                (shell (file-append shadow "/sbin/nologin"))))
+
 (define docker-service-type
   (service-type (name 'docker)
                 (description "Provide capability to run Docker application
@@ -161,7 +182,12 @@ (define docker-service-type
                                        (list (containerd-shepherd-service config)
                                              (docker-shepherd-service config))))
                   (service-extension account-service-type
-                                     (const %docker-accounts))))
+                                     (lambda (config)
+                                       (if (docker-configuration-enable-userns-remap? config)
+                                           (cons* %docker-remap-user-group
+                                                  %docker-remap-user-account
+                                                  %docker-accounts)
+                                           %docker-accounts)))))
                 (default-value (docker-configuration))))
 
 

base-commit: 849286ba66c96534bddc04df1a47d5692cbc977e
-- 
2.40.1

Message sent to bug-guix@HIDDEN:


X-Loop: help-debbugs@HIDDEN
Subject: bug#55358: docker containers stopped when doing guix install or guix shell
Resent-From: Remco van 't Veer <remco@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Tue, 23 May 2023 07:54:02 +0000
Resent-Message-ID: <handler.55358.B55358.168482842624948 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 55358
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: Csepp <raingloom@HIDDEN>
Cc: guix-devel@HIDDEN, 55358 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@HIDDEN>, zimoun <zimon.toutoune@HIDDEN>
Received: via spool by 55358-submit <at> debbugs.gnu.org id=B55358.168482842624948
          (code B ref 55358); Tue, 23 May 2023 07:54:02 +0000
Received: (at 55358) by debbugs.gnu.org; 23 May 2023 07:53:46 +0000
Received: from localhost ([127.0.0.1]:38178 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1q1Mq1-0006UK-IC
	for submit <at> debbugs.gnu.org; Tue, 23 May 2023 03:53:45 -0400
Received: from wout4-smtp.messagingengine.com ([64.147.123.20]:43499)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <remco@HIDDEN>) id 1q1Mpz-0006Ty-SY
 for 55358 <at> debbugs.gnu.org; Tue, 23 May 2023 03:53:44 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
 by mailout.west.internal (Postfix) with ESMTP id 0FD12320076F;
 Tue, 23 May 2023 03:53:37 -0400 (EDT)
Received: from mailfrontend1 ([10.202.2.162])
 by compute5.internal (MEProxy); Tue, 23 May 2023 03:53:38 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=remworks.net; h=
 cc:cc:content-type:content-type:date:date:from:from:in-reply-to
 :in-reply-to:message-id:mime-version:references:reply-to:sender
 :subject:subject:to:to; s=fm3; t=1684828417; x=1684914817; bh=qn
 n5+u/AEjmvu/91LfjbP81A1jDf5rTKDef1YZG0aco=; b=F/PcOrRmE8U/5v6IRj
 /1Z62C2P9BreRkShjVryNxROyO02xdRIPaJH9EVYv3lY6bZtFK4cINZAb/leDCZX
 EC2fOzKa0QgAkU5egRWWv9navgf67j+bF7mtDyp+Osu2bVye93pro9fRfEcawGiF
 VO+39Pw18B1PXmmHRLeSzamPb26ycUCTUplcPYUfniq+Pv1dYkRJFouPEhrGVg4F
 N7nTacJTcEtSwtgtsOIDwm4/oeZ57FjpdRxQa9S7VDRR1Sjy1iZqna7PvEjMU0NR
 1VbLvEqRP8LqSgB5WtgNsm+6fVmZ1cli0GWzM/Lbl8u1jlTzMn7F11gkqeQW9qhy
 u4KQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:cc:content-type:content-type:date:date
 :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to
 :message-id:mime-version:references:reply-to:sender:subject
 :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender
 :x-sasl-enc; s=fm1; t=1684828417; x=1684914817; bh=qnn5+u/AEjmvu
 /91LfjbP81A1jDf5rTKDef1YZG0aco=; b=CADWn+iOhPCnrE7RE5GIo++z7JiuF
 yC+8cd+f95EovXx8yGsFD2wkEbQok+ug2Lih3X+lh9DubQ4IkTs9ZZO8IYFPzEnQ
 lgHM5FphD0f6M4saEHU+jWt9BxVlI/JBkgaH8sp66s2btpFEHnC6lf0lZRjBeZaz
 Grk9A3clBoujEoLg8JsRiq8g7lOTLENgUKdElMGBRYXmCPFpGwYIZ0DwMvSk55G/
 WSxva+AAaojvrSMI+12lWetfHeEedhFlm4W2AdaKkwG+a6bKhoMfalyWaBvwh2Bu
 zU2seRJbNVO/DOVkwHtKDGVCaNNKo4NP17RGFfoxL7u+OHZFygJZqYeMA==
X-ME-Sender: <xms:AXFsZItMn2PN7S7Q9Tznf_OoqwsWAVTLZPtlB_-nzB-EbpNdeYKEMA>
 <xme:AXFsZFeVsuvNJL0H3gRU5gJn5tc9d8BPDo9w4NqiYlOKn_W5QGAUcZJlpEzVYbtkC
 8L-EgJlSKXInFhIPA>
X-ME-Received: <xmr:AXFsZDwYyuKyP0rprrLPaEL8Cbn2totH0iqUbiD_YnsfVFGynZlgfT3t95ikOp27e46AP43V9ui8QftbdbXQtXQUAQAtNMxP-FoTqzBytWo>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrfeejvddguddvjecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
 enucfjughrpehffgfhvfevufgjfffkgggtsehttdertddtredtnecuhfhrohhmpeftvghm
 tghouchvrghnucdkthcugggvvghruceorhgvmhgtohesrhgvmhifohhrkhhsrdhnvghtqe
 enucggtffrrghtthgvrhhnpedtudevhefgueekjedtledvuedugfefvedvfeekjeffkedv
 tddugfeiuedugfeugeenucffohhmrghinheptghonhhtrghinhgvrhdrihhnpdguohgtkh
 gvrhdrtghomhdpghhnuhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgr
 mhepmhgrihhlfhhrohhmpehrvghmtghosehrvghmfihorhhkshdrnhgvth
X-ME-Proxy: <xmx:AXFsZLOlBcY2EzDqO0SpzQAIKkFdFB_6BhxPqxiyU_FuTdooQkbXGA>
 <xmx:AXFsZI8jjpqDk8qpO9_na4uCj4-K0dOVVH7MYrcpWgSws0L5UoGbMw>
 <xmx:AXFsZDU6Ms3iLU01pPtlUmPl_CqBOs1cQk5hlMQ3_AMxpHp6ccPdvQ>
 <xmx:AXFsZHbR8d-If4XMYpr7vkIsyWrGqUQiVxFPE9zGUGDkf1v6UVJUsw>
Feedback-ID: i7e59465b:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 23 May 2023 03:53:36 -0400 (EDT)
References: <87ilqch79l.fsf@HIDDEN> <87mtde8mrr.fsf@HIDDEN>
 <87h73m9z3f.fsf@HIDDEN> <875ycb6n3w.fsf@HIDDEN>
 <878rdk8gm9.fsf@HIDDEN> <87fs7st0m3.fsf@HIDDEN>
User-agent: mu4e 1.10.2; emacs 28.2
From: Remco van 't Veer <remco@HIDDEN>
In-reply-to: <87fs7st0m3.fsf@HIDDEN>
Date: Tue, 23 May 2023 09:53:35 +0200
Message-ID: <87ilcjmqkg.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-Spam-Score: -0.7 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.7 (-)

Hi Csepp,

2023/05/20 00:29, Csepp:

> Remco van 't Veer <remco@HIDDEN> writes:
>
>> Hi Maxim and Zimoun,
>>
>> 2023/02/09 13:26, Remco van 't Veer:
>>
>>> I think I know what is causing the issue.  Both the "standard" mysql and
>>> postgres containers use user-id 999 to run the database service (this
>>> seems like a common practice because the redis container is configured
>>> similarly).  That user-id is also configured as guixbuilder01 so I guess
>>> the guix daemon is killing those when processes when it finishes doing
>>> builds.
>>
>> I found a solution / workaround for this problem by using
>> "userns-remap".  This feature allows the remapping of uids and guids to
>> different ranges.  I tried it by hacking the required files into my
>> etc-directory and it works; guix no long kills my database containers.
>>
>> I'd like to add this feature to docker-service-type having a new
>> configuration option named enable-userns-remap? which introduces a new
>> user and group (both named dockremap) to do the remapping by adding some
>> configurable number to the uids and guids of the running container.  In
>> /etc/subuid and /etc/subgid it would look like:
>>
>>   dockremap:100000:65536
>>
>> See https://docs.docker.com/engine/security/userns-remap/ for
>> documentation about this.
>>
>> WDYT?
>>
>> Cheers,
>> Remco
>
> The rootless podman example that was shared a few months ago could be
> relevant to this, since that also adds a subuid/subgid mapping.

Thanks!  Borrowed that.

For future reference:

  https://lists.gnu.org/archive/html/guix-devel/2023-03/msg00176.html

Cheers,
Remco
Last modified: Tue, 23 May 2023 08:00:02 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.