GNU bug report logs -
#59185
Trouble mounting recursive file systems in containers
Previous Next
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 59185 in the body.
You can then email your comments to 59185 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#59185; Package
guix.
(Thu, 10 Nov 2022 22:41:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Morgan Smith <Morgan.J.Smith <at> outlook.com>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Thu, 10 Nov 2022 22:41:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Hello!
So I was trying to mount /run/user/1000 in a container so it would have
access to all my wayland sockets and such when I got a very cryptic
error message.
I was trying something like this:
guix shell --share=/run/user/1000 -C coreutils
After far too long tracking down the issue, it turns out that the
directory had submounts within it meaning that the MS_REC flag is
required to bind mount it.
My /run/user/1000 only had a submount because xdg-document-portal was
making one. To test this yourself you can run `mount` to find something
with some submounts. I think /sys/fs might fail for me for the same
reason.
Now I have no clue what we should do to enable this use case. Maybe we
should allow users to specify mount options using something like this?
guix shell -C --mount=rbind,ro=/run/user/1000
Maybe we could always bind with the recursive flag?
Thanks,
Morgan
Information forwarded
to
bug-guix <at> gnu.org:
bug#59185; Package
guix.
(Sat, 19 Nov 2022 22:25:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 59185 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Morgan,
yes, mounting with MS_REC seems sensible. Not mounting with MS_REC is
also responsible for a couple of errors e.g. when trying to map / inside
the container (when / has other bind mounts).
Here’s a patch that works for me:
[0001-WIP.patch (text/x-patch, inline)]
From 806969ad86038052bf4d0dd2755617beaaa33cb6 Mon Sep 17 00:00:00 2001
From: Ricardo Wurmus <rekado <at> elephly.net>
Date: Sat, 19 Nov 2022 23:16:52 +0100
Subject: [PATCH] WIP
---
gnu/build/file-systems.scm | 2 +-
guix/build/syscalls.scm | 2 ++
2 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index 15b8f73312..66ca22d6ea 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -1127,7 +1127,7 @@ (define (mount-flags->bit-mask flags)
(('read-only rest ...)
(logior MS_RDONLY (loop rest)))
(('bind-mount rest ...)
- (logior MS_BIND (loop rest)))
+ (logior MS_REC (logior MS_BIND (loop rest))))
(('no-suid rest ...)
(logior MS_NOSUID (loop rest)))
(('no-dev rest ...)
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 61926beb80..2a12567b15 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -51,6 +51,7 @@ (define-module (guix build syscalls)
MS_RELATIME
MS_BIND
MS_MOVE
+ MS_REC
MS_SHARED
MS_LAZYTIME
MNT_FORCE
@@ -541,6 +542,7 @@ (define MS_NOATIME 1024)
(define MS_NODIRATIME 2048)
(define MS_BIND 4096)
(define MS_MOVE 8192)
+(define MS_REC 16384)
(define MS_SHARED 1048576)
(define MS_RELATIME 2097152)
(define MS_STRICTATIME 16777216)
--
2.36.1
[Message part 3 (text/plain, inline)]
--
Ricardo
Information forwarded
to
bug-guix <at> gnu.org:
bug#59185; Package
guix.
(Sat, 19 Nov 2022 22:30:02 GMT)
Full text and
rfc822 format available.
Message #11 received at 59185 <at> debbugs.gnu.org (full text, mbox):
Hi,
Ricardo Wurmus <rekado <at> elephly.net> skribis:
> yes, mounting with MS_REC seems sensible. Not mounting with MS_REC is
> also responsible for a couple of errors e.g. when trying to map / inside
> the container (when / has other bind mounts).
Having reread mount(2), bind-mounting with MS_REC by default seems like
a reasonable choice, indeed.
Ludo’.
Reply sent
to
Ricardo Wurmus <rekado <at> elephly.net>:
You have taken responsibility.
(Sun, 20 Nov 2022 20:37:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Morgan Smith <Morgan.J.Smith <at> outlook.com>:
bug acknowledged by developer.
(Sun, 20 Nov 2022 20:37:02 GMT)
Full text and
rfc822 format available.
Message #16 received at 59185-done <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> writes:
> Ricardo Wurmus <rekado <at> elephly.net> skribis:
>
>> yes, mounting with MS_REC seems sensible. Not mounting with MS_REC is
>> also responsible for a couple of errors e.g. when trying to map / inside
>> the container (when / has other bind mounts).
>
> Having reread mount(2), bind-mounting with MS_REC by default seems like
> a reasonable choice, indeed.
Great. I’ve pushed this with commit c585b4bc68813a351d6a87d19b9adf4041506355.
--
Ricardo
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 19 Dec 2022 12:24:12 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 year and 127 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.