Ludovic Courtès <ludo@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.Received: (at 61690) by debbugs.gnu.org; 2 Mar 2023 17:33:21 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 02 12:33:20 2023 Received: from localhost ([127.0.0.1]:58313 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pXmnw-0007rO-Kx for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 12:33:20 -0500 Received: from jpoiret.xyz ([206.189.101.64]:39340) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <dev@HIDDEN>) id 1pXmnv-0007rF-7h for 61690 <at> debbugs.gnu.org; Thu, 02 Mar 2023 12:33:19 -0500 Received: from authenticated-user (jpoiret.xyz [206.189.101.64]) by jpoiret.xyz (Postfix) with ESMTPA id 8763E184CE0; Thu, 2 Mar 2023 17:33:17 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim; t=1677778397; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=yrxbTy6RHJgM3HBs2HuiMgbfjSNl3i2W+nku6qS6hAo=; b=IHccDRiRwHsWZbTE3P9vljhiTb+HZ9FWHlP/Lecwo+WoKS/zpjxnFg9/AhZ/yqYYqTnrdI IkHv9bI1KkWP/mAUczhkre4CBWyusNYSzoFH26lSmC5Vs5/S7iN8d28EjiZBNhdG5noPL1 6eWCGG1EoTCZbjVbJIepNr1gTIpJkpBI1kza1WguKKfG+/1T3HsQHtVaR3VamwwJ7TKjBn 9mejOwVuCgqGfSk+sbtYtEr9BIJMkt8PFGnjmok1azsKFJSWOGCgsgyn5EtmLnfC14o16Z jQinJO2mi9Tx+VQFSM9+Hk1G/VvRdkxYEzznleD/Ui3SrymbZdFXTmZnMSImDw== From: Josselin Poiret <dev@HIDDEN> To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN> Subject: Re: bug#61690: Failure to mount /sys in nested =?utf-8?B?4oCYZ3Vp?= =?utf-8?B?eCBzaGVsbOKAmQ==?= container In-Reply-To: <87wn3z3wp7.fsf@HIDDEN> References: <87v8jud4e7.fsf@HIDDEN> <878rgflbqb.fsf@HIDDEN> <87wn3z3wp7.fsf@HIDDEN> Date: Thu, 02 Mar 2023 18:32:55 +0100 Message-ID: <875ybjrrco.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Authentication-Results: jpoiret.xyz; auth=pass smtp.auth=jpoiret@HIDDEN smtp.mailfrom=dev@HIDDEN X-Spamd-Bar: -- X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 61690 Cc: 61690 <at> debbugs.gnu.org, Konrad Hinsen <konrad.hinsen@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.0 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Ludo, Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes: > Maybe we could, but I must confess I=E2=80=99m totally clueless on this v= eth > thing. :-) > > What would this entail? Hopefully guile-netlink can help? So, a veth (Virtual Ethernet) device is basically a pipe but for network devices: they're created in pairs, and any packet going through one end is instantly received on the other end. You can then transmit packets between network namespaces. One problem that totally slipped by me is that you need to be root to create a veth device in the original namespace... Rootless containers use slirp4netns, which is basically a userspace TCP/IP stack communicating with a special network device in the new namespace (over which you have complete rights). The situation might thus be a bit more complicated, since we'd need another library/program as a dependency to achieve this. I guess there's no best solution for now then :/ Best, =2D-=20 Josselin Poiret --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQHEBAEBCAAuFiEEOSSM2EHGPMM23K8vUF5AuRYXGooFAmQA3ccQHGRldkBqcG9p cmV0Lnh5egAKCRBQXkC5FhcaikBkC/9eVZ5ipnTG8X//aP+lNFZaz4vpHhQfzkZ8 5TO2T1uJah7fAFbLLTT99fr6TyjkrbjDfoPpJbXmVhbwvYxxTorLVCRG6rVIuxFs s90DalQLdecjD4+IPOvSWoTAlCHZIqQSgxcsuC6YUVTUrLEsy6TMDkRrKpH2DJT9 yB6lV7+dbMqFYhpUMYM9cvIqHLFH9fkPnYT+53zMF+etkgIV2ikAoAV41kV77JeO Q/DCJ0Im1aTR3La4gjcX57fdhQW3/sXBUjrQdvlxbkROvqRQ7un1wEvVbWVAmZvd j/ZuT0yRXAzn0NlH6mWC0Wykv/2BLP9xU/ADZpVONoLnL2zsAj9EZs/akp5l7v8Z UL1lSHYdmntDUUhcgvBmMmvTJyzzUoPrKurNeyWYJJ0Fl79ZAiqmhs3kktU6f66x m48rLFPGnDsCeKkoQz6Rz9BBn/ZtIS8HQoFpfmr9+LAhAgS4d9r27yDzW3iOMZwE Km+wvCjqDBLVnJ/GLh4Lr50B7ticGvE= =5lBa -----END PGP SIGNATURE----- --=-=-=--
bug-guix@HIDDEN:bug#61690; Package guix.
Full text available.Received: (at 61690) by debbugs.gnu.org; 2 Mar 2023 17:11:25 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 02 12:11:25 2023 Received: from localhost ([127.0.0.1]:58283 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pXmSj-0007Hd-FZ for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 12:11:25 -0500 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:14354) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludovic.courtes@HIDDEN>) id 1pXmSh-0007HO-UE for 61690 <at> debbugs.gnu.org; Thu, 02 Mar 2023 12:11:24 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=from:to:cc:subject:references:date:in-reply-to: message-id:mime-version:content-transfer-encoding; bh=+jU4Oe9iwaIMCIe2HeFGr0HLpemqSyk/t2aOjPp4IIc=; b=epiuyBgvMT1CWcjU44SLCHHQbLcGktGvzykhqqQYVLEnHNuJCNl6GrcM SVBxIuDXZIX/xF6hHZ3UXUhHMZOvKwAluxMcB5Cmi9NGJgZ3ZCCyaVuJb jTWzbOJOTY0u0IVhTbrjvD/uwV0l2bSUQTQNW8g6GqAVfVl9yAN2BtYQq Q=; Authentication-Results: mail2-relais-roc.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=ludovic.courtes@HIDDEN; dmarc=fail (p=none dis=none) d=inria.fr X-IronPort-AV: E=Sophos;i="5.98,228,1673910000"; d="scan'208";a="95152043" Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Mar 2023 18:11:15 +0100 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN> To: Josselin Poiret <dev@HIDDEN> Subject: Re: bug#61690: Failure to mount /sys in nested =?utf-8?B?4oCYZ3Vp?= =?utf-8?B?eCBzaGVsbOKAmQ==?= container References: <87v8jud4e7.fsf@HIDDEN> <878rgflbqb.fsf@HIDDEN> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: Duodi 12 =?utf-8?Q?Vent=C3=B4se?= an 231 de la =?utf-8?Q?R=C3=A9volution=2C?= jour de l'Orme X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 02 Mar 2023 18:11:16 +0100 In-Reply-To: <878rgflbqb.fsf@HIDDEN> (Josselin Poiret's message of "Thu, 02 Mar 2023 10:54:36 +0100") Message-ID: <87wn3z3wp7.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 61690 Cc: 61690 <at> debbugs.gnu.org, Konrad Hinsen <konrad.hinsen@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi Josselin, Josselin Poiret <dev@HIDDEN> skribis: > Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes: > >> The reason for this bug seems to be given here: >> >> https://github.com/nestybox/sysbox/issues/67#issuecomment-726285026 >> >> It=E2=80=99s not clear whether there=E2=80=99s anything we can do, other= than >> recommending =E2=80=98-CN=E2=80=99 as well in the nested container. > > Couldn't we always create a new network namespace, but when -N is passed > it also has a veth interface? The one problem I can think of is that > we'd need to either create one veth per interface in the parent > namespace or let the user specify which interface should be shared. Maybe we could, but I must confess I=E2=80=99m totally clueless on this veth thing. :-) What would this entail? Hopefully guile-netlink can help? Thanks, Ludo=E2=80=99.
bug-guix@HIDDEN:bug#61690; Package guix.
Full text available.Received: (at 61690) by debbugs.gnu.org; 2 Mar 2023 09:54:44 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 02 04:54:43 2023 Received: from localhost ([127.0.0.1]:55824 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pXfe7-0008Lq-Jr for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 04:54:43 -0500 Received: from jpoiret.xyz ([206.189.101.64]:38836) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <dev@HIDDEN>) id 1pXfe6-0008Lh-Bn for 61690 <at> debbugs.gnu.org; Thu, 02 Mar 2023 04:54:42 -0500 Received: from authenticated-user (jpoiret.xyz [206.189.101.64]) by jpoiret.xyz (Postfix) with ESMTPA id 78C06184F03; Thu, 2 Mar 2023 09:54:40 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim; t=1677750880; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=KmGzoQIkqkdVQFpMLzdJRGbpKYs3TfgzvQSqJAS5WtM=; b=FvabOWFLfQEH+qln89XxHgODdxqRorp4oRD9dsIhycaeBQz+SIptrfqtS3EUou5WrEXF+8 nSeDnq3kLzBuToF7kqn1BvljLBK9+aA6lVxmfB4YNleZiwr9qSeWF3aipxpNOoExvZz0Bz ktWgG32uCDuPRE7u4JBLvj/rXI50SFJweR8aJ57iXUQOuDcidsxb9VxE3qotg/gLlQnjqO +xGH2oE3OqqsxvRe1qpDOHSwYfAuTYxx/Jua4IRwrLPc8pHBtfZLSa6QiAjKq7pS78dUF3 RsqWKJRNBn+8r9ukeGDoRVqaw3zNPJwirB2yOq0qDXGaEJxTgMb/84+IUuTi0w== From: Josselin Poiret <dev@HIDDEN> To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>, 61690 <at> debbugs.gnu.org Subject: Re: bug#61690: Failure to mount /sys in nested =?utf-8?B?4oCYZ3Vp?= =?utf-8?B?eCBzaGVsbOKAmQ==?= container In-Reply-To: <87v8jud4e7.fsf@HIDDEN> References: <87v8jud4e7.fsf@HIDDEN> Date: Thu, 02 Mar 2023 10:54:36 +0100 Message-ID: <878rgflbqb.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" Authentication-Results: jpoiret.xyz; auth=pass smtp.auth=jpoiret@HIDDEN smtp.mailfrom=dev@HIDDEN X-Spamd-Bar: -- X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 61690 Cc: Konrad Hinsen <konrad.hinsen@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: 0.0 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi Ludo, Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes: > The reason for this bug seems to be given here: > > https://github.com/nestybox/sysbox/issues/67#issuecomment-726285026 > > It=E2=80=99s not clear whether there=E2=80=99s anything we can do, other = than > recommending =E2=80=98-CN=E2=80=99 as well in the nested container. Couldn't we always create a new network namespace, but when -N is passed it also has a veth interface? The one problem I can think of is that we'd need to either create one veth per interface in the parent namespace or let the user specify which interface should be shared. Best, =2D-=20 Josselin Poiret --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQHEBAEBCAAuFiEEOSSM2EHGPMM23K8vUF5AuRYXGooFAmQAclwQHGRldkBqcG9p cmV0Lnh5egAKCRBQXkC5FhcaivbVC/9ZQQeNLZa1vxoFQ/zTIeQALu7By92JqUOU fuK8OdcBiY+B4+ztLZt+8fQH5HdLv8RSsPkB/90qeHbXTX0f3rpa9QNIcC3rXh7Z umDZPYTdxW3us5ZIHFVz2Pb0ITL5LKcAbd1k4C8sJlW4hGqzssmxKurIoJhrcefT rRZxOBGUjuY4Jaf7C6gMDaOArkWDssMal7ebPKPdgkX5SXP77v/4sdt/wTqloqDP aPfFOVY/aks75DPmiOAaZCOeRKNtJFJWvR2VrJS38YjVqjjeOabbNbioV+YnFe78 IA2lmx42PwJ5Nx3Kbo4judmPLSDf95wsK0R9eDeT07CSy+MeHxZvrKZudA6+p9xK XQmsF+Gp6FNMKwXARJWX91PSopGDBMumou4Ivrj26NIPChSYh5LfE8O1p9ZX7TQs JgEKzSJdQH14E0kGsx5WSxcKRSsIovGEnyKwQFI34kWhPaEGedOaB2VzQlUU3g2O 9o2+yjACjOGsC15jgogTIHOJ1o/HB4U= =J2CF -----END PGP SIGNATURE----- --=-=-=--
bug-guix@HIDDEN:bug#61690; Package guix.
Full text available.
Received: (at submit) by debbugs.gnu.org; 21 Feb 2023 22:45:31 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Feb 21 17:45:31 2023
Received: from localhost ([127.0.0.1]:57433 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pUbO7-0008Cq-4l
for submit <at> debbugs.gnu.org; Tue, 21 Feb 2023 17:45:31 -0500
Received: from lists.gnu.org ([209.51.188.17]:56844)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1pUbO5-0008Ch-MW
for submit <at> debbugs.gnu.org; Tue, 21 Feb 2023 17:45:30 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludovic.courtes@HIDDEN>)
id 1pUbO5-0004O9-GU
for bug-guix@HIDDEN; Tue, 21 Feb 2023 17:45:29 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludovic.courtes@HIDDEN>)
id 1pUbO2-0002gy-KL
for bug-guix@HIDDEN; Tue, 21 Feb 2023 17:45:29 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc;
h=from:to:subject:date:message-id:mime-version:
content-transfer-encoding;
bh=I5K1diRR4J7ZhR0xDq1QCFfBoHIwCrqfmCmDFRy6pEA=;
b=XyZkCDtxG/GiW8NHoI+mI2h+Nz12Uq2ZoRaTGkXTT4oknBFc4q94b+21
zyi9uLOf7o1PmAFf/bFyRus196wWUz7V70GO9i8+AtMCOtzoI/hE/kko6
9qIGAzpQqZ5PXMw9xQYIa8zpO2ufQtlPSZkkFIIjfM6n6olGbS5AHI5Db c=;
Authentication-Results: mail3-relais-sop.national.inria.fr;
dkim=none (message not signed) header.i=none;
spf=SoftFail smtp.mailfrom=ludovic.courtes@HIDDEN;
dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="5.97,317,1669071600"; d="scan'208";a="48312903"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
by mail3-relais-sop.national.inria.fr with
ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Feb 2023 23:45:21 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: bug-guix@HIDDEN
Subject: Failure to mount /sys in nested =?utf-8?B?4oCYZ3VpeCBzaGVsbA==?=
=?utf-8?B?4oCZ?= container
X-Debbugs-Cc: Konrad Hinsen <konrad.hinsen@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: Tridi 3 =?utf-8?Q?Vent=C3=B4se?= an 231 de la
=?utf-8?Q?R=C3=A9volution=2C?= jour du Violier
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Tue, 21 Feb 2023 23:45:20 +0100
Message-ID: <87v8jud4e7.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=192.134.164.104;
envelope-from=ludovic.courtes@HIDDEN;
helo=mail3-relais-sop.national.inria.fr
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
Hi!
As reported by Konrad=C2=B9, nested =E2=80=98guix shell -C=E2=80=99 fails:
--8<---------------cut here---------------start------------->8---
$ guix shell -CN guix \
--expose=3D/var/guix/daemon-socket/socket \
--expose=3D/gnu/store \
-- guix shell -C coreutils -- ls /
guix shell: error: mount: mount "none" on "/tmp/guix-directory.xO3FIx/sys":=
Operation not permitted
--8<---------------cut here---------------end--------------->8---
Strace shows this:
--8<---------------cut here---------------start------------->8---
17541 clone(child_stack=3DNULL, flags=3DCLONE_NEWNS|CLONE_NEWCGROUP|CLONE_N=
EWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) =3D 7
[=E2=80=A6]
17551 mount("none", "/tmp/guix-directory.d6rKy1", "tmpfs", 0, NULL) =3D 0
17551 mkdir("/tmp", 0777) =3D -1 EEXIST (File exists)
17551 mkdir("/tmp/guix-directory.d6rKy1", 0777) =3D -1 EEXIST (File exists)
17551 mkdir("/tmp/guix-directory.d6rKy1/proc", 0777) =3D 0
17551 mount("none", "/tmp/guix-directory.d6rKy1/proc", "proc", MS_NOSUID|MS=
_NODEV|MS_NOEXEC, NULL) =3D 0
17551 mkdir("/tmp", 0777) =3D -1 EEXIST (File exists)
17551 mkdir("/tmp/guix-directory.d6rKy1", 0777) =3D -1 EEXIST (File exists)
17551 mkdir("/tmp/guix-directory.d6rKy1/sys", 0777) =3D 0
17551 mount("none", "/tmp/guix-directory.d6rKy1/sys", "sysfs", MS_RDONLY|MS=
_NOSUID|MS_NODEV|MS_NOEXEC, NULL) =3D -1 EPERM (Operation not permitted)
--8<---------------cut here---------------end--------------->8---
It does work if the nested =E2=80=98guix shell=E2=80=99 uses =E2=80=98-CN=
=E2=80=99 instead of =E2=80=98-C=E2=80=99,
thanks to this bit in (gnu build linux-container)
(mount-file-systems root mounts
#:mount-/proc? (memq 'pid namespaces)
#:mount-/sys? (memq 'net
namespaces)) ;<---
The reason for this bug seems to be given here:
https://github.com/nestybox/sysbox/issues/67#issuecomment-726285026
It=E2=80=99s not clear whether there=E2=80=99s anything we can do, other th=
an
recommending =E2=80=98-CN=E2=80=99 as well in the nested container.
Thoughts?
Ludo=E2=80=99.
=C2=B9 https://lists.gnu.org/archive/html/guix-devel/2023-02/msg00027.html
Ludovic Courtès <ludovic.courtes@HIDDEN>:konrad.hinsen@HIDDEN, bug-guix@HIDDEN.
Full text available.konrad.hinsen@HIDDEN, bug-guix@HIDDEN:bug#61690; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.