X-Loop: help-debbugs@HIDDEN
Subject: bug#69708: Guix-Jupyter download directive: "Operation not permitted"
Resent-From: Troy Figiel <troy@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Sun, 10 Mar 2024 11:19:02 +0000
Resent-Message-ID: <handler.69708.B.171006949529312 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 69708
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 69708 <at> debbugs.gnu.org
X-Debbugs-Original-To: bug-guix@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.171006949529312
(code B ref -1); Sun, 10 Mar 2024 11:19:02 +0000
Received: (at submit) by debbugs.gnu.org; 10 Mar 2024 11:18:15 +0000
Received: from localhost ([127.0.0.1]:35721 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rjHC3-0007ci-AB
for submit <at> debbugs.gnu.org; Sun, 10 Mar 2024 07:18:15 -0400
Received: from lists.gnu.org ([209.51.188.17]:57554)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <troy@HIDDEN>) id 1rjHC0-0007ca-Rr
for submit <at> debbugs.gnu.org; Sun, 10 Mar 2024 07:18:13 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <troy@HIDDEN>)
id 1rjHBT-0002eE-53
for bug-guix@HIDDEN; Sun, 10 Mar 2024 07:17:39 -0400
Received: from mout-p-202.mailbox.org ([2001:67c:2050:0:465::202])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256)
(Exim 4.90_1) (envelope-from <troy@HIDDEN>)
id 1rjHBR-0007N1-3x
for bug-guix@HIDDEN; Sun, 10 Mar 2024 07:17:38 -0400
Received: from smtp1.mailbox.org (smtp1.mailbox.org
[IPv6:2001:67c:2050:b231:465::1])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
(No client certificate requested)
by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4Tsy6s72Ztz9scm
for <bug-guix@HIDDEN>; Sun, 10 Mar 2024 12:17:25 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=troyfigiel.com;
s=MBO0001; t=1710069446;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:mime-version:mime-version:content-type:content-type:
content-transfer-encoding:content-transfer-encoding:autocrypt:autocrypt;
bh=qnPD2N7zsNp6PMMW1eI//XA8HM0CwoerGvsRMBryV4I=;
b=mn88QbwL6ZUIt+kJdpz8K1oXCwIOu/ZYwAtN71Wegc0WBp+1j+z7f4oqaRf4QLvh1oMjcS
ILjoBcaBb4SWArP276AyebjghbJhmj2l2x/HRbX1K9mTobJ+V/POGlEPlmY4WllHkeIt6b
3GwHlVtqHYERr5da2goGRpciT0SHlUBvirwGsTJTS9ksX5ebERNFqhQN6zIch+80sCLXW7
Gc6pQ0qbjUP0gh8cB7Yk7CAql28qriKSNgzW0wXUJzx5eBPhyowxF+LzdF620tUYuRrFoE
JI9jV+Js7HKHnhwA4VKwWZ/V9kuD7KluEHXzC/DYSJYjoOa8Z5/MlVGOUHt48g==
Message-ID: <444aafb6-1092-43dd-a186-5b24e32f71c2@HIDDEN>
Date: Sun, 10 Mar 2024 12:17:25 +0100
MIME-Version: 1.0
Content-Language: en-US, de-DE, nl
From: Troy Figiel <troy@HIDDEN>
Autocrypt: addr=troy@HIDDEN; keydata=
xsFNBGKp71YBEADDmh9HMTg0Z8/xxf4yT6UX2wO8u0Q2nbOAhzROSabUVyBp8Gz6jLcoFN8x
rg8XxxBWTCENBWqKkYG6Z/GgPmeKuacAeZIW7dGYaGu4bZHgLsTqk04J/dM63aVveJJY4M4r
KNx0Mew+SYTGrh3NnoSF0+ZIskGGh4NJpXOGUSUihjdddn8ouFDDy01GJ9N2ZWprfWo3ynMA
xEHhD6CWniQMkmd+TVKjQt+BC8d+nHlOt6vFoDGH9PehXmmBLyOJAVMAlPMyrN8ZjmbRp91s
4Sz2rqjD2GXFGvKClhyxcr2qEUJmCg/Vp8PiZWOwxA/6BCWuNmrl1d1FhXjMMIzz2y92MOlD
5kQm7/261cuXTJvKZOLmHelY0m7gReWnc9peGPmGeukkdblmjwJTnetzvF/AUXNpS29Nmyie
4PgsAbkmL0PwKCbf+6WRWywRidR1narANINGJHL8MDIgdUwuJsYhD5s10bIsg2dOOxFioOnm
kgpWiVLmZSq9bkX+SRyWNL+hDhEbGLnZ5WUOszPXgo9Lo2dCGBr4YkCaxVCCCfgAn8TpgcLQ
VW37N75MjEX3kVBGBiiifbQUedKHqMddlUEYLSjpBCNxqF1X5fTuurFrfq8EYcYcQGW5Telh
fX1I6md7xt0FDBRAVx8jAvy7Rkt6CeKP7oPNMVfoQ62oMT85JQARAQABzSFUcm95IEZpZ2ll
bCA8dHJveUB0cm95ZmlnaWVsLmNvbT7CwY8EEwEKADkCGwMECwkIBwQVCgkIBRYCAwEAAh4F
AheAFiEE5HwNzSdo36E4/NzWxnyRgbOJP7AFAmVCwP8CGQEACgkQxnyRgbOJP7DK/A/+L6IY
xHhr4ZCz5Mk8s0OHAQTP3ZlAtmjMB+Lg0nwg8hVRzF1O/mCQKaFeKwKgh0I0zZIYucnylG6K
KtVoa1ZNrpOCO2Qau7C/j6u7lmZGoEyEf9ePvhpVPcqFXSeehNl/nmaAFuLXTTTvkUubuU2m
OEQe1oua/9HQPbd2mlKNjUnj9YmYs9qqF9bcJmT0U2WUg4Jz3DmHQiK175QqJv7fXtIdHzAk
BRlJdrslLPOrIDb7WAnXpUQs1bcirKuSFOsyeGn0plh3t0uSm8d3BValRArPMw/h9FldGRXr
KycSCIuU/vL94mncXSwIy8ifY4XkcBVvuZ8CbAh3G3iuZ6LLoMsjGmCXkm6Ru9OieC8xmAae
69RYw/zXHoIkW+/nLygEv7+7tMrYTFcUR0RmMvHjiZafnGwHkBCFMojUapcG/EAsSYQzssGP
qYLuqIaq2weCYpfNUMDye3rivOKFcO6Aa63lCb1TLy/OVoK0al04WdO+teDJVj88WNyMZu1c
SdBYd3lJ9VLSmsBJ0FFksuDyXQqmrN+Uckka+JdKHiADGGaztMHmbJkZ1DZ2jfEh0kJTcCr8
PAXIvTMcgi/BLP3R6u+iHnycypID8pwLIDg3Gg3cLcfeBmCBEAft/Gk5RF0POIL8QAx7IVwu
AD4kpM6fkXc6Dq9sl6us38ekm6M7fprOwU0EYqnvVgEQANU4cn+tMmYLMMJA3yeE7JIlY5E+
xZ5qrvNA+UwqTuZGcQH3Th81fsF1qYYiT38fq6GAEImJ19VqVs9f/YGSdkUk1ZA46AwzPuij
pFGUm3yL71kCzPblF1zUCzOllc1N7pi3YD+XQr7ggqX/s/MS1uxR9Sgs5coYUT0ygXVOGkSk
OQjdQ99B2+BUTos28C2sDfJfCd5ekLCp02EUle527sX8QjyTiTUlu5pvFnCtzO6MWf3loiJb
Vi9vA0hQFOnu4jM0TjzIc4vWJpX1oExfFwEsoSVLDQh3CFIoe8wHsRgpIvtWiiRIuaaJawhx
ac6mj4yaB2UR/MW8KFpUmqzTgVn8FLt0S0yo1PpleTFT8IsGY8luoyWIaUyNCrjXxrps8yFj
HoE54Abb0S6Z15Ko2csG2DR1u4ZtELVsHcF3gZT5q1Nt9BnV8TYi0+vNjVjQ7OODQMOBSIB8
bBEQogtbTxBYvIs57ClYAd0fHssz7fJHaKDbcsZXGWKdiSEQrrfc78tOgmYml997og7SyLg+
YI9X8G4RJiIF9EThRtAKK92i9xktWLLBCl5q5nwRPcObVgy7AiwQBPX1WVR3+Uy6BaeyylPY
YIAyM6dHwl4/e5HczR5Nt6pzmnOza8F2JT4blqJd+QVeL+xDtBvzKWLBVZkPJMbwqYS/1MOu
4UdmuNIpABEBAAHCwXYEGAEKACAWIQTkfA3NJ2jfoTj83NbGfJGBs4k/sAUCYqnvVgIbDAAK
CRDGfJGBs4k/sAQUD/4xIZxwGDsBc3mf4qnahCEAN3NjyhI/9q2oFGzyN0t9ifh7u7HD5R0F
5WdI2JnOnW3Bjl3YnsMfLg9wHnsT3R1xresf59wXuKQ7UIpqPfMXLZnHtaUP5bmpETvkvybN
f0zkekbU27chbmiAOyDB3ApsFQ7lqwvOO0K3+sx94ROsJwb+MDpjGAOewVPk7V0br0twFo2R
5/vtp8cNCg/lKlqWDmJ0fWipxazSzVAMDxn+ci0DB5o5UyHhxc8WgXXLl7t22m7b6kVZ0EKN
oEPa7/TvIj1wVDFUFrEMEuJFBMDqZDLdBMZzEsq7O0sHaGifiy0zHRE7Eyfo+9sV0ccSWdeE
f5GjoKLtR7MlJ+I9IfHuCl++Gxa+MM8yXfn/tk7vcsGJhewrqqTlvnpMuITCmdTJymgnKS/B
jSDDKjgRsZLLzhkE+dVTBZRkHFOGf9rV8+JQRYwqZVIjIEln6EZdfOQIKPll4EY19f9stj7h
ptM9jXDTBm4MBxdCdWIRsU19w4TqvitioADjMSZ1MYqQlS6pWQI9tDMJ/mLqKcWrHhar6rwv
v/gTpsbePtVR2GkWMjEHE1VS1LKmr+UcWFu3MJIHMd4DFnypp1n1cY+u0emp93JUMDMqa79F
G+6Sbeaw5G+/fx8S4hpw63SiA1x8c5PMjKGwx5G4ZZfNwT+mAi6dHA==
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: 4Tsy6s72Ztz9scm
Received-SPF: pass client-ip=2001:67c:2050:0:465::202;
envelope-from=troy@HIDDEN; helo=mout-p-202.mailbox.org
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001,
T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
Hi Guix-Jupyter,
Please let me know if this is the right location to file a bug. Since I
don't have an account on gitlab.inria.fr, I can't file an issue there.
In any case, the ;;guix download directive assumes the ability to hard
link from the gnu store to your tmp directory. This killed the Guix
kernel and returned an "Operation not permitted" error in my Jupyter
console.
As it turns out, there is a kernel parameter called
"fs.protected_hardlinks" which prevents the creation of hard links by
users that do not own the source. Since my gnu store is root owned and I
run Jupyter as non-root (hence creating the container in the tmp
directory as non-root), this fails. For my system
"fs.protected_hardlinks" was set to 1 by default. Setting it to 0 fixes
the problem.
However, I am not convinced hard linking is the right solution anyway.
For one, it is not uncommon to have tmp and the gnu store living on
different volumes (which seems to be fixed upstream, but not tagged
yet). Copying would be an improvement, as it circumvents these issues,
but with the obvious downside that it duplicates all the data.
I was thinking it might make more sense to bind mount the file into the
container. This would solve the above issues, but not duplicate the
data. The raw data would then be completely immutable, however, I do not
see this as a downside, since treating raw data as immutable is already
a good practice.
WDYT?
Best wishes,
Troy
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Troy Figiel <troy@HIDDEN> Subject: bug#69708: Acknowledgement (Guix-Jupyter download directive: "Operation not permitted") Message-ID: <handler.69708.B.171006949529312.ack <at> debbugs.gnu.org> References: <444aafb6-1092-43dd-a186-5b24e32f71c2@HIDDEN> X-Gnu-PR-Message: ack 69708 X-Gnu-PR-Package: guix Reply-To: 69708 <at> debbugs.gnu.org Date: Sun, 10 Mar 2024 11:19:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 69708 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 69708: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D69708 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.