Received: (at 71226) by debbugs.gnu.org; 10 Jan 2025 16:37:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Jan 10 11:37:41 2025
Received: from localhost ([127.0.0.1]:58536 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tWI0z-0003Mk-3S
for submit <at> debbugs.gnu.org; Fri, 10 Jan 2025 11:37:41 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:42502)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1tWI0x-0003MX-KS
for 71226 <at> debbugs.gnu.org; Fri, 10 Jan 2025 11:37:40 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1tWI0r-00010Y-8e; Fri, 10 Jan 2025 11:37:33 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
From; bh=aSidXpw2YfdMlX6UjlWyBteOIzHIY30/WJtJ1i9ns9c=; b=qtL67mk8PPTimolOiI80
E4eSzxh+tGSPOcQBYBpvanfrKIE107uvOEExjXKJu/jttbYOXzdayoGcpLNN2ykdvlMXAjj+81HFV
DleS6l2pMxgTJ2Ng0dj7fXFdVwmc5Hm/WphjCEogy/cps8m8+HUiJQ9oe5dkLEXVbp+Oms7bdnOTH
TAj/p6q0BRbfRiIB95u10fuUldyXEBqSa/KevXgb1KB3WdiAaxu2Rd5wG7+B/n2OVF1TG+hCpsV9N
HdTsXb5BvU2nBlCZ3WvJO+h3BfNxa575WDNKIVcJqLu6tWk1/VbwdAzoGITklV7aOUmw4k2dY0rER
Ix5uuz4IRFN6eg==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: Marek =?utf-8?B?RmVsxaHDtmNp?= <marek.felsoci@HIDDEN>
Subject: Re: bug#71226: =?utf-8?Q?=E2=80=98guix?= shell =?utf-8?B?LUPigJkg?=
=?utf-8?B?ZG9lc27igJl0?= work on Ubuntu 24.04
In-Reply-To: <f604780d-bdcf-509c-9f3b-687f8ba0c655@HIDDEN> ("Marek
=?utf-8?B?RmVsxaHDtmNpIidz?=
message of "Thu, 9 Jan 2025 23:08:24 +0100")
References: <87wmnfxq2c.fsf@HIDDEN>
<0cf84df5-5771-aa9f-2a3e-e8bef6ad7b0f@HIDDEN>
<87h668oz3j.fsf@HIDDEN>
<f604780d-bdcf-509c-9f3b-687f8ba0c655@HIDDEN>
Date: Fri, 10 Jan 2025 17:37:29 +0100
Message-ID: <87ed1amxpy.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 71226
Cc: Ricardo Wurmus <rekado@HIDDEN>, 71226 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hello!
I believe the attached AppArmor profile should work. You need to:
1. Drop it in /etc/apparmor.d/guix (it=E2=80=99s actually not specific to
=E2=80=98guix shell -C=E2=80=99 since it matches any =E2=80=98guix=E2=
=80=99 command!).
2. Run =E2=80=9Capparmor_parser -rv /etc/apparmor.d/guix=E2=80=9D.
And then you can check =E2=80=9Cguix build whatever=E2=80=9D and =E2=80=9Cg=
uix shell -C hello=E2=80=9D.
Note that AppArmor is stateful: it memorizes previous rules (=E2=80=9Cprofi=
les=E2=80=9D)
and it=E2=80=99s not entirely clear how to remove them, especially when the=
re=E2=80=99s
no profile name.
So perhaps you=E2=80=99ll want to reboot if in doubt.
Anyway, I tested it in an Ubuntu 24.04 VM and everything seemed to work
well.
If you can confirm, we can add it to the repo and have =E2=80=98guix-instal=
l.sh=E2=80=99
install it.
Ludo=E2=80=99.
--=-=-=
Content-Type: text/plain
Content-Disposition: inline; filename=guix.apparmor
abi <abi/3.0>,
include <tunables/global>
profile guix /gnu/store/{*-guix-command,*/bin/guix} flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice>
capability net_admin, # for "guix shell -CN"
capability sys_admin, # for clone
capability sys_ptrace, # for user namespaces
# Allow preparing file systems inside the container root
mount fstype=(devpts) none -> /tmp/guix-directory.*/dev/pts/,
mount fstype=(mqueue) options=(nodev, noexec, nosuid, rw) mqueue -> /tmp/guix-directory.*/dev/mqueue/,
mount fstype=(proc) options=(nodev, noexec, nosuid, rw) none -> /tmp/guix-directory.*/proc/,
mount fstype=(sysfs) options=(nodev, noexec, nosuid, ro) none -> /tmp/guix-directory.*/sys/,
mount fstype=(tmpfs) none -> /tmp/guix-directory.*/**,
mount fstype=(tmpfs) none -> /tmp/guix-directory.*/,
mount fstype=(tmpfs) options=(nodev, noexec, nosuid, rw) tmpfs -> /tmp/guix-directory.*/dev/shm/,
mount fstype=(tmpfs) options=(noexec, rw, strictatime) none -> /tmp/guix-directory.*/dev/,
mount options=(bind, rw) /** -> /tmp/guix-directory.*/**,
mount options=(rbind, relatime, remount, ro) -> /tmp/guix-directory.*/**/,
mount options=(rbind, relatime, remount, ro) -> /tmp/guix-directory.*/**,
mount options=(rbind, rw) /** -> /tmp/guix-directory.*/**,
umount /real-root/,
pivot_root,
# 'guix substitute' is responsible for deduplicating files that it downloads
# so it needs to be able to create links in /gnu/store/.links.
link /gnu/store/.links/** -> /gnu/store/**,
# Note: This also needs to provide permissions for 'guix substitute',
# which accesses /etc/guix/acl, /var/guix, /gnu/store/.links, etc.
/etc/nsswitch.conf r,
/etc/passwd r,
/gnu/store/** r,
/gnu/store/**/** r,
/gnu/store/*-guix-*/etc/ld.so.cache r,
/gnu/store/*-guix-*/libexec/guix/guile ix,
/gnu/store/*/bin/* mrix,
/gnu/store/*/lib/**.so** mr,
/gnu/store/*/lib/lib*.so* mr,
/gnu/store/*/libexec/** ix,
/gnu/store/*/sbin/* mrix,
/tmp/ rw,
/tmp/guix-directory** rw,
/var/guix/** r,
/var/guix/daemon-socket/socket rw,
@{PROC}/*/ns/net rw,
@{PROC}/*/ns/user rw,
@{PROC}/@{pid}/** rw,
@{PROC}/self/ rw,
@{PROC}/self/** rw,
@{PROC}/sys/kernel/unprivileged_userns_clone rw,
# These are permissions inside the container after pivot root
owner / w,
owner /bin/ w,
owner /bin/sh w,
owner /etc/ w,
owner /etc/group w,
owner /etc/group.* r,
owner /etc/group.* w,
owner /etc/hosts w,
owner /etc/passwd rw,
owner /etc/passwd.* r,
owner /etc/passwd.* w,
owner /home/*/* ra,
owner /home/*/.cache/guix/profiles/ r,
owner /home/*/.cache/guix/profiles/* w,
owner /home/*/.cache/guix/profiles/last-expiry-cleanup r,
owner /real-root/ w,
allow userns,
}
--=-=-=--
bug-guix@HIDDEN:bug#71226; Package guix.
Full text available.Received: (at 71226) by debbugs.gnu.org; 9 Jan 2025 22:08:35 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 09 17:08:35 2025 Received: from localhost ([127.0.0.1]:54788 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tW0he-0000FJ-Pd for submit <at> debbugs.gnu.org; Thu, 09 Jan 2025 17:08:35 -0500 Received: from osiris.lip6.fr ([2001:660:3302:283c::1e]:61722) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <marek.felsoci@HIDDEN>) id 1tW0hc-0000F3-JY for 71226 <at> debbugs.gnu.org; Thu, 09 Jan 2025 17:08:33 -0500 Received: from poleia.lip6.fr (poleia.lip6.fr [132.227.201.8]) by osiris.lip6.fr (8.18.1/8.16.1) with ESMTP id 509M8S5G010157; Thu, 9 Jan 2025 23:08:28 +0100 (CET) Received: from [10.30.216.145] (unknown [193.52.24.28]) by poleia.lip6.fr (Postfix) with ESMTPSA id 21C9E32AE60; Thu, 9 Jan 2025 23:08:28 +0100 (CET) Subject: =?UTF-8?B?UmU6IGJ1ZyM3MTIyNjog4oCYZ3VpeCBzaGVsbCAtQ+KAmSBkb2Vzbg==?= =?UTF-8?Q?=e2=80=99t_work_on_Ubuntu_24.04?= To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= <ludovic.courtes@HIDDEN> References: <87wmnfxq2c.fsf@HIDDEN> <0cf84df5-5771-aa9f-2a3e-e8bef6ad7b0f@HIDDEN> <87h668oz3j.fsf@HIDDEN> From: =?UTF-8?B?TWFyZWsgRmVsxaHDtmNp?= <marek.felsoci@HIDDEN> Message-ID: <f604780d-bdcf-509c-9f3b-687f8ba0c655@HIDDEN> Date: Thu, 9 Jan 2025 23:08:24 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 SeaMonkey/2.53.19 MIME-Version: 1.0 In-Reply-To: <87h668oz3j.fsf@HIDDEN> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (osiris.lip6.fr [132.227.60.30]); Thu, 09 Jan 2025 23:08:29 +0100 (CET) X-Scanned-By: MIMEDefang 3.4.1 on 132.227.60.30 X-Spam-Score: -4.6 (----) X-Debbugs-Envelope-To: 71226 Cc: Ricardo Wurmus <rekado@HIDDEN>, 71226 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -5.6 (-----) Hi Ludovic! I ran the following Guix command ``` guix shell -C bash -- bash ``` and got these two entries in `dmesg` log. ``` [46999.292835] audit: type=1400 audit(1736460233.024:325): apparmor="AUDIT" operation="userns_create" class="namespace" info="Userns create - transitioning profile" profile="unconfined" pid=190176 comm="guix" requested="userns_create" target="unprivileged_userns" [46999.297993] audit: type=1400 audit(1736460233.029:326): apparmor="DENIED" operation="mount" class="mount" info="failed mntpnt match" error=-13 profile="unprivileged_userns" name="/tmp/guix-directory.BpSImx/" pid=190193 comm="guix" fstype="tmpfs" srcname="none" ``` Is it of any help? Is there something else I should have a look at? Thanks, Marek. Ludovic Courtès napísal(a) dňa 9. 1. 2025 o 15:12: > Hi Marek! > > Marek Felšöci <marek.felsoci@HIDDEN> skribis: > >> I confirm the issue on my Ubuntu 24.04 installation with Guix coming >> from apt repositories. >> >> I followed the steps from the Ricardo's reply, but the problem >> persists with the same error: >> >> ``` >> guix shell: chyba: mount: mount "none" on >> "/tmp/guix-directory.DFemEr": Prístup odmietnutý >> ``` >> >> Note that in the above message 'Prístup odmietnutý' means 'Access denied'. >> >> Have there been any new developments regarding this issue? > No! I guess Ricardo was on the right track but this probably needs more > testing and polishing. > > Is there additional info you can get by running “dmesg” or something > like that? > > Thanks, > Ludo’.
bug-guix@HIDDEN:bug#71226; Package guix.
Full text available.
Received: (at 71226) by debbugs.gnu.org; 9 Jan 2025 14:12:45 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jan 09 09:12:44 2025
Received: from localhost ([127.0.0.1]:51237 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tVtH9-0001gl-Tq
for submit <at> debbugs.gnu.org; Thu, 09 Jan 2025 09:12:44 -0500
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:36051)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludovic.courtes@HIDDEN>)
id 1tVtH5-0001gO-OV
for 71226 <at> debbugs.gnu.org; Thu, 09 Jan 2025 09:12:41 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc;
h=from:to:cc:subject:in-reply-to:references:date:
message-id:mime-version:content-transfer-encoding;
bh=2dUdr7Bb8WmVQHG51rcXO6iSxjDNVF9h5k1udcEK02M=;
b=C8DOS5cap9VfYWIyDIw4OMTsksylLduuTxpNV5VrwyMP2n3K9v1Dogkv
sEQQAlsHrV+Y3FhSzc/s0zqMmCjO1R7GXYwZYTL/FkqHFLzm90NIlKkwz
m+E+uUsxILvwUQwng4iNYk3FG14r+NCoBw+ltCP3Cfdxg9Pw5LLP5khLx 4=;
Authentication-Results: mail2-relais-roc.national.inria.fr;
dkim=none (message not signed) header.i=none;
spf=SoftFail smtp.mailfrom=ludovic.courtes@HIDDEN;
dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="6.12,301,1728943200"; d="scan'208";a="202280316"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
by mail2-relais-roc.national.inria.fr with
ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 09 Jan 2025 15:12:33 +0100
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: Marek =?utf-8?B?RmVsxaHDtmNp?= <marek.felsoci@HIDDEN>
Subject: Re: bug#71226: =?utf-8?Q?=E2=80=98guix?= shell =?utf-8?B?LUPigJkg?=
=?utf-8?B?ZG9lc27igJl0?= work on Ubuntu 24.04
In-Reply-To: <0cf84df5-5771-aa9f-2a3e-e8bef6ad7b0f@HIDDEN> ("Marek
=?utf-8?B?RmVsxaHDtmNpIidz?=
message of "Thu, 19 Dec 2024 17:26:54 +0100")
References: <87wmnfxq2c.fsf@HIDDEN>
<0cf84df5-5771-aa9f-2a3e-e8bef6ad7b0f@HIDDEN>
Date: Thu, 09 Jan 2025 15:12:32 +0100
Message-ID: <87h668oz3j.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 71226
Cc: Ricardo Wurmus <rekado@HIDDEN>, 71226 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi Marek!
Marek Fel=C5=A1=C3=B6ci <marek.felsoci@HIDDEN> skribis:
> I confirm the issue on my Ubuntu 24.04 installation with Guix coming
> from apt repositories.
>
> I followed the steps from the Ricardo's reply, but the problem
> persists with the same error:
>
> ```
> guix shell: chyba: mount: mount "none" on
> "/tmp/guix-directory.DFemEr": Pr=C3=ADstup odmietnut=C3=BD
> ```
>
> Note that in the above message 'Pr=C3=ADstup odmietnut=C3=BD' means 'Acce=
ss denied'.
>
> Have there been any new developments regarding this issue?
No! I guess Ricardo was on the right track but this probably needs more
testing and polishing.
Is there additional info you can get by running =E2=80=9Cdmesg=E2=80=9D or =
something
like that?
Thanks,
Ludo=E2=80=99.
bug-guix@HIDDEN:bug#71226; Package guix.
Full text available.Received: (at 71226) by debbugs.gnu.org; 20 Dec 2024 04:46:11 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Dec 19 23:46:11 2024 Received: from localhost ([127.0.0.1]:41213 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tOUtu-0000pj-C2 for submit <at> debbugs.gnu.org; Thu, 19 Dec 2024 23:46:10 -0500 Received: from osiris.lip6.fr ([132.227.60.30]:53209) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <marek.felsoci@HIDDEN>) id 1tOJN1-00008Z-CA for 71226 <at> debbugs.gnu.org; Thu, 19 Dec 2024 11:27:28 -0500 Received: from poleia.lip6.fr (poleia.lip6.fr [132.227.201.8]) by osiris.lip6.fr (8.16.1/8.16.1) with ESMTP id 4BJGQuk4002785 for <71226 <at> debbugs.gnu.org>; Thu, 19 Dec 2024 17:26:56 +0100 (CET) Received: from [132.227.80.165] (portable9810.wifi.calsci.lip6.fr [132.227.80.165]) by poleia.lip6.fr (Postfix) with ESMTPSA id 1B40D32AE51 for <71226 <at> debbugs.gnu.org>; Thu, 19 Dec 2024 17:26:56 +0100 (CET) To: 71226 <at> debbugs.gnu.org From: =?UTF-8?B?TWFyZWsgRmVsxaHDtmNp?= <marek.felsoci@HIDDEN> Subject: =?UTF-8?B?UmU6IGJ1ZyM3MTIyNjog4oCYZ3VpeCBzaGVsbCAtQ+KAmSBkb2Vzbg==?= =?UTF-8?Q?=e2=80=99t_work_on_Ubuntu_24.04?= Message-ID: <0cf84df5-5771-aa9f-2a3e-e8bef6ad7b0f@HIDDEN> Date: Thu, 19 Dec 2024 17:26:54 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0 SeaMonkey/2.53.19 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.4 (osiris.lip6.fr [132.227.60.30]); Thu, 19 Dec 2024 17:26:56 +0100 (CET) X-Scanned-By: MIMEDefang 3.4.1 on 132.227.60.30 X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 71226 X-Mailman-Approved-At: Thu, 19 Dec 2024 23:46:08 -0500 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hello to all, I confirm the issue on my Ubuntu 24.04 installation with Guix coming from apt repositories. I followed the steps from the Ricardo's reply, but the problem persists with the same error: ``` guix shell: chyba: mount: mount "none" on "/tmp/guix-directory.DFemEr": Prístup odmietnutý ``` Note that in the above message 'Prístup odmietnutý' means 'Access denied'. Have there been any new developments regarding this issue? PS: My current Guix generation is based on the commit c3290ce of the official Guix channel. Thank you very much! Best regards, Marek
bug-guix@HIDDEN:bug#71226; Package guix.
Full text available.Received: (at 71226) by debbugs.gnu.org; 15 Oct 2024 12:08:18 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Oct 15 08:08:17 2024 Received: from localhost ([127.0.0.1]:54356 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1t0gLZ-0007QX-Hb for submit <at> debbugs.gnu.org; Tue, 15 Oct 2024 08:08:17 -0400 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:3965) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <ludovic.courtes@HIDDEN>) id 1t0gLW-0007QH-TH for 71226 <at> debbugs.gnu.org; Tue, 15 Oct 2024 08:08:15 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc; h=from:to:cc:subject:in-reply-to:references:date: message-id:mime-version:content-transfer-encoding; bh=kbAtMvlNnESVF3/TUIwRqfE4lFv2w/T1widswNoN/zg=; b=naAp7JBrcwZiS+Z40uv4Gy24olKljZd0FtyRatbLtkh/3qylI4xjDhgJ h15Q82XPP9WevOYGXFAdAW/76mpsyfLDhWi2oE1nTQ9CdeK7uOJem/QFT RUfTJuoOaL8/QdxPl1NwgcRWdbp4vXrb+VEFsptd0HdLvQePMYDD5K6qI 4=; Authentication-Results: mail2-relais-roc.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=ludovic.courtes@HIDDEN; dmarc=fail (p=none dis=none) d=inria.fr X-IronPort-AV: E=Sophos;i="6.11,205,1725314400"; d="scan'208";a="188928221" Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 15 Oct 2024 14:07:51 +0200 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN> To: Ricardo Wurmus <rekado@HIDDEN> Subject: Re: bug#71226: =?utf-8?Q?=E2=80=98guix?= shell =?utf-8?B?LUPigJkg?= =?utf-8?B?ZG9lc27igJl0?= work on Ubuntu 24.04 In-Reply-To: <87plrttiia.fsf@HIDDEN> (Ricardo Wurmus's message of "Thu, 04 Jul 2024 15:05:17 +0200") References: <87wmnfxq2c.fsf@HIDDEN> <87plrttiia.fsf@HIDDEN> Date: Tue, 15 Oct 2024 14:07:50 +0200 Message-ID: <87sesxzi09.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 71226 Cc: 71226 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi Ricardo and all, Ricardo Wurmus <rekado@HIDDEN> skribis: > On Ubuntu 24.04 I created /etc/apparmor.d/guix-shell-container with the > following contents: [...] > I then loaded the profile with "sudo apparmor_parser -qr > /etc/apparmor.d/guix-shell-container". "guix shell -C hello" and "guix > shell -CN hello" worked fine. This issue is informally reported quite frequently these days. Can someone on Ubuntu having this problem confirm that it works for them? And then, bonus points if you can create a patch against Guix that (1) adds the file above under etc/ in the source tree, and (2) changes =E2=80=98etc/guix-install.sh=E2=80=99 to perform the above setup step on Ap= parmor distros, similar to how SELinux is handled. That=E2=80=99d be a much appreciated contribution! Thanks, Ludo=E2=80=99.
bug-guix@HIDDEN:bug#71226; Package guix.
Full text available.Ludovic Courtès <ludo@HIDDEN>
to control <at> debbugs.gnu.org.
Full text available.
Received: (at 71226) by debbugs.gnu.org; 4 Jul 2024 13:05:40 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Jul 04 09:05:40 2024
Received: from localhost ([127.0.0.1]:41775 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sPM9c-0000TF-2f
for submit <at> debbugs.gnu.org; Thu, 04 Jul 2024 09:05:40 -0400
Received: from sender4-of-o51.zoho.com ([136.143.188.51]:21162)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <rekado@HIDDEN>) id 1sPM9Z-0000T5-VP
for 71226 <at> debbugs.gnu.org; Thu, 04 Jul 2024 09:05:38 -0400
ARC-Seal: i=1; a=rsa-sha256; t=1720098323; cv=none;
d=zohomail.com; s=zohoarc;
b=fmHsHsLmM5U12hb7CFfTehhGXzbWwNBFDUGcTqXU9TF/AvHWEwe7TEiA5TsqKoOhJuSgb5j22Jslgx2ZHwp5BuEowxe/50gYSQcoXzfTtw5x/Tb48bh9FJJT5nux9QyPJMxcBprDM5jSMXN5VwMO/m7FT4FrnMJdUh+ucvRV24w=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
s=zohoarc; t=1720098323;
h=Content-Type:Cc:Cc:Date:Date:From:From:MIME-Version:Message-ID:Subject:Subject:To:To:Message-Id:Reply-To;
bh=SUUESQdJnLYgWWjHkGckCLEdyPyJ9CcG0DzZ35H86E8=;
b=Hqqg2Ks9SXgOnSrmhM5D6AEGwM/I/mFSpLFiGJJCypNVONHAyl9O624rPRBm7gNHMOjz8f2GqVCk1zlghDmmpIvk/YGNPWILPhY/DIAMhC0cWpSgu8/rxgQ+kawt15dRTLnnLPwuX2Pujo89Lh/VGybW5+jw/TQFEWno4MTHFmk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
dkim=pass header.i=elephly.net;
spf=pass smtp.mailfrom=rekado@HIDDEN;
dmarc=pass header.from=<rekado@HIDDEN>
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1720098323;
s=zoho; d=elephly.net; i=rekado@HIDDEN;
h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-ID:MIME-Version:Content-Type:Message-Id:Reply-To;
bh=SUUESQdJnLYgWWjHkGckCLEdyPyJ9CcG0DzZ35H86E8=;
b=T0GkCRv88Rz5rbMmqM2Ugewzi3Ksr9HRMk9GuCx8Wr0kFJCApJoc9YIcD2BiElSJ
8Q2FcuNkIXfB/jxZvVz7LA9Df0Ak9QtFOEI9nrhsAZx901m6tFt4CoLOTSdm4UzIbL3
9Lj4x9kLuBWBL3uCnJWroqcibVy54+qOdlqV1LxM=
Received: by mx.zohomail.com with SMTPS id 1720098321702143.2912667156312;
Thu, 4 Jul 2024 06:05:21 -0700 (PDT)
From: Ricardo Wurmus <rekado@HIDDEN>
To: 71226 <at> debbugs.gnu.org
Subject: =?utf-8?Q?=E2=80=98guix?= shell =?utf-8?B?LUPigJkgZG9lc27igJl0?=
work on Ubuntu 24.04
Date: Thu, 04 Jul 2024 15:05:17 +0200
Message-ID: <87plrttiia.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain
X-ZohoMailClient: External
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 71226
Cc: ludo@HIDDEN
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
On Ubuntu 24.04 I created /etc/apparmor.d/guix-shell-container with the
following contents:
--8<---------------cut here---------------start------------->8---
abi <abi/3.0>,
include <tunables/global>
/gnu/store/*-guix-*/bin/guix flags=(attach_disconnected) {
include <abstractions/base>
include <abstractions/consoles>
include <abstractions/nameservice>
capability net_admin, # for "guix shell -CN"
capability sys_admin, # for clone
capability sys_ptrace, # for user namespaces
# Allow preparing file systems inside the container root
mount fstype=(devpts) none -> /tmp/guix-directory.*/dev/pts/,
mount fstype=(mqueue) options=(nodev, noexec, nosuid, rw) mqueue -> /tmp/guix-directory.*/dev/mqueue/,
mount fstype=(proc) options=(nodev, noexec, nosuid, rw) none -> /tmp/guix-directory.*/proc/,
mount fstype=(sysfs) options=(nodev, noexec, nosuid, ro) none -> /tmp/guix-directory.*/sys/,
mount fstype=(tmpfs) none -> /tmp/guix-directory.*/**,
mount fstype=(tmpfs) none -> /tmp/guix-directory.*/,
mount fstype=(tmpfs) options=(nodev, noexec, nosuid, rw) tmpfs -> /tmp/guix-directory.*/dev/shm/,
mount fstype=(tmpfs) options=(noexec, rw, strictatime) none -> /tmp/guix-directory.*/dev/,
mount options=(bind, rw) /** -> /tmp/guix-directory.*/**,
mount options=(rbind, relatime, remount, ro) -> /tmp/guix-directory.*/**/,
mount options=(rbind, relatime, remount, ro) -> /tmp/guix-directory.*/**,
mount options=(rbind, rw) /** -> /tmp/guix-directory.*/**,
umount /real-root/,
pivot_root,
/etc/nsswitch.conf r,
/etc/passwd r,
/gnu/store/** r,
/gnu/store/**/** r,
/gnu/store/*-guix-*/etc/ld.so.cache r,
/gnu/store/*-guix-*/libexec/guix/guile ix,
/gnu/store/*/bin/* mrix,
/gnu/store/*/lib/**.so** mr,
/gnu/store/*/lib/lib*.so* mr,
/gnu/store/*/libexec/** ix,
/gnu/store/*/sbin/* mrix,
/tmp/ rw,
/tmp/guix-directory** rw,
/var/guix/** r,
/var/guix/daemon-socket/socket rw,
@{PROC}/*/ns/net rw,
@{PROC}/*/ns/user rw,
@{PROC}/@{pid}/** rw,
@{PROC}/self/ rw,
@{PROC}/self/** rw,
@{PROC}/sys/kernel/unprivileged_userns_clone rw,
# These are permissions inside the container after pivot root
owner / w,
owner /bin/ w,
owner /bin/sh w,
owner /etc/ w,
owner /etc/group w,
owner /etc/group.* r,
owner /etc/group.* w,
owner /etc/hosts w,
owner /etc/passwd rw,
owner /etc/passwd.* r,
owner /etc/passwd.* w,
owner /home/*/* ra,
owner /home/*/.cache/guix/profiles/ r,
owner /home/*/.cache/guix/profiles/* w,
owner /home/*/.cache/guix/profiles/last-expiry-cleanup r,
owner /real-root/ w,
allow userns,
}
--8<---------------cut here---------------end--------------->8---
I then loaded the profile with "sudo apparmor_parser -qr
/etc/apparmor.d/guix-shell-container". "guix shell -C hello" and "guix
shell -CN hello" worked fine.
To refine this policy I used the following process:
1. run "sudo aa-genprof guix" in one terminal
2. run "guix shell -CN hello" in another
3. update /etc/apparmor.d/guix-shell-container as needed (often
replacing temporary directory names with glob patterns)
4. repeat
We may want to create a template file in which we replace all instances
of /gnu/store and /var/guix with their respective configured values and
install the file in the same manner as we do etc/guix-daemon.cil.
I wonder if we need to provide something similar for SELinux where we
only have the guix-daemon policy.
--
Ricardo
bug-guix@HIDDEN:bug#71226; Package guix.
Full text available.Received: (at 71226) by debbugs.gnu.org; 30 May 2024 15:13:55 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu May 30 11:13:55 2024 Received: from localhost ([127.0.0.1]:41768 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1sChTW-0002RT-J4 for submit <at> debbugs.gnu.org; Thu, 30 May 2024 11:13:55 -0400 Received: from mail-40131.protonmail.ch ([185.70.40.131]:57859) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <laanwj@HIDDEN>) id 1sCgFV-0004Z6-Id for 71226 <at> debbugs.gnu.org; Thu, 30 May 2024 09:55:22 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1717077304; x=1717336504; bh=nS0PnhqsvgFHq8bp62NbWvm3I/+rxLfJd4Y6cJbIV0s=; h=Date:To:From:Subject:Message-ID:Feedback-ID:From:To:Cc:Date: Subject:Reply-To:Feedback-ID:Message-ID:BIMI-Selector; b=SpDZtbatNhVXjKbrmWuJ1UL3uG71vKk2l71N3tdIeFEA25ICWvfVeB/nwv2cuqLTh Oveh6zqya9CG4cBgLMGnPv6BPDTwYbugNIIxHrLA4qj9EbO1aK2v0ZZ9ZRZ3y1txu6 ZkaAkbXpvUCjF2Z9PNR7UqoSJOk+Xsi5gVW2GZqV9sJLBXEs19bYvuw4gvrQB/9x5M 5VwFx6BD3HBzBaQI9yVy6VSUPyFqMMSEP5ZDObLTzDHS3yA10NC2B1d0ETjIXGR24c 4LFj2Y1UoCV6cXXeLEkCsADALz08CJ5nHs0s6QsTt6fv+Zy7OMuyj1fipMIhiLyGzf dtM0pHJXhGqXA== Date: Thu, 30 May 2024 13:55:00 +0000 To: "71226 <at> debbugs.gnu.org" <71226 <at> debbugs.gnu.org> From: "W. J. van der Laan" <laanwj@HIDDEN> Subject: Upstream ubuntu issue Message-ID: <Sn74_O3hyBRgaAuRNzsGChHaX3U04QePJdd1g6twu5UsuZAoNS0Tw4wMfssJRaOwN-vHAw84cccW2TqRA8Fdx0eMCfIxWq0Xh8GwQLiN6SA=@protonmail.com> Feedback-ID: 591568:user:proton X-Pm-Message-ID: 61ebfcf104e22f77a307c295207181e4c3e9094a MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 71226 X-Mailman-Approved-At: Thu, 30 May 2024 11:13:53 -0400 X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Upstream ubuntu issue (includes possible workaround):=C2=A0https://bugs.lau= nchpad.net/ubuntu/+source/guix/+bug/2064115
bug-guix@HIDDEN:bug#71226; Package guix.
Full text available.
Received: (at submit) by debbugs.gnu.org; 27 May 2024 14:55:41 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Mon May 27 10:55:41 2024
Received: from localhost ([127.0.0.1]:45036 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1sBbl2-00016x-MT
for submit <at> debbugs.gnu.org; Mon, 27 May 2024 10:55:41 -0400
Received: from lists.gnu.org ([209.51.188.17]:36152)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1sBbl0-00016p-H2
for submit <at> debbugs.gnu.org; Mon, 27 May 2024 10:55:27 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludovic.courtes@HIDDEN>)
id 1sBbkp-0006En-JU
for bug-guix@HIDDEN; Mon, 27 May 2024 10:55:15 -0400
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludovic.courtes@HIDDEN>)
id 1sBbkm-0004e6-Mh
for bug-guix@HIDDEN; Mon, 27 May 2024 10:55:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc;
h=from:to:subject:date:message-id:mime-version:
content-transfer-encoding;
bh=7cvm6rDTJ4T2ZA7b2o46NDuQOW8r6h1Q+mhb0y1Ivw4=;
b=rD34/5QAY3MilWbAftpQ530xja0/mUWunSABSge7WBzBpH9L8EtNdkDY
gn1p9RgthLVXl0RcEoN6ssdQvfj3ocQd5ZYWpsNUUA2nMgmpXIcUtfWGT
Sd0CbMlZTzvuVhjDMPnsOQdx0zgnwHcDMBGvEaM4xeMrCaZ/IN6ZI/+Ki Q=;
Authentication-Results: mail3-relais-sop.national.inria.fr;
dkim=none (message not signed) header.i=none;
spf=SoftFail smtp.mailfrom=ludovic.courtes@HIDDEN;
dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="6.08,192,1712613600"; d="scan'208";a="88081985"
Received: from unknown (HELO ribbon) ([193.50.110.77])
by mail3-relais-sop.national.inria.fr with
ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 May 2024 16:55:08 +0200
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludovic.courtes@HIDDEN>
To: bug-guix@HIDDEN
Subject: =?utf-8?Q?=E2=80=98guix?= shell =?utf-8?B?LUPigJkgZG9lc27igJl0?=
work on Ubuntu 24.04
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: Nonidi 9 Prairial an 232 de la =?utf-8?Q?R=C3=A9volu?=
=?utf-8?Q?tion=2C?= jour du Serpolet
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 27 May 2024 16:55:07 +0200
Message-ID: <87wmnfxq2c.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=192.134.164.104;
envelope-from=ludovic.courtes@HIDDEN;
helo=mail3-relais-sop.national.inria.fr
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-Debbugs-Envelope-To: submit
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)
On Ubuntu 24.04, =E2=80=98guix shell -C=E2=80=99 has its child process (in =
a separate
mount namespace) fail to mount a tmpfs:
--8<---------------cut here---------------start------------->8---
294642 clone(child_stack=3DNULL, flags=3DCLONE_NEWNS|CLONE_NEWCGROUP|CLONE_=
NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) =3D 29=
4653
294642 close(15) =3D 0
294642 getuid() =3D 1000
294642 getgid() =3D 1000
294653 close(16) =3D 0
294642 openat(AT_FDCWD, "/proc/294653/setgroups", O_WRONLY|O_CREAT|O_TRUNC,=
0666 <unfinished ...>
294653 read(15, <unfinished ...>
294642 <... openat resumed>) =3D 6
294642 newfstatat(6, "", {st_mode=3DS_IFREG|0644, st_size=3D0, ...}, AT_EMP=
TY_PATH) =3D 0
294642 lseek(6, 0, SEEK_CUR) =3D 0
294642 write(6, "deny", 4) =3D 4
294642 close(6) =3D 0
294642 openat(AT_FDCWD, "/proc/294653/uid_map", O_WRONLY|O_CREAT|O_TRUNC, 0=
666) =3D 6
294642 newfstatat(6, "", {st_mode=3DS_IFREG|0644, st_size=3D0, ...}, AT_EMP=
TY_PATH) =3D 0
294642 lseek(6, 0, SEEK_CUR) =3D 0
294642 write(6, "1000 1000 1", 11) =3D 11
294642 close(6) =3D 0
294642 openat(AT_FDCWD, "/proc/294653/gid_map", O_WRONLY|O_CREAT|O_TRUNC, 0=
666) =3D 6
294642 newfstatat(6, "", {st_mode=3DS_IFREG|0644, st_size=3D0, ...}, AT_EMP=
TY_PATH) =3D 0
294642 lseek(6, 0, SEEK_CUR) =3D 0
294642 write(6, "1000 1000 1", 11) =3D 11
294642 close(6) =3D 0
294642 write(16, "ready", 5) =3D 5
294653 <... read resumed>"r", 1) =3D 1
294642 write(16, "\n", 1) =3D 1
294653 read(15, "e", 1) =3D 1
294642 read(16, <unfinished ...>
294653 read(15, "a", 1) =3D 1
294653 read(15, "d", 1) =3D 1
294653 read(15, "y", 1) =3D 1
294653 read(15, "\n", 1) =3D 1
294653 mount("none", "/tmp/guix-directory.3DaoGp", "tmpfs", 0, NULL) =3D -1=
EACCES (Permission denied)
294653 write(15, "(", 1) =3D 1
294642 <... read resumed>"(", 1) =3D 1
294653 write(15, "system-error", 12 <unfinished ...>
--8<---------------cut here---------------end--------------->8---
(It used to work on Ubuntu 22.)
Ludo=E2=80=99.
Ludovic Courtès <ludovic.courtes@HIDDEN>:bug-guix@HIDDEN.
Full text available.bug-guix@HIDDEN:bug#71226; Package guix.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.