GNU bug report logs - #78440
Unexpected requirement of --writable-root when using --share with guix shell

Previous Next

Package: guix;

Reported by: "Navid.Afkhami <at> mdc-berlin.de" <Navid.Afkhami <at> mdc-berlin.de>

Date: Thu, 15 May 2025 07:51:01 UTC

Severity: normal

To reply to this bug, email your comments to 78440 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#78440; Package guix. (Thu, 15 May 2025 07:51:01 GMT) Full text and rfc822 format available.
Acknowledgement sent to "Navid.Afkhami <at> mdc-berlin.de" <Navid.Afkhami <at> mdc-berlin.de>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Thu, 15 May 2025 07:51:01 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: "Navid.Afkhami <at> mdc-berlin.de" <Navid.Afkhami <at> mdc-berlin.de>
To: "bug-guix <at> gnu.org" <bug-guix <at> gnu.org>
Subject: Unexpected requirement of --writable-root when using --share with
 guix shell
Date: Thu, 15 May 2025 07:49:31 +0000

[Message part 1 (text/plain, inline)]
Dear Guix Team,

I’d like to report what may be an unintended behavior in recent versions of guix shell.

Summary:

When using guix shell with the --share option, we are now required to also pass --writable-root for the command to work. This was not previously necessary and may be a regression or side effect of recent changes.

Expectation

Given that --share should allow mounting host directories into the container, it’s not clear why --writable-root is required. This seems to go against the previous behavior and intended design.

Please let me know if additional information is needed. Happy to assist with further debugging.

Best regards,
Navid

 

- -  

Navid Afkhami

High Performance Computing (HPC)

Max Delbrück Center for Molecular Medicine (MDC)

Robert-Rössle-Straße 10, 13125 Berlin

Phone: +49 30 9406 1316

Email:   navid.afkhami <at> mdc-berlin.de

 


[Message part 2 (text/html, inline)]
[smime.p7s (application/pkcs7-signature, attachment)]
Information forwarded to bug-guix <at> gnu.org:
bug#78440; Package guix. (Thu, 15 May 2025 08:27:02 GMT) Full text and rfc822 format available.

Message #8 received at 78440 <at> debbugs.gnu.org (full text, mbox):

From: Ricardo Wurmus <rekado <at> elephly.net>
To: 78440 <at> debbugs.gnu.org
Cc: ludo <at> gnu.org, Navid.Afkhami <at> mdc-berlin.de
Subject: Unexpected requirement of --writable-root when using --share with
 guix shell
Date: Thu, 15 May 2025 10:26:07 +0200

This is due to a change introduced with commit 
ce363c1dc7bd63a74dcf7788d340819f6d5db89f:

--8<---------------cut here---------------start------------->8---
commit ce363c1dc7bd63a74dcf7788d340819f6d5db89f
Author: Ludovic Courtès <ludo <at> gnu.org>

   environment: Add ‘--writable-root’ and default to read-only 
   root.
   
   This is an incompatible change where the root file system in
   ‘guix shell -C’ is now read-only by default.
--8<---------------cut here---------------end--------------->8---

There have been follow-up commits, such as 
edc799dabfb059735f1a3084384925fe573d9de1 to make /tmp writable 
again:

--8<---------------cut here---------------start------------->8---
commit edc799dabfb059735f1a3084384925fe573d9de1
Author: Ludovic Courtès <ludo <at> gnu.org>

   environment, home: Make /tmp writable.
   
   Fixes <https://issues.guix.gnu.org/78272>.
   
   Fixes a bug caused by commit 
   ce363c1dc7bd63a74dcf7788d340819f6d5db89f,
   which inadvertently made /tmp read-only as well.
--8<---------------cut here---------------end--------------->8---

The problem here is that the user's temporary home directory 
inside the container is now read-only by default, because it is a 
decendent of the read-only root directory:

--8<---------------cut here---------------start------------->8---
guix shell --container coreutils -- /bin/sh -c 'env > ~/.test'
/bin/sh: line 1: /home/rekado/.test: Read-only file system
--8<---------------cut here---------------end--------------->8---

Is this intentional or should we add an exception to make the 
in-container home directory created for the user invoking "guix 
shell" writable for that same user?

-- 
Ricardo
Information forwarded to bug-guix <at> gnu.org:
bug#78440; Package guix. (Thu, 15 May 2025 12:27:01 GMT) Full text and rfc822 format available.

Message #11 received at 78440 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Ricardo Wurmus <rekado <at> elephly.net>
Cc: 78440 <at> debbugs.gnu.org, Navid.Afkhami <at> mdc-berlin.de
Subject: Re: Unexpected requirement of --writable-root when using --share
 with guix shell
Date: Thu, 15 May 2025 14:25:35 +0200

Hi Ricardo,

Ricardo Wurmus <rekado <at> elephly.net> writes:

> Is this intentional or should we add an exception to make the
> in-container home directory created for the user invoking "guix shell"
> writable for that same user?

This is being discussed in <https://issues.guix.gnu.org/78363>.  The
conclusion so far is that we should probably make $HOME writable.

Thanks,
Ludo’.
This bug report was last modified 1 day ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.