'call-with-container' fails when CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set

OpenSubmitted by Efraim Flashner.
Details
2 participants
  • Efraim Flashner
  • Ludovic Courtès
Owner
unassigned
Severity
normal
E
E
Efraim Flashner wrote on 29 Nov 2015 19:29
silent failure on guix environment foo --container
(address . bug-guix@gnu.org)
20151129202959.6a2f6053@debian-netbook
When trying to run `guix environment foo --container` I don't get a containerwith a new shell or any useful information, it just thinks about it for awhile and then returns to the command prompt, allowing me to enter anothercommand.
efraim@debian-netbook:~$ strace -f -o log guix environment vim --container ; echo $?1
efraim@debian-netbook:~$ uname -aLinux debian-netbook 4.3-0.dmz.2-liquorix-amd64 #1 ZEN SMP PREEMPT Debian 4.3-2 (2015-11-17) x86_64 GNU/Linux
efraim@debian-netbook:~$ sudo sysctl -w kernel.unprivileged_userns_clone=1sysctl: cannot stat /proc/sys/kernel/unprivileged_userns_clone: No such file or directory(this kernel does allow running VMs as user, which makes it nice)
efraim@debian-netbook:~$ guix --versionguix (GNU Guix) 0.9.0
-- Efraim Flashner <efraim@flashner.co.il> אפרים פלשנרGPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351Confidentiality cannot be guaranteed on emails sent or received unencrypted
Attachment: log.gz
-----BEGIN PGP SIGNATURE-----Version: GnuPG v2
iQIcBAEBCgAGBQJWW0QnAAoJEPTB05F+rO6TDGwQAJo060Cp7vM/hRlCzOsZUp35joBDtltO6cl+Ujjcnnf2I+FTNW1dLEhLmCZDoMI/8FPnuBoQ9GKLpOcVbE4TrfDnzRjkQzz4bsBA+fbupmGY4VEgLO9Dqp6mYii+AFQx4W/mOwfmjlgZ8FVCWoeeY+nPaXxKU5zl/R6+P08LAzcnu9Vz+gGz6GAobkmrJP6h/fE0A0RwghWXF2MfMfuKDGj/Zd5V5hIMJzMWJmn61nd4xOiq2qeFKBrYC819PPw2xNOirR2cpHpaJ+3LipSnDZIZ7D84kIsFSJNZrFTELQOg81itzr/xI6xJNFd3sdaZmAT0O6oRLILu6ADUjuHfaRj8ka31J+NH7ItCRpIRH0mMN0I/8CYiwEA0HzTO17ZmtwuL3v7Lxeyt/pN0GDlGkguxz8Z5LkQsxoUMc5+2wd97CImEtiAoCDkZRUronqJHe62Lc1dO2HXtbM7xJW2tpXVbnOj7S+seIX4yCMaaDCU8qNSGQAowwUBDnscjLD9rhotvNANOg0KrY3tGfcyD+c0OIYqjf2noTkI7rspir4BuFpu5ihsDuWRuIhwUwWf+ONWjGSqxITzCfh5JanzOEZkr/pMEd082XYePmP8X6r+jBvHiX38lFfsz1hDTCzfOntJrz55pyeJjdS06WDRAek+4layWQcmy7m8mK+mLg1/t=oXIu-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 29 Nov 2015 22:20
(name . Efraim Flashner)(address . efraim@flashner.co.il)
87k2p0fqou.fsf@gnu.org
Efraim Flashner <efraim@flashner.co.il> skribis:
Toggle quote (8 lines)> When trying to run `guix environment foo --container` I don't get a container> with a new shell or any useful information, it just thinks about it for a> while and then returns to the command prompt, allowing me to enter another> command.>> efraim@debian-netbook:~$ strace -f -o log guix environment vim --container ; echo $?> 1
The failure is:
Toggle snippet (4 lines)21228 mount("none", "/tmp/guix-directory.5sVcGc//dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=6"...) = -1 EPERM (Operation not permitted)21228 exit_group(1) = ?
The problem may be that the kernel does not supportCONFIG_DEVPTS_MULTIPLE_INSTANCES. Could you check that in/proc/config.gz or similar?
The other problem is that there’s no error reporting, which doubles userfrustration. David, could you look into it? :-)
Ludo’.
E
E
Efraim Flashner wrote on 30 Nov 2015 07:50
(name . Ludovic Courtès)(address . ludo@gnu.org)
20151130085032.4b9c127e@debian-netbook
On Sun, 29 Nov 2015 22:20:33 +0100ludo@gnu.org (Ludovic Courtès) wrote:
Toggle quote (15 lines)> Efraim Flashner <efraim@flashner.co.il> skribis:> > [...] > > The failure is:> > --8<---------------cut here---------------start------------->8---> 21228 mount("none", "/tmp/guix-directory.5sVcGc//dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=6"...) = -1 EPERM (Operation not permitted)> 21228 exit_group(1) = ?> --8<---------------cut here---------------end--------------->8---> > The problem may be that the kernel does not support> CONFIG_DEVPTS_MULTIPLE_INSTANCES. Could you check that in> /proc/config.gz or similar?
# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
Toggle quote (8 lines)> > The other problem is that there’s no error reporting, which doubles user> frustration. David, could you look into it? :-)> > Ludo’.


-- Efraim Flashner <efraim@flashner.co.il> אפרים פלשנרGPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351Confidentiality cannot be guaranteed on emails sent or received unencrypted
Attachment: config.gz
-----BEGIN PGP SIGNATURE-----Version: GnuPG v2
iQIcBAEBCgAGBQJWW/G5AAoJEPTB05F+rO6TG74QAJu4zBxGdHHQ/AMJbRp/JZ/wPKTBdd+XF/Jm4pc/piMHBs4BHuwFnQmzsbE0Or/ksDHvtx938ZMUItArIumlozx0rkDwZzEl8j4Ixn4ivhMiWsN3pD6R3e03xYLeXybf3jyT/VV96ad9uEFyKNa29Fs4Xen4Kx8ORI6dFktPhJSQJJl+r3XDYwtdyHsT/eU2Heoi5O8gJU86OHYdjMjJke+LXHpBO1GafbpkBLKOGsqJI1bv/RUfQLDiBn6+7mA8G17WtpvRgKHCFZIT4h+yIJe3wIHEatEQFCq/U0uNS9W+lT7NlGVXTopAB/+m7CYGO1TKy2XexqolfdQE9kyDQysb98KZlwFftlA299NX9M8VMps9uAOoaA5D690R4jHfQRqpB1873jEqTcw1ZRZp+7fg6C4leL6Z8ZG+mwbvGBkpuC7vUsCvjPRljfKPux1DMUogZzZjpy5ScDnmEWLhKq0nn55xn1mxWJbFWqyZ8b4prVMqO/L79hiGQtk+O+r/qtE21u+bWfh5IO+rmTeE0y7pXNUAbZGBQJfADFF+9mkXXnmFjEIc3FFaY02y6ujMwa4a9plhVzQz8iwLalIIrzGdrZEbKdA30nCsTfhHlDP+GrhTbmYflFP1MGCfBs8winD1stUov30FTdpHbslr1BWAs7yP5nvDWtR0x21LW5LX=2F+R-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 30 Nov 2015 13:22
(name . Efraim Flashner)(address . efraim@flashner.co.il)
8737vnekxh.fsf@gnu.org
Efraim Flashner <efraim@flashner.co.il> skribis:
Toggle quote (20 lines)> On Sun, 29 Nov 2015 22:20:33 +0100> ludo@gnu.org (Ludovic Courtès) wrote:>>> Efraim Flashner <efraim@flashner.co.il> skribis:>> >> [...] >> >> The failure is:>> >> --8<---------------cut here---------------start------------->8--->> 21228 mount("none", "/tmp/guix-directory.5sVcGc//dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=6"...) = -1 EPERM (Operation not permitted)>> 21228 exit_group(1) = ?>> --8<---------------cut here---------------end--------------->8--->> >> The problem may be that the kernel does not support>> CONFIG_DEVPTS_MULTIPLE_INSTANCES. Could you check that in>> /proc/config.gz or similar?>> # CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
QED. :-) However, the daemon needs it too. Don’t you have problemswith guix-daemon as well, when building things locally on that machine?
Ludo’.
E
E
Efraim Flashner wrote on 30 Nov 2015 13:44
(name . Ludovic Courtès)(address . ludo@gnu.org)
20151130144413.73383d40@debian-netbook
On Mon, 30 Nov 2015 13:22:34 +0100ludo@gnu.org (Ludovic Courtès) wrote:
Toggle quote (27 lines)> Efraim Flashner <efraim@flashner.co.il> skribis:> > > On Sun, 29 Nov 2015 22:20:33 +0100> > ludo@gnu.org (Ludovic Courtès) wrote:> > > >> Efraim Flashner <efraim@flashner.co.il> skribis:> >> > >> [...] > >> > >> The failure is:> >> > >> --8<---------------cut here---------------start------------->8---> >> 21228 mount("none", "/tmp/guix-directory.5sVcGc//dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=6"...) = -1 EPERM (Operation not permitted)> >> 21228 exit_group(1) = ?> >> --8<---------------cut here---------------end--------------->8---> >> > >> The problem may be that the kernel does not support> >> CONFIG_DEVPTS_MULTIPLE_INSTANCES. Could you check that in> >> /proc/config.gz or similar? > >> > # CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set > > QED. :-) However, the daemon needs it too. Don’t you have problems> with guix-daemon as well, when building things locally on that machine?> > Ludo’.
Not at all, I've been building things all day. Is this the type of thing thatwould control if there were multiple concurrent build processes? I've onlyever built things consecutively (not including make -j2). Without changingsettings, should I be building two packages concurrently, or building one anddownloading substitutes at the same time?
efraim@debian-netbook:~$ systemctl status guix-daemon.service● guix-daemon.service - Guix daemon builds packges, installs them, and runs garbage collection. Loaded: loaded (/etc/systemd/system/guix-daemon.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2015-11-28 21:36:22 IST; 1 day 17h ago Main PID: 810 (guix-daemon) CGroup: /system.slice/guix-daemon.service └─810 /root/.guix-profile/bin/guix-daemon --build-users-group=guix-builder
-- Efraim Flashner <efraim@flashner.co.il> אפרים פלשנרGPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----Version: GnuPG v2
iQIcBAEBCgAGBQJWXESdAAoJEPTB05F+rO6Tw58P/i00zwKxtB6flFBbadDMh9G36PhaWAahC/mwf7RqvwEyGpx6+atWKb0taRTHbdYVqKA4qakvllvkH2Pa6gmSIFRJvJR13A1e/4B65P98VBmNu7hCx2jFH/cyXQJrZs276/3Tdyce/rlsBrVusr3II2ulLBhjtgHGb4Lm91X7dJWjOq+AW2tcMWfRR30DhnYNv0dW2tM5a6OuxXlD/72+I+Gva2kTkgg8li0AXA7gsWBNn05BZEmPZvfxxT5cUPCDPHR7oUDhrdV4LG7vPOGBStUyLSWupERY6uiK41IIOfJ7Zz4r5CSaSExLsj6PnukyfWZOpWALc4l0be7grQl2gHOIqOMyae5d9AnLDsNKMffV9tKTXOLinQhrfrH40KiM9pgND2buMgsYZVr9E9FFeGoqEclscN3QRi+sbFNJm6ijtvp1IxJlLjQrwuSN//uS9bsMVnmSXVC2SLPb2fYJX9L40pOrIxoYBrS9hR7ArOOpl095lnkQ89X0uNZVyG+7yOvTWsUfBqhRDU1BSZzgKiBzAAO5YqQ/gybyLheztsbjnsSSfamRE4eNOr8zbvrhZImm69n1Rg2eYgfp2PsbWden6wh2lBBluNzXLFYPQkxFDmN3U1ASUrlLzapjJRIQ72qepVv6B83rQUjMtNHOCdidxjsWcfekcyc5hmDi4uof=ZB2w-----END PGP SIGNATURE-----

L
L
Ludovic Courtès wrote on 30 Nov 2015 13:51
(name . Efraim Flashner)(address . efraim@flashner.co.il)
87lh9fbqgv.fsf@gnu.org
Efraim Flashner <efraim@flashner.co.il> skribis:
Toggle quote (32 lines)> On Mon, 30 Nov 2015 13:22:34 +0100> ludo@gnu.org (Ludovic Courtès) wrote:>>> Efraim Flashner <efraim@flashner.co.il> skribis:>> >> > On Sun, 29 Nov 2015 22:20:33 +0100>> > ludo@gnu.org (Ludovic Courtès) wrote:>> > >> >> Efraim Flashner <efraim@flashner.co.il> skribis:>> >> >> >> [...] >> >> >> >> The failure is:>> >> >> >> --8<---------------cut here---------------start------------->8--->> >> 21228 mount("none", "/tmp/guix-directory.5sVcGc//dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=6"...) = -1 EPERM (Operation not permitted)>> >> 21228 exit_group(1) = ?>> >> --8<---------------cut here---------------end--------------->8--->> >> >> >> The problem may be that the kernel does not support>> >> CONFIG_DEVPTS_MULTIPLE_INSTANCES. Could you check that in>> >> /proc/config.gz or similar? >> >>> > # CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set >> >> QED. :-) However, the daemon needs it too. Don’t you have problems>> with guix-daemon as well, when building things locally on that machine?>> >> Ludo’.>> Not at all, I've been building things all day.
I’ve realized that the daemon has a fallback case for this situation, inlibstore/build.cc:
Toggle snippet (18 lines) /* Mount a new devpts on /dev/pts. Note that this requires the kernel to be compiled with CONFIG_DEVPTS_MULTIPLE_INSTANCES=y (which is the case if /dev/ptx/ptmx exists). */ if (pathExists("/dev/pts/ptmx") && !pathExists(chrootRootDir + "/dev/ptmx") && dirsInChroot.find("/dev/pts") == dirsInChroot.end()) { if (mount("none", (chrootRootDir + "/dev/pts").c_str(), "devpts", 0, "newinstance,mode=0620") == -1) throw SysError("mounting /dev/pts"); createSymlink("/dev/pts/ptmx", chrootRootDir + "/dev/ptmx");
/* Make sure /dev/pts/ptmx is world-writable. With some Linux versions, it is created with permissions 0. */ chmod_(chrootRootDir + "/dev/pts/ptmx", 0666); }
David, should we do something similar?
Thanks,Ludo’.
L
L
Ludovic Courtès wrote on 28 Feb 2016 19:00
retitle
(address . request@debbugs.gnu.org)
87povgvhol.fsf@gnu.org
retitle 22053 'call-with-container' fails when CONFIG_DEVPTS_MULTIPLE_INSTANCES is not setthanks
?