On Sat, 30 Jul 2016 17:40:27 -0700 Dylan Jeffers wrote: > On Sat, 30 Jul 2016 23:31:54 +0200 > ludo@gnu.org (Ludovic Courtès) wrote: > > > Dylan Jeffers skribis: > > > > > On Sat, 30 Jul 2016 15:07:25 +0200 > > > ludo@gnu.org (Ludovic Courtès) wrote: > > > > [...] > > > > >> > test-name: clone > > >> > location: /home/sapientech/Dev/guix/guix_wip/tests/syscalls.scm:109 > > >> > source: > > >> > + (test-assert > > >> > + "clone" > > >> > + (match (clone (logior CLONE_NEWUSER SIGCHLD)) > > >> > + (0 (primitive-exit 42)) > > >> > + (pid (and (not (equal? > > >> > + (readlink (user-namespace pid)) > > >> > + (readlink (user-namespace > > >> > (getpid))))) > > >> > + (match (waitpid pid) > > >> > + ((_ . status) (= 42 > > >> > (status:exit-val status)))))))) actual-value: #f > > >> > actual-error: > > >> > + (system-error > > >> > + "clone" > > >> > + "~d: ~A" > > >> > + (268435473 "Operation not permitted") > > >> > + (1)) > > >> > result: FAIL > > >> > > >> What does “uname -srv” report on this machine? It seems this > > >> kernel does not support namespaces. > > >> > > >> Thanks, > > >> Ludo’. > > > > > > Hi Ludo, > > > > > > Thanks for getting back so quick. > > > Output of uname -srv: Linux 4.6.4-gnu-201607192040-1-grsec #1 SMP > > > PREEMPT Wed Jul 20 15:37:34 UYT 2016 > > > > These tests are skipped when user namespaces are not supported, as > > per this condition: > > > > (define perform-container-tests? > > (and (user-namespace-supported?) > > (unprivileged-user-namespace-supported?))) > > > > … which is true iff (1) /proc/self/ns/user exists, and (2) > > /proc/sys/kernel/unprivileged_userns_clone does not exist, or it > > exists and contains “1”. > > > > Do these files exist on this system? > > (1) /proc/self/ns/user exists, and > (2) /proc/sys/kernel/unpriviledged_userns_clone D.N.E > > Ideas on the best approach to allow the build to succeed? > > I also have had issues with qemu, so it makes sense that vm/container > stuff both have issues. I have a feeling its due to the > grsec kernel. > https://wiki.archlinux.org/index.php/Grsecurity_Patchset talks a > bit about userspace/namespace hardening + issues with xen and > virtbox. Going to reboot with an lts kernel and try again. Will post > update... > > Best, > Dylan > > Best, > Dylan After changing kernel, and stopping paxd.service, build still failed :( It looks like the failed tests are different though (see attachment) Dylan