Hello, Dylan Jeffers skribis: [...] > > > These tests are skipped when user namespaces are not supported, as > > > per this condition: > > > > > > (define perform-container-tests? > > > (and (user-namespace-supported?) > > > (unprivileged-user-namespace-supported?))) > > > > > > … which is true iff (1) /proc/self/ns/user exists, and (2) > > > /proc/sys/kernel/unprivileged_userns_clone does not exist, or it > > > exists and contains “1”. > > > > > > Do these files exist on this system? >> >> (1) /proc/self/ns/user exists, and >> (2) /proc/sys/kernel/unpriviledged_userns_clone D.N.E They do not exist now with the new ‘test-suite.log’ that you posted, but they did exist before (with the Grsec kernel), otherwise the user namespaces tests would have been skipped. >> Ideas on the best approach to allow the build to succeed? >> >> I also have had issues with qemu, so it makes sense that vm/container >> stuff both have issues. I have a feeling its due to the >> grsec kernel. >> https://wiki.archlinux.org/index.php/Grsecurity_Patchset talks a >> bit about userspace/namespace hardening + issues with xen and >> virtbox. Going to reboot with an lts kernel and try again. Will post >> update... >> >> Best, >> Dylan >> >> Best, >> Dylan > > After changing kernel, and stopping paxd.service, build still > failed :( [...] > test-name: clone > location: /home/sapientech/Dev/guix/guix_wip/tests/syscalls.scm:109 > source: > + (test-assert > + "clone" > + (match (clone (logior CLONE_NEWUSER SIGCHLD)) > + (0 (primitive-exit 42)) > + (pid (and (not (equal? > + (readlink (user-namespace pid)) > + (readlink (user-namespace (getpid))))) > + (match (waitpid pid) > + ((_ . status) (= 42 (status:exit-val status)))))))) > result: SKIP This and other container-related tests are now properly skipped. > test-name: home-page: host not found > location: /home/sapientech/Dev/guix/guix_wip/tests/lint.scm:393 > source: > + (test-assert > + "home-page: host not found" > + (->bool > + (string-contains > + (with-warnings > + (let ((pkg (package > + (inherit (dummy-package "x")) > + (home-page "http://does-not-exist")))) > + (check-home-page pkg))) > + "domain not found"))) > actual-value: #f > result: FAIL This and the remaining failures are due to DNS hijacking, so nothing we can do about it. You’d have to use a well-behaved DNS server (e.g., “echo nameserver 8.8.8.8 > /etc/resolv.conf” to use Google’s name server) to work around that. Thanks, Ludo’.