From debbugs-submit-bounces@debbugs.gnu.org Sun Jul 31 06:53:45 2016 Received: (at 24108) by debbugs.gnu.org; 31 Jul 2016 10:53:45 +0000 Received: from localhost ([127.0.0.1]:51943 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bToNN-0002O5-K7 for submit@debbugs.gnu.org; Sun, 31 Jul 2016 06:53:45 -0400 Received: from eggs.gnu.org ([208.118.235.92]:43558) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bToNL-0002No-AF for 24108@debbugs.gnu.org; Sun, 31 Jul 2016 06:53:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bToNA-0008Mk-PY for 24108@debbugs.gnu.org; Sun, 31 Jul 2016 06:53:37 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:56491) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bToNA-0008MV-Ll; Sun, 31 Jul 2016 06:53:32 -0400 Received: from reverse-83.fdn.fr ([80.67.176.83]:34838 helo=pluto) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_128_CBC_SHA1:128) (Exim 4.82) (envelope-from ) id 1bToN8-0004wF-1Q; Sun, 31 Jul 2016 06:53:30 -0400 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) To: Dylan Jeffers Subject: Re: bug#24108: guix make tests failure References: <4c03321977ef605cc34a23986d83ce47@openmailbox.org> <874m77e0ky.fsf@gnu.org> <20160730104312.2166ffa5@openmailbox.org> <87bn1ebynp.fsf@gnu.org> <20160730174027.0551e855@openmailbox.org> <20160730185305.0c8cfe59@openmailbox.org> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 14 Thermidor an 224 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-unknown-linux-gnu Date: Sun, 31 Jul 2016 12:53:26 +0200 In-Reply-To: <20160730185305.0c8cfe59@openmailbox.org> (Dylan Jeffers's message of "Sat, 30 Jul 2016 18:53:05 -0700") Message-ID: <87d1lu84ex.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -6.3 (------) X-Debbugs-Envelope-To: 24108 Cc: 24108@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.3 (------) Hello, Dylan Jeffers skribis: [...] > > > These tests are skipped when user namespaces are not supported, as > > > per this condition: > > >=20 > > > (define perform-container-tests? > > > (and (user-namespace-supported?) > > > (unprivileged-user-namespace-supported?))) > > >=20 > > > =E2=80=A6 which is true iff (1) /proc/self/ns/user exists, and (2) > > > /proc/sys/kernel/unprivileged_userns_clone does not exist, or it > > > exists and contains =E2=80=9C1=E2=80=9D. > > >=20 > > > Do these files exist on this system?=20=20 >> >> (1) /proc/self/ns/user exists, and >> (2) /proc/sys/kernel/unpriviledged_userns_clone D.N.E They do not exist now with the new =E2=80=98test-suite.log=E2=80=99 that yo= u posted, but they did exist before (with the Grsec kernel), otherwise the user namespaces tests would have been skipped. >> Ideas on the best approach to allow the build to succeed? >>=20 >> I also have had issues with qemu, so it makes sense that vm/container >> stuff both have issues. I have a feeling its due to the >> grsec kernel. >> https://wiki.archlinux.org/index.php/Grsecurity_Patchset talks a >> bit about userspace/namespace hardening + issues with xen and >> virtbox. Going to reboot with an lts kernel and try again. Will post >> update... >>=20 >> Best, >> Dylan >>=20 >> Best, >> Dylan > > After changing kernel, and stopping paxd.service, build still > failed :( [...] > test-name: clone > location: /home/sapientech/Dev/guix/guix_wip/tests/syscalls.scm:109 > source: > + (test-assert > + "clone" > + (match (clone (logior CLONE_NEWUSER SIGCHLD)) > + (0 (primitive-exit 42)) > + (pid (and (not (equal? > + (readlink (user-namespace pid)) > + (readlink (user-namespace (getpid))))) > + (match (waitpid pid) > + ((_ . status) (=3D 42 (status:exit-val status= )))))))) > result: SKIP This and other container-related tests are now properly skipped. > test-name: home-page: host not found > location: /home/sapientech/Dev/guix/guix_wip/tests/lint.scm:393 > source: > + (test-assert > + "home-page: host not found" > + (->bool > + (string-contains > + (with-warnings > + (let ((pkg (package > + (inherit (dummy-package "x")) > + (home-page "http://does-not-exist")))) > + (check-home-page pkg))) > + "domain not found"))) > actual-value: #f > result: FAIL This and the remaining failures are due to DNS hijacking, so nothing we can do about it. You=E2=80=99d have to use a well-behaved DNS server (e.g., =E2=80=9Cecho nameserver 8.8.8.8 > /etc/resolv.conf=E2=80=9D to use Google= =E2=80=99s name server) to work around that. Thanks, Ludo=E2=80=99.