guix environment --container is borken

  • Done
  • quality assurance status badge
Details
4 participants
  • luhux
  • Marius Bakke
  • Tobias Geerinckx-Rice
  • zimoun
Owner
unassigned
Submitted by
luhux
Severity
normal
Merged with
L
L
luhux wrote on 6 Dec 2020 09:59
(address . bug-guix@gnu.org)
PSXP216MB02147543A84779F3F6A8509EA0CF0@PSXP216MB0214.KORP216.PROD.OUTLOOK.COM
In the new guix `guix environment --container` is borken.

The reason lies in the 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e of the master branch:



It checks if the file exists and then returns a boolean




None of my 3 Guix System machines have this file but they can still run unprivileged containers.

Please fix it,

thanks very much


luhux
Attachment: file
T
T
Tobias Geerinckx-Rice wrote on 6 Dec 2020 16:49
(no subject)
(address . control@debbugs.gnu.org)
87mtyrvsrn.fsf@nckx
merge 45066 45069
Z
Z
zimoun wrote on 6 Dec 2020 18:05
Re: bug#45066: guix environment --container is borken
86a6uqamqa.fsf@gmail.com
Hi,

On Sun, 06 Dec 2020 at 16:59, luhux <luhux@outlook.com> wrote:
Toggle quote (2 lines)
> In the new guix `guix environment --container` is borken.

It is not broken.

Toggle quote (2 lines)
> Please fix it,

Please fix your config. :-)


The message says:

Toggle snippet (5 lines)
$ guix environment -C --ad-hoc hello -- hello
guix environment: error: cannot create container: unprivileged user cannot create user namespaces
guix environment: error: please set /proc/sys/kernel/unprivileged_userns_clone to "1"

Have you tried the recommendation?

Toggle snippet (9 lines)
$ su -
Password:
# echo 1 > /proc/sys/kernel/unprivileged_userns_clone
# logout

$ guix environment -C --ad-hoc hello -- hello
Hello, world!

Feel free to comment on the thread:


if it does not work for you.


If no major objection, I am closing.

All the best,
simon
M
M
Marius Bakke wrote on 6 Dec 2020 22:02
874kky1wdl.fsf@gnu.org
zimoun <zimon.toutoune@gmail.com> skriver:

Toggle quote (7 lines)
> Hi,
>
> On Sun, 06 Dec 2020 at 16:59, luhux <luhux@outlook.com> wrote:
>> In the new guix `guix environment --container` is borken.
>
> It is not broken.

It was broken. :-)

Toggle quote (12 lines)
> Have you tried the recommendation?
>
> --8<---------------cut here---------------start------------->8---
> $ su -
> Password:
> # echo 1 > /proc/sys/kernel/unprivileged_userns_clone
> # logout
>
> $ guix environment -C --ad-hoc hello -- hello
> Hello, world!
> --8<---------------cut here---------------end--------------->8---

...because this only works on the Debian kernel.

We need to find a more robust test for user namespaces, but for now I
reverted the commit.

Closing! Thanks for the report luhux. :-)
-----BEGIN PGP SIGNATURE-----

iQFDBAEBCgAtFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAl/NRtYPHG1hcml1c0Bn
bnUub3JnAAoJEKKgbfKjOlT6lCoIALELPwC/yU69unv973jNMyFX3VQj/8pBJVMF
0TvoY4oxFEAbPOlq/O/uR45Laq/VdzvdVF8+yx36YFkD05YWZoWqKo9lXK5IVO3a
2lS8me/El0dHoyIEP73/fks5mBSHtZHHBe/+VMgDpI2bnW0pxSimpiT3Sp96HYS7
HszTVR9iLzfQ09F+ZlI17qz4QzUjdUuRuF0z6rU+6ktGWWvYCjh11KVEHNtkQHw+
PUsco8Wtq5/zgBAtYOolkW0jZsGHWmMVIVJA6IDWR0PorObrRr7yuCG+8QrMhbb1
44vUiNHTSH1oYkRxVIVDLAAZetCm1BgmVUAkVtPVgHr6ei6sDUY=
=r74s
-----END PGP SIGNATURE-----

Closed
Z
Z
zimoun wrote on 7 Dec 2020 01:52
86o8j68mk8.fsf@gmail.com
Hi Marius,

On Sun, 06 Dec 2020 at 22:02, Marius Bakke <marius@gnu.org> wrote:

Toggle quote (4 lines)
>> Have you tried the recommendation?

> It was broken. :-)

[...]

Toggle quote (2 lines)
> ...because this only works on the Debian kernel.

Therefore, what does the recommendation mean? From [1] on Guix System:

Toggle snippet (6 lines)
~/co/guix (master)$ guix environment -C guix
guix environment: error: cannot create container: unprivileged user cannot create user namespaces
guix environment: error: please set /proc/sys/kernel/unprivileged_userns_clone to "1"




Toggle quote (3 lines)
> We need to find a more robust test for user namespaces, but for now I
> reverted the commit.

How do you «set /proc/sys/kernel/unprivileged_userns_clone to "1"» on
Guix System?


BTW, reverting means reopen #31977; I did.


All the best,
simon
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 45066@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 45066
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch