'call-with-container' fails when CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set

OpenSubmitted by Efraim Flashner.
Details
2 participants
  • Efraim Flashner
  • Ludovic Courtès
Owner
unassigned
Severity
normal
E
E
Efraim Flashner wrote on 29 Nov 2015 19:29
silent failure on guix environment foo --container
(address . bug-guix@gnu.org)
20151129202959.6a2f6053@debian-netbook
When trying to run `guix environment foo --container` I don't get a container
with a new shell or any useful information, it just thinks about it for a
while and then returns to the command prompt, allowing me to enter another
command.

efraim@debian-netbook:~$ strace -f -o log guix environment vim --container ; echo $?
1

efraim@debian-netbook:~$ uname -a
Linux debian-netbook 4.3-0.dmz.2-liquorix-amd64 #1 ZEN SMP PREEMPT Debian 4.3-2 (2015-11-17) x86_64 GNU/Linux

efraim@debian-netbook:~$ sudo sysctl -w kernel.unprivileged_userns_clone=1
sysctl: cannot stat /proc/sys/kernel/unprivileged_userns_clone: No such file or directory
(this kernel does allow running VMs as user, which makes it nice)

efraim@debian-netbook:~$ guix --version
guix (GNU Guix) 0.9.0

--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
Attachment: log.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWW0QnAAoJEPTB05F+rO6TDGwQAJo060Cp7vM/hRlCzOsZUp35
joBDtltO6cl+Ujjcnnf2I+FTNW1dLEhLmCZDoMI/8FPnuBoQ9GKLpOcVbE4TrfDn
zRjkQzz4bsBA+fbupmGY4VEgLO9Dqp6mYii+AFQx4W/mOwfmjlgZ8FVCWoeeY+nP
aXxKU5zl/R6+P08LAzcnu9Vz+gGz6GAobkmrJP6h/fE0A0RwghWXF2MfMfuKDGj/
Zd5V5hIMJzMWJmn61nd4xOiq2qeFKBrYC819PPw2xNOirR2cpHpaJ+3LipSnDZIZ
7D84kIsFSJNZrFTELQOg81itzr/xI6xJNFd3sdaZmAT0O6oRLILu6ADUjuHfaRj8
ka31J+NH7ItCRpIRH0mMN0I/8CYiwEA0HzTO17ZmtwuL3v7Lxeyt/pN0GDlGkgux
z8Z5LkQsxoUMc5+2wd97CImEtiAoCDkZRUronqJHe62Lc1dO2HXtbM7xJW2tpXVb
nOj7S+seIX4yCMaaDCU8qNSGQAowwUBDnscjLD9rhotvNANOg0KrY3tGfcyD+c0O
IYqjf2noTkI7rspir4BuFpu5ihsDuWRuIhwUwWf+ONWjGSqxITzCfh5JanzOEZkr
/pMEd082XYePmP8X6r+jBvHiX38lFfsz1hDTCzfOntJrz55pyeJjdS06WDRAek+4
layWQcmy7m8mK+mLg1/t
=oXIu
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 29 Nov 2015 22:20
(name . Efraim Flashner)(address . efraim@flashner.co.il)
87k2p0fqou.fsf@gnu.org
Efraim Flashner <efraim@flashner.co.il> skribis:

Toggle quote (8 lines)
> When trying to run `guix environment foo --container` I don't get a container
> with a new shell or any useful information, it just thinks about it for a
> while and then returns to the command prompt, allowing me to enter another
> command.
>
> efraim@debian-netbook:~$ strace -f -o log guix environment vim --container ; echo $?
> 1

The failure is:

Toggle snippet (4 lines)
21228 mount("none", "/tmp/guix-directory.5sVcGc//dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=6"...) = -1 EPERM (Operation not permitted)
21228 exit_group(1) = ?

The problem may be that the kernel does not support
CONFIG_DEVPTS_MULTIPLE_INSTANCES. Could you check that in
/proc/config.gz or similar?

The other problem is that there’s no error reporting, which doubles user
frustration. David, could you look into it? :-)

Ludo’.
E
E
Efraim Flashner wrote on 30 Nov 2015 07:50
(name . Ludovic Courtès)(address . ludo@gnu.org)
20151130085032.4b9c127e@debian-netbook
On Sun, 29 Nov 2015 22:20:33 +0100
ludo@gnu.org (Ludovic Courtès) wrote:

Toggle quote (15 lines)
> Efraim Flashner <efraim@flashner.co.il> skribis:
>
> [...]
>
> The failure is:
>
> --8<---------------cut here---------------start------------->8---
> 21228 mount("none", "/tmp/guix-directory.5sVcGc//dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=6"...) = -1 EPERM (Operation not permitted)
> 21228 exit_group(1) = ?
> --8<---------------cut here---------------end--------------->8---
>
> The problem may be that the kernel does not support
> CONFIG_DEVPTS_MULTIPLE_INSTANCES. Could you check that in
> /proc/config.gz or similar?

# CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set

Toggle quote (8 lines)
>
> The other problem is that there’s no error reporting, which doubles user
> frustration. David, could you look into it? :-)
>
> Ludo’.



--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
Attachment: config.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWW/G5AAoJEPTB05F+rO6TG74QAJu4zBxGdHHQ/AMJbRp/JZ/w
PKTBdd+XF/Jm4pc/piMHBs4BHuwFnQmzsbE0Or/ksDHvtx938ZMUItArIumlozx0
rkDwZzEl8j4Ixn4ivhMiWsN3pD6R3e03xYLeXybf3jyT/VV96ad9uEFyKNa29Fs4
Xen4Kx8ORI6dFktPhJSQJJl+r3XDYwtdyHsT/eU2Heoi5O8gJU86OHYdjMjJke+L
XHpBO1GafbpkBLKOGsqJI1bv/RUfQLDiBn6+7mA8G17WtpvRgKHCFZIT4h+yIJe3
wIHEatEQFCq/U0uNS9W+lT7NlGVXTopAB/+m7CYGO1TKy2XexqolfdQE9kyDQysb
98KZlwFftlA299NX9M8VMps9uAOoaA5D690R4jHfQRqpB1873jEqTcw1ZRZp+7fg
6C4leL6Z8ZG+mwbvGBkpuC7vUsCvjPRljfKPux1DMUogZzZjpy5ScDnmEWLhKq0n
n55xn1mxWJbFWqyZ8b4prVMqO/L79hiGQtk+O+r/qtE21u+bWfh5IO+rmTeE0y7p
XNUAbZGBQJfADFF+9mkXXnmFjEIc3FFaY02y6ujMwa4a9plhVzQz8iwLalIIrzGd
rZEbKdA30nCsTfhHlDP+GrhTbmYflFP1MGCfBs8winD1stUov30FTdpHbslr1BWA
s7yP5nvDWtR0x21LW5LX
=2F+R
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 30 Nov 2015 13:22
(name . Efraim Flashner)(address . efraim@flashner.co.il)
8737vnekxh.fsf@gnu.org
Efraim Flashner <efraim@flashner.co.il> skribis:

Toggle quote (20 lines)
> On Sun, 29 Nov 2015 22:20:33 +0100
> ludo@gnu.org (Ludovic Courtès) wrote:
>
>> Efraim Flashner <efraim@flashner.co.il> skribis:
>>
>> [...]
>>
>> The failure is:
>>
>> --8<---------------cut here---------------start------------->8---
>> 21228 mount("none", "/tmp/guix-directory.5sVcGc//dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=6"...) = -1 EPERM (Operation not permitted)
>> 21228 exit_group(1) = ?
>> --8<---------------cut here---------------end--------------->8---
>>
>> The problem may be that the kernel does not support
>> CONFIG_DEVPTS_MULTIPLE_INSTANCES. Could you check that in
>> /proc/config.gz or similar?
>
> # CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set

QED. :-) However, the daemon needs it too. Don’t you have problems
with guix-daemon as well, when building things locally on that machine?

Ludo’.
E
E
Efraim Flashner wrote on 30 Nov 2015 13:44
(name . Ludovic Courtès)(address . ludo@gnu.org)
20151130144413.73383d40@debian-netbook
On Mon, 30 Nov 2015 13:22:34 +0100
ludo@gnu.org (Ludovic Courtès) wrote:

Toggle quote (27 lines)
> Efraim Flashner <efraim@flashner.co.il> skribis:
>
> > On Sun, 29 Nov 2015 22:20:33 +0100
> > ludo@gnu.org (Ludovic Courtès) wrote:
> >
> >> Efraim Flashner <efraim@flashner.co.il> skribis:
> >>
> >> [...]
> >>
> >> The failure is:
> >>
> >> --8<---------------cut here---------------start------------->8---
> >> 21228 mount("none", "/tmp/guix-directory.5sVcGc//dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=6"...) = -1 EPERM (Operation not permitted)
> >> 21228 exit_group(1) = ?
> >> --8<---------------cut here---------------end--------------->8---
> >>
> >> The problem may be that the kernel does not support
> >> CONFIG_DEVPTS_MULTIPLE_INSTANCES. Could you check that in
> >> /proc/config.gz or similar?
> >
> > # CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
>
> QED. :-) However, the daemon needs it too. Don’t you have problems
> with guix-daemon as well, when building things locally on that machine?
>
> Ludo’.

Not at all, I've been building things all day. Is this the type of thing that
would control if there were multiple concurrent build processes? I've only
ever built things consecutively (not including make -j2). Without changing
settings, should I be building two packages concurrently, or building one and
downloading substitutes at the same time?

efraim@debian-netbook:~$ systemctl status guix-daemon.service
● guix-daemon.service - Guix daemon builds packges, installs them, and runs garbage collection.
Loaded: loaded (/etc/systemd/system/guix-daemon.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2015-11-28 21:36:22 IST; 1 day 17h ago
Main PID: 810 (guix-daemon)
CGroup: /system.slice/guix-daemon.service
└─810 /root/.guix-profile/bin/guix-daemon --build-users-group=guix-builder

--
Efraim Flashner <efraim@flashner.co.il> אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCgAGBQJWXESdAAoJEPTB05F+rO6Tw58P/i00zwKxtB6flFBbadDMh9G3
6PhaWAahC/mwf7RqvwEyGpx6+atWKb0taRTHbdYVqKA4qakvllvkH2Pa6gmSIFRJ
vJR13A1e/4B65P98VBmNu7hCx2jFH/cyXQJrZs276/3Tdyce/rlsBrVusr3II2ul
LBhjtgHGb4Lm91X7dJWjOq+AW2tcMWfRR30DhnYNv0dW2tM5a6OuxXlD/72+I+Gv
a2kTkgg8li0AXA7gsWBNn05BZEmPZvfxxT5cUPCDPHR7oUDhrdV4LG7vPOGBStUy
LSWupERY6uiK41IIOfJ7Zz4r5CSaSExLsj6PnukyfWZOpWALc4l0be7grQl2gHOI
qOMyae5d9AnLDsNKMffV9tKTXOLinQhrfrH40KiM9pgND2buMgsYZVr9E9FFeGoq
EclscN3QRi+sbFNJm6ijtvp1IxJlLjQrwuSN//uS9bsMVnmSXVC2SLPb2fYJX9L4
0pOrIxoYBrS9hR7ArOOpl095lnkQ89X0uNZVyG+7yOvTWsUfBqhRDU1BSZzgKiBz
AAO5YqQ/gybyLheztsbjnsSSfamRE4eNOr8zbvrhZImm69n1Rg2eYgfp2PsbWden
6wh2lBBluNzXLFYPQkxFDmN3U1ASUrlLzapjJRIQ72qepVv6B83rQUjMtNHOCdid
xjsWcfekcyc5hmDi4uof
=ZB2w
-----END PGP SIGNATURE-----


L
L
Ludovic Courtès wrote on 30 Nov 2015 13:51
(name . Efraim Flashner)(address . efraim@flashner.co.il)
87lh9fbqgv.fsf@gnu.org
Efraim Flashner <efraim@flashner.co.il> skribis:

Toggle quote (32 lines)
> On Mon, 30 Nov 2015 13:22:34 +0100
> ludo@gnu.org (Ludovic Courtès) wrote:
>
>> Efraim Flashner <efraim@flashner.co.il> skribis:
>>
>> > On Sun, 29 Nov 2015 22:20:33 +0100
>> > ludo@gnu.org (Ludovic Courtès) wrote:
>> >
>> >> Efraim Flashner <efraim@flashner.co.il> skribis:
>> >>
>> >> [...]
>> >>
>> >> The failure is:
>> >>
>> >> --8<---------------cut here---------------start------------->8---
>> >> 21228 mount("none", "/tmp/guix-directory.5sVcGc//dev/pts", "devpts", MS_NOSUID|MS_NOEXEC, "newinstance,ptmxmode=0666,mode=6"...) = -1 EPERM (Operation not permitted)
>> >> 21228 exit_group(1) = ?
>> >> --8<---------------cut here---------------end--------------->8---
>> >>
>> >> The problem may be that the kernel does not support
>> >> CONFIG_DEVPTS_MULTIPLE_INSTANCES. Could you check that in
>> >> /proc/config.gz or similar?
>> >
>> > # CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
>>
>> QED. :-) However, the daemon needs it too. Don’t you have problems
>> with guix-daemon as well, when building things locally on that machine?
>>
>> Ludo’.
>
> Not at all, I've been building things all day.

I’ve realized that the daemon has a fallback case for this situation, in
libstore/build.cc:

Toggle snippet (18 lines)
/* Mount a new devpts on /dev/pts. Note that this
requires the kernel to be compiled with
CONFIG_DEVPTS_MULTIPLE_INSTANCES=y (which is the case
if /dev/ptx/ptmx exists). */
if (pathExists("/dev/pts/ptmx") &&
!pathExists(chrootRootDir + "/dev/ptmx")
&& dirsInChroot.find("/dev/pts") == dirsInChroot.end())
{
if (mount("none", (chrootRootDir + "/dev/pts").c_str(), "devpts", 0, "newinstance,mode=0620") == -1)
throw SysError("mounting /dev/pts");
createSymlink("/dev/pts/ptmx", chrootRootDir + "/dev/ptmx");

/* Make sure /dev/pts/ptmx is world-writable. With some
Linux versions, it is created with permissions 0. */
chmod_(chrootRootDir + "/dev/pts/ptmx", 0666);
}

David, should we do something similar?

Thanks,
Ludo’.
L
L
Ludovic Courtès wrote on 28 Feb 2016 19:00
retitle
(address . request@debbugs.gnu.org)
87povgvhol.fsf@gnu.org
retitle 22053 'call-with-container' fails when CONFIG_DEVPTS_MULTIPLE_INSTANCES is not set
thanks
?