guix environment --expose options cannot be layered onto $PWD

  • Done
  • quality assurance status badge
Details
5 participants
  • bbb ee
  • bokr
  • Josselin Poiret
  • Maxim Cournoyer
  • Simon Tournier
Owner
unassigned
Submitted by
Maxim Cournoyer
Severity
normal
M
M
Maxim Cournoyer wrote on 25 Feb 2021 22:12
(name . bug-guix)(address . bug-guix@gnu.org)
87blc797i5.fsf@gmail.com
Hello Guix!

I noticed, while trying to expose the SSL environment variable inside a
container and doing things such as:

Toggle snippet (4 lines)
guix environment --container --network -E SSL --expose=$SSL_CERT_FILE \
--expose=$SSL_CERT_DIR --ad-hoc [...]

that it wasn't possible to expose things onto the implicitly mounted
current working directory. No error message would be shown, yet the
--expose arguments wouldn't go through unless using --no-cwd.

Here's a minimal example:

Toggle snippet (5 lines)
$ guix environment -C --expose=/tmp=$PWD/tmp \
--ad-hoc bash coreutils -- bash -c 'stat $PWD/tmp'
stat: cannot statx '/var/lib/jenkins/tmp': No such file or directory

but,

Toggle snippet (12 lines)
$ guix environment --no-cwd -C --expose=/tmp=$PWD/tmp \
--ad-hoc bash coreutils -- bash -c 'stat $PWD/tmp'
File: /var/lib/jenkins/tmp
Size: 73728 Blocks: 152 IO Block: 4096 directory
Device: fd00h/64768d Inode: 1966081 Links: 397
Access: (1777/drwxrwxrwt) Uid: (65534/ UNKNOWN) Gid: (65534/overflow)
Access: 2021-02-25 20:40:08.534757708 +0000
Modify: 2021-02-25 21:10:49.205636074 +0000
Change: 2021-02-25 21:10:49.205636074 +0000
Birth: 2016-12-07 20:43:16.029221570 +0000

succeeds.

I can't think of a technical reason why layering bind mounts wouldn't
work; in fact it already appear to work for multiple --expose options
touching the same hierarchy of files.

If there's a technical reason this cannot/shouldn't happen, we should
warn the user about it.

Thanks,

Maxim
B
M
M
Maxim Cournoyer wrote on 27 Jan 2023 17:19
(name . bbb ee)(address . blasforr@gmail.com)(address . 46782@debbugs.gnu.org)
877cx8x84p.fsf_-_@gmail.com
Hi,

bbb ee <blasforr@gmail.com> writes:

Toggle quote (2 lines)
> There is a similar issue that is solved: https://issues.guix.gnu.org/59425

I can still reproduce the original problem with:

Toggle snippet (4 lines)
guix environment -C --expose=/tmp=$PWD/tmp --ad-hoc bash coreutils \
-- bash -c 'stat $PWD/tmp'

So it seems the issue at hand is unrelated/different.

--
Thanks,
Maxim
S
S
Simon Tournier wrote on 27 Jan 2023 18:31
(address . 46782@debbugs.gnu.org)
87pmazopdx.fsf@gmail.com
Hi Maxim,

A naive question since it works when using the --no-cwd option.

On ven., 27 janv. 2023 at 11:19, Maxim Cournoyer <maxim.cournoyer@gmail.com> wrote:

Toggle quote (5 lines)
> --8<---------------cut here---------------start------------->8---
> guix environment -C --expose=/tmp=$PWD/tmp --ad-hoc bash coreutils \
> -- bash -c 'stat $PWD/tmp'
> --8<---------------cut here---------------end--------------->8---

Is $PWD referring to the same thing? Because one is outside and the
other is inside.

Cheers,
simon
M
M
Maxim Cournoyer wrote on 6 Feb 2023 22:54
(name . Simon Tournier)(address . zimon.toutoune@gmail.com)
87r0v2lasz.fsf@gmail.com
Hi,

Simon Tournier <zimon.toutoune@gmail.com> writes:

Toggle quote (14 lines)
> Hi Maxim,
>
> A naive question since it works when using the --no-cwd option.
>
> On ven., 27 janv. 2023 at 11:19, Maxim Cournoyer <maxim.cournoyer@gmail.com> wrote:
>
>> --8<---------------cut here---------------start------------->8---
>> guix environment -C --expose=/tmp=$PWD/tmp --ad-hoc bash coreutils \
>> -- bash -c 'stat $PWD/tmp'
>> --8<---------------cut here---------------end--------------->8---
>
> Is $PWD referring to the same thing? Because one is outside and the
> other is inside.

Yes! See:

Toggle snippet (6 lines)
maxim@hurd ~$ echo $PWD/tmp && guix environment \
-C --expose=/tmp=$PWD/tmp --ad-hoc bash coreutils -- bash -c 'echo $PWD/tmp'
/home/maxim/tmp
/home/maxim/tmp

--
Thanks,
Maxim
B
B
bokr wrote on 7 Feb 2023 02:24
(name . Maxim Cournoyer)(address . maxim.cournoyer@gmail.com)
20230207012404.GA3706@LionPure
Hi,

On +2023-02-06 16:54:20 -0500, Maxim Cournoyer wrote:
Toggle quote (32 lines)
> Hi,
>
> Simon Tournier <zimon.toutoune@gmail.com> writes:
>
> > Hi Maxim,
> >
> > A naive question since it works when using the --no-cwd option.
> >
> > On ven., 27 janv. 2023 at 11:19, Maxim Cournoyer <maxim.cournoyer@gmail.com> wrote:
> >
> >> --8<---------------cut here---------------start------------->8---
> >> guix environment -C --expose=/tmp=$PWD/tmp --ad-hoc bash coreutils \
> >> -- bash -c 'stat $PWD/tmp'
> >> --8<---------------cut here---------------end--------------->8---
> >
> > Is $PWD referring to the same thing? Because one is outside and the
> > other is inside.
>
> Yes! See:
>
> --8<---------------cut here---------------start------------->8---
> maxim@hurd ~$ echo $PWD/tmp && guix environment \
> -C --expose=/tmp=$PWD/tmp --ad-hoc bash coreutils -- bash -c 'echo $PWD/tmp'
> /home/maxim/tmp
> /home/maxim/tmp
> --8<---------------cut here---------------end--------------->8---
>
> --
> Thanks,
> Maxim
>

I imagine the created environment is COW[1]

Then your output above,
Toggle snippet (3 lines)
> /home/maxim/tmp
> /home/maxim/tmp
looks the same, but IIUC they have different '/' root dirs, the one
in the container being like an initrd separate file system.

Or is --expose meant to be a shared rw reference to the caller's memory
(directory content or regular file etc) from the start?
That would seem hard to keep safe, so I doubt that's the design.

How do the two tmp's stat? (Before and after writing content
like $PWD/tmp/foo ?

And foo doesn't appear in the caller $PWD/tmp/* right?

What is your use case goal for --expose=/tmp=$PWD/tmp ?

SFTN if this is useless distraction.
--
Regards,
Bengt Richter
J
J
Josselin Poiret wrote on 13 Feb 2023 22:17
875yc5clka.fsf@jpoiret.xyz
Hello everyone,

A quick strace shows that it's actually an ordering issue: /home/user is
mounted in the container after /home/user/tmp. The fix is pretty
simple, moving the cwd first, before the explicit --expose arguments.

I'm noticing that the --expose option creates an empty tmp folder in the
user's home in that case though, which I don't like, however I don't
think there's any better option. Patch following.

Best,
--
Josselin Poiret
-----BEGIN PGP SIGNATURE-----

iQHEBAEBCAAuFiEEOSSM2EHGPMM23K8vUF5AuRYXGooFAmPqqNYQHGRldkBqcG9p
cmV0Lnh5egAKCRBQXkC5Fhcaih1lC/42qXLnoCWuewbdVApP5tjrCFhpeHCoMOpr
7LO4c89GMxgFsDa7+PrBamtTY3AmK5tCb3V6FTagB5gUNz4ejPHJVfJY9YXuJ4UW
uyFOWGrsKjzZI/Wys0SoaXLMri9CIre+awdyGnu8J+BPMhRcZOuLRq5Sqn1ImQAW
ntbSk07MdEIF4NVxEKlX5r//kYZEsY1aPB2+dFFkEi49fgUZusgeG0K31aHpaXNk
/wysK6wEtUEeNvdOIwG/KuuaY8wFFaU/cMGXHw4qRww0Fzv9R7/VT7vr3ebYTk3f
jkyaPdtoWIP4HRT8q8TLLnWTkohKl1O90sMqpC+91wp8o/l2nqVWY0pIAH30emRx
/5fBgUGG0AaQrUG9A8/XFRNTQcoGFKqv7T15IRfYDl5xJqR+OGcYpf8i9D/sVh0v
ak02mxrERD0By6MUKZYdtkbAj/NmVRLV53sNxB0W/bzIw1mIlHJi9W7OFqc36U/Q
8EWfmVfv0niVEKdU2FWA0Bj7ybUxq6U=
=m4H8
-----END PGP SIGNATURE-----

J
J
Josselin Poiret wrote on 13 Feb 2023 22:31
[PATCH] scripts: environment: Mount cwd before user specified --expose.
ed8a1f0cc8a3f8e92b2a299bb71feeb88ffa7281.1676323731.git.dev@jpoiret.xyz
* guix/scripts/environment.scm (launch-environment/container): Put cwd mapping
at front of the file system mappings.

Fixes: #46782
---
guix/scripts/environment.scm | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)

Toggle diff (26 lines)
diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index 46435ae48e..8a1fc3c0ee 100644
--- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -767,14 +767,14 @@ (define fhs-mappings
(append
(override-user-mappings
user home
- (append user-mappings
- ;; Share current working directory, unless asked not to.
+ (append ;; Share current working directory, unless asked not to.
(if map-cwd?
(list (file-system-mapping
(source cwd)
(target cwd)
(writable? #t)))
- '())))
+ '())
+ user-mappings))
;; Mappings for the union closure of all inputs.
(map (lambda (dir)
(file-system-mapping

base-commit: dd724cfad45d76b9dcc5b073876c995715c92a07
--
2.39.1
S
S
Simon Tournier wrote on 14 Feb 2023 12:04
control message for bug #46782
(address . control@debbugs.gnu.org)
87r0us1pac.fsf@gmail.com
tags 46782 + patch
quit
M
M
Maxim Cournoyer wrote on 7 Mar 2023 03:23
Re: bug#46782: guix environment --expose options cannot be layered onto $PWD
(name . Josselin Poiret)(address . dev@jpoiret.xyz)
871qm1z4df.fsf@gmail.com
Hello Josselin,

Josselin Poiret <dev@jpoiret.xyz> writes:

Toggle quote (6 lines)
> Hello everyone,
>
> A quick strace shows that it's actually an ordering issue: /home/user is
> mounted in the container after /home/user/tmp. The fix is pretty
> simple, moving the cwd first, before the explicit --expose arguments.

Thanks for the troubleshooting and patch! I've now applied it.

Toggle quote (4 lines)
> I'm noticing that the --expose option creates an empty tmp folder in the
> user's home in that case though, which I don't like, however I don't
> think there's any better option. Patch following.

At least it's better to be left with an empty directory than with
mysteriously nothing happening and the use case not working as expected
:-).

--
Thanks,
Maxim
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 46782@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 46782
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch