Garbage collector ('gc') deletes valid user roots when $HOME is inaccessible

  • Done
  • quality assurance status badge
Details
3 participants
  • Felix Lechner
  • Liliana Marie Prikler
  • Ludovic Courtès
Owner
unassigned
Submitted by
Felix Lechner
Severity
normal
F
F
Felix Lechner wrote on 19 Oct 2022 19:14
(address . bug-guix@gnu.org)
CAFHYt57EhbFK1c+V9Kw7k-_zkiSRkLwmoYawdRcuiA9L-EOXvg@mail.gmail.com
Hi,

The Guix garbage collector ('gc') deletes valid user roots when those
links are not resolvable via the user's home folder in places such as

~/.cache/guix/profiles/

which potentially leaves the user without a working profile.

Home folders are not always accessible to the root user, and may
therefore also not be accessible to the Guix daemon. In some
networked setups, for example, home folders can be automounted.

In my particular case, the home folder was inaccessible due to my
encrypted filesystem's security policies, which are enforced by FUSE
when using gocryptfs. [1]

The FUSE feature can be turned off [2] and Gocryptfs can 'allow_other'
[3] but that is a large concession and may not solve the daemon's
alleged (mis-)behavior in the general case.

Thank you for reading!

Kind regards
Felix Lechner

L
L
Liliana Marie Prikler wrote on 20 Oct 2022 13:41
56e9b8174db579880cf599a9a136db9bf60a42b1.camel@ist.tugraz.at
Am Mittwoch, dem 19.10.2022 um 10:14 -0700 schrieb Felix Lechner:
Toggle quote (8 lines)
> Hi,
>
> The Guix garbage collector ('gc') deletes valid user roots when those
> links are not resolvable via the user's home folder in places such as
>
>     ~/.cache/guix/profiles/
>
> which potentially leaves the user without a working profile.
The output of `guix gc --list-roots' seems to suggest that the actual
garbage collector roots are in /var/guix/profiles (note that root sees
the roots of all users, whereas users only see their own).

More importantly, all GC roots in /home seem to point to the cache used
by guix shell. By definition, everything in XDG_CACHE_HOME should be
removable without consequences. Is this not the case here?

Cheers
L
L
Ludovic Courtès wrote on 21 Oct 2022 09:30
Re: bug#58640: Garbage collector ('gc') deletes valid user roots when $HOME is inaccessible
(name . Felix Lechner)(address . felix.lechner@lease-up.com)(address . 58640@debbugs.gnu.org)
87r0z1ab1q.fsf@gnu.org
Hi Felix,

Felix Lechner <felix.lechner@lease-up.com> skribis:

Toggle quote (15 lines)
> The Guix garbage collector ('gc') deletes valid user roots when those
> links are not resolvable via the user's home folder in places such as
>
> ~/.cache/guix/profiles/
>
> which potentially leaves the user without a working profile.
>
> Home folders are not always accessible to the root user, and may
> therefore also not be accessible to the Guix daemon. In some
> networked setups, for example, home folders can be automounted.
>
> In my particular case, the home folder was inaccessible due to my
> encrypted filesystem's security policies, which are enforced by FUSE
> when using gocryptfs. [1]

To complement what Liliana wrote, there are two kinds of GC root:
“regular roots” (the symlinks under /var/guix/profiles and
/var/guix/gcroots), and “indirect roots” (symlinks created when you run
‘guix shell’ or when you run ‘guix package -p ~/my-root’).

Indirect roots are invisible to the GC if the file system where they
live is inaccessible. That’s what you observed.

There’s no good solution I can think of, except not storing indirect
roots on a file system not visible to the GC.

I hope that makes sense!

Thanks,
Ludo’.
L
L
Ludovic Courtès wrote on 10 Nov 2022 11:47
control message for bug #58640
(address . control@debbugs.gnu.org)
87leojjdbc.fsf@gnu.org
tags 58640 notabug
close 58640
quit
?