From debbugs-submit-bounces@debbugs.gnu.org Thu Feb 04 05:43:56 2021 Received: (at submit) by debbugs.gnu.org; 4 Feb 2021 10:43:56 +0000 Received: from localhost ([127.0.0.1]:39825 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l7c7A-0000x0-4o for submit@debbugs.gnu.org; Thu, 04 Feb 2021 05:43:56 -0500 Received: from lists.gnu.org ([209.51.188.17]:58858) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1l7c78-0000ws-Kz for submit@debbugs.gnu.org; Thu, 04 Feb 2021 05:43:55 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:35260) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l7c78-0000Eb-Dd for bug-guix@gnu.org; Thu, 04 Feb 2021 05:43:54 -0500 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:51632) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1l7c74-00033c-OT for bug-guix@gnu.org; Thu, 04 Feb 2021 05:43:53 -0500 X-IronPort-AV: E=Sophos;i="5.79,400,1602540000"; d="scan'208";a="490816946" Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2021 11:43:47 +0100 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Subject: =?utf-8?Q?=E2=80=98guix?= environment =?utf-8?Q?-C=E2=80=99?= fails with Linux 4.19 (Debian) X-Debbugs-Cc: Dimitri DELABROYE X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 16 =?utf-8?Q?Pluvi=C3=B4se?= an 229 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Thu, 04 Feb 2021 11:43:47 +0100 Message-ID: <87h7ms8658.fsf@inria.fr> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Received-SPF: pass client-ip=192.134.164.83; envelope-from=ludovic.courtes@inria.fr; helo=mail2-relais-roc.national.inria.fr X-Spam_score_int: -41 X-Spam_score: -4.2 X-Spam_bar: ---- X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) I=E2=80=99m observing this: --8<---------------cut here---------------start------------->8--- $ guix environment --ad-hoc coreutils -C guix environment: error: mount: mount "/gnu/store/mmhimfwmmidf09jw1plw3aw1g= 1zn2nkh-bash-static-5.0.16" on "/tmp/guix-directory.Nagh8Y//gnu/store/mmhim= fwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16": Operation not permitted $ uname -rv 4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28) $ cat /proc/sys/kernel/unprivileged_userns_clone 1 --8<---------------cut here---------------end--------------->8--- Excerpt of the strace log: --8<---------------cut here---------------start------------->8--- 7605 mkdir("/tmp/guix-directory.EtXAVT/dev/mqueue", 0777) =3D 0 7605 mount("mqueue", "/tmp/guix-directory.EtXAVT//dev/mqueue", "mqueue", M= S_NOSUID|MS_NODEV|MS_NOEXEC, NULL) =3D 0 7605 stat("/home/lcourtes", {st_mode=3DS_IFDIR|0710, st_size=3D4096, ...})= =3D 0 7605 mkdir("/tmp", 0777) =3D -1 EEXIST (File exists) 7605 mkdir("/tmp/guix-directory.EtXAVT", 0777) =3D -1 EEXIST (File exists) 7605 mkdir("/tmp/guix-directory.EtXAVT/home", 0777) =3D 0 7605 mkdir("/tmp/guix-directory.EtXAVT/home/lcourtes", 0777) =3D 0 7605 mount("/home/lcourtes", "/tmp/guix-directory.EtXAVT//home/lcourtes", = 0xeea390, MS_BIND, NULL) =3D 0 7605 stat("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16"= , {st_mode=3DS_IFDIR|0555, st_size=3D4096, ...}) =3D 0 7605 mkdir("/tmp", 0777) =3D -1 EEXIST (File exists) 7605 mkdir("/tmp/guix-directory.EtXAVT", 0777) =3D -1 EEXIST (File exists) 7605 mkdir("/tmp/guix-directory.EtXAVT/gnu", 0777) =3D 0 7605 mkdir("/tmp/guix-directory.EtXAVT/gnu/store", 0777) =3D 0 7605 mkdir("/tmp/guix-directory.EtXAVT/gnu/store/mmhimfwmmidf09jw1plw3aw1g= 1zn2nkh-bash-static-5.0.16", 0777) =3D 0 7605 mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16= ", "/tmp/guix-directory.EtXAVT//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-= bash-static-5.0.16", 0xeea3b0, MS_RDONLY|MS_BIND, NULL) =3D 0 7605 mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16= ", "/tmp/guix-directory.EtXAVT//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-= bash-static-5.0.16", 0xeea3d0, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) =3D -1 E= PERM (Operation not permitted) --8<---------------cut here---------------end--------------->8--- The read-only remount comes from =E2=80=98mount-file-system=E2=80=99 in (gn= u build file-systems): ;; For read-only bind mounts, an extra remount is needed, as per ;; , which still applies to Linux ;; 4.0. (when (and (=3D MS_BIND (logand flags MS_BIND)) (=3D MS_RDONLY (logand flags MS_RDONLY))) (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY))) (mount source mount-point type flags #f))) This recipe has been working well =E2=80=9Cforever=E2=80=9D, although it=E2= =80=99s probably unnecessary with recent kernels (the LWN article is from 2008). The problem may have to do with the fact that /gnu/store is an NFS mount. Indeed, similar commands fail on $HOME (also an NFS mount): --8<---------------cut here---------------start------------->8--- $ mkdir t m $ unshare -mrf # mount --bind ./t ./m # mount --bind -r -o remount ./t ./m mount: /home/lcourtes/m: permission denied. --8<---------------cut here---------------end--------------->8--- =E2=80=A6 but they succeed on /tmp (not an NFS mount): --8<---------------cut here---------------start------------->8--- $ mkdir /tmp/t $ mkdir /tmp/m $ unshare -mrf # mount --bind /tmp/{t,m} # mount --bind -r -o remount /tmp/{t,m} --8<---------------cut here---------------end--------------->8--- To be continued=E2=80=A6 Ludo=E2=80=99.