X-Loop: help-debbugs@HIDDEN
Subject: bug#61690: Failure to mount /sys in nested =?UTF-8?Q?=E2=80=98guix_?= =?UTF-8?Q?shell=E2=80=99?= container
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: konrad.hinsen@HIDDEN, bug-guix@HIDDEN
Resent-Date: Tue, 21 Feb 2023 22:46:01 +0000
Resent-Message-ID: <handler.61690.B.167701953131553 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 61690
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: 61690 <at> debbugs.gnu.org
Cc: Konrad Hinsen <konrad.hinsen@HIDDEN>
X-Debbugs-Original-To: bug-guix@HIDDEN
X-Debbugs-Original-Xcc: Konrad Hinsen <konrad.hinsen@HIDDEN>
Received: via spool by submit <at> debbugs.gnu.org id=B.167701953131553
(code B ref -1); Tue, 21 Feb 2023 22:46:01 +0000
Received: (at submit) by debbugs.gnu.org; 21 Feb 2023 22:45:31 +0000
Received: from localhost ([127.0.0.1]:57433 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pUbO7-0008Cq-4l
for submit <at> debbugs.gnu.org; Tue, 21 Feb 2023 17:45:31 -0500
Received: from lists.gnu.org ([209.51.188.17]:56844)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1pUbO5-0008Ch-MW
for submit <at> debbugs.gnu.org; Tue, 21 Feb 2023 17:45:30 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludovic.courtes@HIDDEN>)
id 1pUbO5-0004O9-GU
for bug-guix@HIDDEN; Tue, 21 Feb 2023 17:45:29 -0500
Received: from mail3-relais-sop.national.inria.fr ([192.134.164.104])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludovic.courtes@HIDDEN>)
id 1pUbO2-0002gy-KL
for bug-guix@HIDDEN; Tue, 21 Feb 2023 17:45:29 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc;
h=from:to:subject:date:message-id:mime-version:
content-transfer-encoding;
bh=I5K1diRR4J7ZhR0xDq1QCFfBoHIwCrqfmCmDFRy6pEA=;
b=XyZkCDtxG/GiW8NHoI+mI2h+Nz12Uq2ZoRaTGkXTT4oknBFc4q94b+21
zyi9uLOf7o1PmAFf/bFyRus196wWUz7V70GO9i8+AtMCOtzoI/hE/kko6
9qIGAzpQqZ5PXMw9xQYIa8zpO2ufQtlPSZkkFIIjfM6n6olGbS5AHI5Db c=;
Authentication-Results: mail3-relais-sop.national.inria.fr;
dkim=none (message not signed) header.i=none;
spf=SoftFail smtp.mailfrom=ludovic.courtes@HIDDEN;
dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="5.97,317,1669071600"; d="scan'208";a="48312903"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
by mail3-relais-sop.national.inria.fr with
ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Feb 2023 23:45:21 +0100
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: Tridi 3 =?UTF-8?Q?Vent=C3=B4se?= an 231 de la
=?UTF-8?Q?R=C3=A9volution,?= jour du Violier
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Tue, 21 Feb 2023 23:45:20 +0100
Message-ID: <87v8jud4e7.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=192.134.164.104;
envelope-from=ludovic.courtes@HIDDEN;
helo=mail3-relais-sop.national.inria.fr
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.3 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.3 (--)
Hi!
As reported by Konrad=C2=B9, nested =E2=80=98guix shell -C=E2=80=99 fails:
--8<---------------cut here---------------start------------->8---
$ guix shell -CN guix \
--expose=3D/var/guix/daemon-socket/socket \
--expose=3D/gnu/store \
-- guix shell -C coreutils -- ls /
guix shell: error: mount: mount "none" on "/tmp/guix-directory.xO3FIx/sys":=
Operation not permitted
--8<---------------cut here---------------end--------------->8---
Strace shows this:
--8<---------------cut here---------------start------------->8---
17541 clone(child_stack=3DNULL, flags=3DCLONE_NEWNS|CLONE_NEWCGROUP|CLONE_N=
EWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) =3D 7
[=E2=80=A6]
17551 mount("none", "/tmp/guix-directory.d6rKy1", "tmpfs", 0, NULL) =3D 0
17551 mkdir("/tmp", 0777) =3D -1 EEXIST (File exists)
17551 mkdir("/tmp/guix-directory.d6rKy1", 0777) =3D -1 EEXIST (File exists)
17551 mkdir("/tmp/guix-directory.d6rKy1/proc", 0777) =3D 0
17551 mount("none", "/tmp/guix-directory.d6rKy1/proc", "proc", MS_NOSUID|MS=
_NODEV|MS_NOEXEC, NULL) =3D 0
17551 mkdir("/tmp", 0777) =3D -1 EEXIST (File exists)
17551 mkdir("/tmp/guix-directory.d6rKy1", 0777) =3D -1 EEXIST (File exists)
17551 mkdir("/tmp/guix-directory.d6rKy1/sys", 0777) =3D 0
17551 mount("none", "/tmp/guix-directory.d6rKy1/sys", "sysfs", MS_RDONLY|MS=
_NOSUID|MS_NODEV|MS_NOEXEC, NULL) =3D -1 EPERM (Operation not permitted)
--8<---------------cut here---------------end--------------->8---
It does work if the nested =E2=80=98guix shell=E2=80=99 uses =E2=80=98-CN=
=E2=80=99 instead of =E2=80=98-C=E2=80=99,
thanks to this bit in (gnu build linux-container)
(mount-file-systems root mounts
#:mount-/proc? (memq 'pid namespaces)
#:mount-/sys? (memq 'net
namespaces)) ;<---
The reason for this bug seems to be given here:
https://github.com/nestybox/sysbox/issues/67#issuecomment-726285026
It=E2=80=99s not clear whether there=E2=80=99s anything we can do, other th=
an
recommending =E2=80=98-CN=E2=80=99 as well in the nested container.
Thoughts?
Ludo=E2=80=99.
=C2=B9 https://lists.gnu.org/archive/html/guix-devel/2023-02/msg00027.html
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN> Subject: bug#61690: Acknowledgement (Failure to mount /sys in nested =?UTF-8?Q?=E2=80=98guix_?= =?UTF-8?Q?shell=E2=80=99?= container) Message-ID: <handler.61690.B.167701953131553.ack <at> debbugs.gnu.org> References: <87v8jud4e7.fsf@HIDDEN> X-Gnu-PR-Message: ack 61690 X-Gnu-PR-Package: guix Reply-To: 61690 <at> debbugs.gnu.org Date: Tue, 21 Feb 2023 22:46:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. As you requested using X-Debbugs-CC, your message was also forwarded to Konrad Hinsen <konrad.hinsen@HIDDEN> (after having been given a bug report number, if it did not have one). Your message has been sent to the package maintainer(s): bug-guix@HIDDEN If you wish to submit further information on this problem, please send it to 61690 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 61690: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D61690 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: bug#61690: Failure to mount /sys in nested =?UTF-8?Q?=E2=80=98guix_?= =?UTF-8?Q?shell=E2=80=99?= container
Resent-From: Josselin Poiret <dev@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 02 Mar 2023 09:55:01 +0000
Resent-Message-ID: <handler.61690.B61690.167775088432110 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61690
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>, 61690 <at> debbugs.gnu.org
Cc: Konrad Hinsen <konrad.hinsen@HIDDEN>
Received: via spool by 61690-submit <at> debbugs.gnu.org id=B61690.167775088432110
(code B ref 61690); Thu, 02 Mar 2023 09:55:01 +0000
Received: (at 61690) by debbugs.gnu.org; 2 Mar 2023 09:54:44 +0000
Received: from localhost ([127.0.0.1]:55824 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pXfe7-0008Lq-Jr
for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 04:54:43 -0500
Received: from jpoiret.xyz ([206.189.101.64]:38836)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <dev@HIDDEN>) id 1pXfe6-0008Lh-Bn
for 61690 <at> debbugs.gnu.org; Thu, 02 Mar 2023 04:54:42 -0500
Received: from authenticated-user (jpoiret.xyz [206.189.101.64])
by jpoiret.xyz (Postfix) with ESMTPA id 78C06184F03;
Thu, 2 Mar 2023 09:54:40 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim;
t=1677750880;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
in-reply-to:in-reply-to:references:references;
bh=KmGzoQIkqkdVQFpMLzdJRGbpKYs3TfgzvQSqJAS5WtM=;
b=FvabOWFLfQEH+qln89XxHgODdxqRorp4oRD9dsIhycaeBQz+SIptrfqtS3EUou5WrEXF+8
nSeDnq3kLzBuToF7kqn1BvljLBK9+aA6lVxmfB4YNleZiwr9qSeWF3aipxpNOoExvZz0Bz
ktWgG32uCDuPRE7u4JBLvj/rXI50SFJweR8aJ57iXUQOuDcidsxb9VxE3qotg/gLlQnjqO
+xGH2oE3OqqsxvRe1qpDOHSwYfAuTYxx/Jua4IRwrLPc8pHBtfZLSa6QiAjKq7pS78dUF3
RsqWKJRNBn+8r9ukeGDoRVqaw3zNPJwirB2yOq0qDXGaEJxTgMb/84+IUuTi0w==
From: Josselin Poiret <dev@HIDDEN>
In-Reply-To: <87v8jud4e7.fsf@HIDDEN>
References: <87v8jud4e7.fsf@HIDDEN>
Date: Thu, 02 Mar 2023 10:54:36 +0100
Message-ID: <878rgflbqb.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha256; protocol="application/pgp-signature"
Authentication-Results: jpoiret.xyz;
auth=pass smtp.auth=jpoiret@HIDDEN smtp.mailfrom=dev@HIDDEN
X-Spamd-Bar: --
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.0 (/)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi Ludo,
Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
> The reason for this bug seems to be given here:
>
> https://github.com/nestybox/sysbox/issues/67#issuecomment-726285026
>
> It=E2=80=99s not clear whether there=E2=80=99s anything we can do, other =
than
> recommending =E2=80=98-CN=E2=80=99 as well in the nested container.
Couldn't we always create a new network namespace, but when -N is passed
it also has a veth interface? The one problem I can think of is that
we'd need to either create one veth per interface in the parent
namespace or let the user specify which interface should be shared.
Best,
=2D-=20
Josselin Poiret
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCAAuFiEEOSSM2EHGPMM23K8vUF5AuRYXGooFAmQAclwQHGRldkBqcG9p
cmV0Lnh5egAKCRBQXkC5FhcaivbVC/9ZQQeNLZa1vxoFQ/zTIeQALu7By92JqUOU
fuK8OdcBiY+B4+ztLZt+8fQH5HdLv8RSsPkB/90qeHbXTX0f3rpa9QNIcC3rXh7Z
umDZPYTdxW3us5ZIHFVz2Pb0ITL5LKcAbd1k4C8sJlW4hGqzssmxKurIoJhrcefT
rRZxOBGUjuY4Jaf7C6gMDaOArkWDssMal7ebPKPdgkX5SXP77v/4sdt/wTqloqDP
aPfFOVY/aks75DPmiOAaZCOeRKNtJFJWvR2VrJS38YjVqjjeOabbNbioV+YnFe78
IA2lmx42PwJ5Nx3Kbo4judmPLSDf95wsK0R9eDeT07CSy+MeHxZvrKZudA6+p9xK
XQmsF+Gp6FNMKwXARJWX91PSopGDBMumou4Ivrj26NIPChSYh5LfE8O1p9ZX7TQs
JgEKzSJdQH14E0kGsx5WSxcKRSsIovGEnyKwQFI34kWhPaEGedOaB2VzQlUU3g2O
9o2+yjACjOGsC15jgogTIHOJ1o/HB4U=
=J2CF
-----END PGP SIGNATURE-----
--=-=-=--
X-Loop: help-debbugs@HIDDEN
Subject: bug#61690: Failure to mount /sys in nested =?UTF-8?Q?=E2=80=98guix_?= =?UTF-8?Q?shell=E2=80=99?= container
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 02 Mar 2023 17:12:02 +0000
Resent-Message-ID: <handler.61690.B61690.167777708528006 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61690
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Josselin Poiret <dev@HIDDEN>
Cc: 61690 <at> debbugs.gnu.org, Konrad Hinsen <konrad.hinsen@HIDDEN>
Received: via spool by 61690-submit <at> debbugs.gnu.org id=B61690.167777708528006
(code B ref 61690); Thu, 02 Mar 2023 17:12:02 +0000
Received: (at 61690) by debbugs.gnu.org; 2 Mar 2023 17:11:25 +0000
Received: from localhost ([127.0.0.1]:58283 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pXmSj-0007Hd-FZ
for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 12:11:25 -0500
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:14354)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludovic.courtes@HIDDEN>) id 1pXmSh-0007HO-UE
for 61690 <at> debbugs.gnu.org; Thu, 02 Mar 2023 12:11:24 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=inria.fr; s=dc;
h=from:to:cc:subject:references:date:in-reply-to:
message-id:mime-version:content-transfer-encoding;
bh=+jU4Oe9iwaIMCIe2HeFGr0HLpemqSyk/t2aOjPp4IIc=;
b=epiuyBgvMT1CWcjU44SLCHHQbLcGktGvzykhqqQYVLEnHNuJCNl6GrcM
SVBxIuDXZIX/xF6hHZ3UXUhHMZOvKwAluxMcB5Cmi9NGJgZ3ZCCyaVuJb
jTWzbOJOTY0u0IVhTbrjvD/uwV0l2bSUQTQNW8g6GqAVfVl9yAN2BtYQq Q=;
Authentication-Results: mail2-relais-roc.national.inria.fr;
dkim=none (message not signed) header.i=none;
spf=SoftFail smtp.mailfrom=ludovic.courtes@HIDDEN;
dmarc=fail (p=none dis=none) d=inria.fr
X-IronPort-AV: E=Sophos;i="5.98,228,1673910000"; d="scan'208";a="95152043"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
by mail2-relais-roc.national.inria.fr with
ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 02 Mar 2023 18:11:15 +0100
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
References: <87v8jud4e7.fsf@HIDDEN> <878rgflbqb.fsf@HIDDEN>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: Duodi 12 =?UTF-8?Q?Vent=C3=B4se?= an 231 de la
=?UTF-8?Q?R=C3=A9volution,?= jour de l'Orme
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 02 Mar 2023 18:11:16 +0100
In-Reply-To: <878rgflbqb.fsf@HIDDEN> (Josselin Poiret's message of "Thu,
02 Mar 2023 10:54:36 +0100")
Message-ID: <87wn3z3wp7.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi Josselin,
Josselin Poiret <dev@HIDDEN> skribis:
> Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
>
>> The reason for this bug seems to be given here:
>>
>> https://github.com/nestybox/sysbox/issues/67#issuecomment-726285026
>>
>> It=E2=80=99s not clear whether there=E2=80=99s anything we can do, other=
than
>> recommending =E2=80=98-CN=E2=80=99 as well in the nested container.
>
> Couldn't we always create a new network namespace, but when -N is passed
> it also has a veth interface? The one problem I can think of is that
> we'd need to either create one veth per interface in the parent
> namespace or let the user specify which interface should be shared.
Maybe we could, but I must confess I=E2=80=99m totally clueless on this veth
thing. :-)
What would this entail? Hopefully guile-netlink can help?
Thanks,
Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: bug#61690: Failure to mount /sys in nested =?UTF-8?Q?=E2=80=98guix_?= =?UTF-8?Q?shell=E2=80=99?= container
Resent-From: Josselin Poiret <dev@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: bug-guix@HIDDEN
Resent-Date: Thu, 02 Mar 2023 17:34:02 +0000
Resent-Message-ID: <handler.61690.B61690.167777840130222 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61690
X-GNU-PR-Package: guix
X-GNU-PR-Keywords:
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@HIDDEN>
Cc: 61690 <at> debbugs.gnu.org, Konrad Hinsen <konrad.hinsen@HIDDEN>
Received: via spool by 61690-submit <at> debbugs.gnu.org id=B61690.167777840130222
(code B ref 61690); Thu, 02 Mar 2023 17:34:02 +0000
Received: (at 61690) by debbugs.gnu.org; 2 Mar 2023 17:33:21 +0000
Received: from localhost ([127.0.0.1]:58313 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pXmnw-0007rO-Kx
for submit <at> debbugs.gnu.org; Thu, 02 Mar 2023 12:33:20 -0500
Received: from jpoiret.xyz ([206.189.101.64]:39340)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <dev@HIDDEN>) id 1pXmnv-0007rF-7h
for 61690 <at> debbugs.gnu.org; Thu, 02 Mar 2023 12:33:19 -0500
Received: from authenticated-user (jpoiret.xyz [206.189.101.64])
by jpoiret.xyz (Postfix) with ESMTPA id 8763E184CE0;
Thu, 2 Mar 2023 17:33:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jpoiret.xyz; s=dkim;
t=1677778397;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:content-type:content-type:
in-reply-to:in-reply-to:references:references;
bh=yrxbTy6RHJgM3HBs2HuiMgbfjSNl3i2W+nku6qS6hAo=;
b=IHccDRiRwHsWZbTE3P9vljhiTb+HZ9FWHlP/Lecwo+WoKS/zpjxnFg9/AhZ/yqYYqTnrdI
IkHv9bI1KkWP/mAUczhkre4CBWyusNYSzoFH26lSmC5Vs5/S7iN8d28EjiZBNhdG5noPL1
6eWCGG1EoTCZbjVbJIepNr1gTIpJkpBI1kza1WguKKfG+/1T3HsQHtVaR3VamwwJ7TKjBn
9mejOwVuCgqGfSk+sbtYtEr9BIJMkt8PFGnjmok1azsKFJSWOGCgsgyn5EtmLnfC14o16Z
jQinJO2mi9Tx+VQFSM9+Hk1G/VvRdkxYEzznleD/Ui3SrymbZdFXTmZnMSImDw==
From: Josselin Poiret <dev@HIDDEN>
In-Reply-To: <87wn3z3wp7.fsf@HIDDEN>
References: <87v8jud4e7.fsf@HIDDEN> <878rgflbqb.fsf@HIDDEN>
<87wn3z3wp7.fsf@HIDDEN>
Date: Thu, 02 Mar 2023 18:32:55 +0100
Message-ID: <875ybjrrco.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha256; protocol="application/pgp-signature"
Authentication-Results: jpoiret.xyz;
auth=pass smtp.auth=jpoiret@HIDDEN smtp.mailfrom=dev@HIDDEN
X-Spamd-Bar: --
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.0 (/)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Hi Ludo,
Ludovic Court=C3=A8s <ludovic.courtes@HIDDEN> writes:
> Maybe we could, but I must confess I=E2=80=99m totally clueless on this v=
eth
> thing. :-)
>
> What would this entail? Hopefully guile-netlink can help?
So, a veth (Virtual Ethernet) device is basically a pipe but for network
devices: they're created in pairs, and any packet going through one end
is instantly received on the other end. You can then transmit packets
between network namespaces.
One problem that totally slipped by me is that you need to be root to
create a veth device in the original namespace... Rootless containers
use slirp4netns, which is basically a userspace TCP/IP stack
communicating with a special network device in the new namespace (over
which you have complete rights). The situation might thus be a bit more
complicated, since we'd need another library/program as a dependency to
achieve this. I guess there's no best solution for now then :/
Best,
=2D-=20
Josselin Poiret
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iQHEBAEBCAAuFiEEOSSM2EHGPMM23K8vUF5AuRYXGooFAmQA3ccQHGRldkBqcG9p
cmV0Lnh5egAKCRBQXkC5FhcaikBkC/9eVZ5ipnTG8X//aP+lNFZaz4vpHhQfzkZ8
5TO2T1uJah7fAFbLLTT99fr6TyjkrbjDfoPpJbXmVhbwvYxxTorLVCRG6rVIuxFs
s90DalQLdecjD4+IPOvSWoTAlCHZIqQSgxcsuC6YUVTUrLEsy6TMDkRrKpH2DJT9
yB6lV7+dbMqFYhpUMYM9cvIqHLFH9fkPnYT+53zMF+etkgIV2ikAoAV41kV77JeO
Q/DCJ0Im1aTR3La4gjcX57fdhQW3/sXBUjrQdvlxbkROvqRQ7un1wEvVbWVAmZvd
j/ZuT0yRXAzn0NlH6mWC0Wykv/2BLP9xU/ADZpVONoLnL2zsAj9EZs/akp5l7v8Z
UL1lSHYdmntDUUhcgvBmMmvTJyzzUoPrKurNeyWYJJ0Fl79ZAiqmhs3kktU6f66x
m48rLFPGnDsCeKkoQz6Rz9BBn/ZtIS8HQoFpfmr9+LAhAgS4d9r27yDzW3iOMZwE
Km+wvCjqDBLVnJ/GLh4Lr50B7ticGvE=
=5lBa
-----END PGP SIGNATURE-----
--=-=-=--
Received: (at control) by debbugs.gnu.org; 14 Jan 2025 10:06:42 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 14 05:06:42 2025 Received: from localhost ([127.0.0.1]:53967 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tXdoo-0007gt-LV for submit <at> debbugs.gnu.org; Tue, 14 Jan 2025 05:06:42 -0500 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:62323) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1tXdom-0007gd-D0 for control <at> debbugs.gnu.org; Tue, 14 Jan 2025 05:06:41 -0500 Authentication-Results: mail2-relais-roc.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=ludo@HIDDEN; dmarc=fail (p=none dis=none) d=gnu.org X-IronPort-AV: E=Sophos;i="6.12,314,1728943200"; d="scan'208";a="202983900" Received: from unknown (HELO ribbon) ([193.50.110.52]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 14 Jan 2025 11:06:33 +0100 Date: Tue, 14 Jan 2025 11:06:33 +0100 Message-Id: <8734hlaevq.fsf@HIDDEN> To: control <at> debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> Subject: control message for bug #61690 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.3 (--) severity 61690 important quit
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.