X-Loop: help-debbugs@HIDDEN
Subject: [bug#75560] [PATCH] linux-container: Ignore EPERM when attempting to mount /sys.
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 14 Jan 2025 17:05:03 +0000
Resent-Message-ID: <handler.75560.B.173687425212142 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 75560
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 75560 <at> debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
X-Debbugs-Original-To: guix-patches@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.173687425212142
(code B ref -1); Tue, 14 Jan 2025 17:05:03 +0000
Received: (at submit) by debbugs.gnu.org; 14 Jan 2025 17:04:12 +0000
Received: from localhost ([127.0.0.1]:55497 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1tXkKq-00039m-4w
for submit <at> debbugs.gnu.org; Tue, 14 Jan 2025 12:04:12 -0500
Received: from lists.gnu.org ([2001:470:142::17]:33590)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1tXkKo-00039L-30
for submit <at> debbugs.gnu.org; Tue, 14 Jan 2025 12:04:11 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1tXkKg-0006Ux-Q5
for guix-patches@HIDDEN; Tue, 14 Jan 2025 12:04:02 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1tXkKd-0002qI-Tq; Tue, 14 Jan 2025 12:04:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
references; bh=Ne9EHrUpLBrhvfuoV6i9tzEyAVgYi2Kb9rGYJcvkOMY=; b=sEPv9Zm9cYc/qO
ojxhMsYl0Vnz8swM4RfUL7DVrrLsTHxtFy+hyKr3wOTSh/2xeeY74iiOYGtIg5+WuBKPBm79A7/lj
BVlYpFjw7HS7log7jY2t/YpEQS0dqOvYxw+anlzdvH/5Iu6vt838Oy5WK4+rKnzMg25uEHEUMGW3G
DBu08uN56uTUj03vwPvjnf91j59aalDx9pphHu50pyCyeDOkFcIzn879yXfSaZVJCH1zWnOW/aOn4
1Z0TfNYrBdPLDOKVHmGWC4Q+12IGgRsBD+pWQXj+lrqRGFFgXCFD6k3jtqpYCCx730aOLldmQSE1m
LqR2/w/Sv5K0o0bQa0MQ==;
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Date: Tue, 14 Jan 2025 18:03:47 +0100
Message-ID: <4cd56cb818ac45cc8d169aa460cc2b5e4801fddc.1736874209.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.47.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Fixes <https://issues.guix.gnu.org/61690>.
Until now, this would work:
guix shell --no-cwd -CWP -- guix shell -C coreutils -- ls -R /home
… but this would not:
$ guix shell --no-cwd -CWPN -- guix shell -C coreutils -- ls -R /home
guix shell: error: mount: mount "none" on "/tmp/guix-directory.Wnc2OI/sys": Operation not permitted
This is annoying and hardly understandable. Since we already disable
/sys mounts when sharing the global network namespace is asked (as in
‘guix shell -CN‘), for the very same reason, we can just as well disable
/sys mounts anytime it fails with EPERM.
* gnu/build/linux-container.scm (mount-file-systems): Silently ignore
EPERM when attempting to mount /sys.
Change-Id: If85b1d703ab58a98ea9873f4f8fed71a06b7aa63
---
gnu/build/linux-container.scm | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index dee6885400..5c303da8c8 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -109,8 +109,14 @@ (define* (mount-file-systems root mounts #:key mount-/sys? mount-/proc?)
;; A sysfs mount requires the user to have the CAP_SYS_ADMIN capability in
;; the current network namespace.
(when mount-/sys?
- (mount* "none" (scope "/sys") "sysfs"
- (logior MS_NOEXEC MS_NOSUID MS_NODEV MS_RDONLY)))
+ (catch 'system-error
+ (lambda ()
+ (mount* "none" (scope "/sys") "sysfs"
+ (logior MS_NOEXEC MS_NOSUID MS_NODEV MS_RDONLY)))
+ (lambda args
+ ;; EPERM means that CAP_SYS_ADMIN is missing. Ignore.
+ (unless (= EPERM (system-error-errno args))
+ (apply throw args)))))
(mount* "none" (scope "/dev") "tmpfs"
(logior MS_NOEXEC MS_STRICTATIME)
base-commit: d804997897d2a531e0e3186e64df798a7e2e0d1a
--
2.47.1
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN> Subject: bug#75560: Acknowledgement ([PATCH] linux-container: Ignore EPERM when attempting to mount /sys.) Message-ID: <handler.75560.B.173687425212142.ack <at> debbugs.gnu.org> References: <4cd56cb818ac45cc8d169aa460cc2b5e4801fddc.1736874209.git.ludo@HIDDEN> X-Gnu-PR-Message: ack 75560 X-Gnu-PR-Package: guix-patches X-Gnu-PR-Keywords: patch Reply-To: 75560 <at> debbugs.gnu.org Date: Tue, 14 Jan 2025 17:05:03 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): guix-patches@HIDDEN If you wish to submit further information on this problem, please send it to 75560 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 75560: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D75560 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
Received: (at control) by debbugs.gnu.org; 27 Jan 2025 16:29:51 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Mon Jan 27 11:29:51 2025 Received: from localhost ([127.0.0.1]:34233 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1tcRzj-0001PJ-1s for submit <at> debbugs.gnu.org; Mon, 27 Jan 2025 11:29:51 -0500 Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:7785) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1tcRyl-0001N6-TA for control <at> debbugs.gnu.org; Mon, 27 Jan 2025 11:28:52 -0500 Authentication-Results: mail2-relais-roc.national.inria.fr; dkim=none (message not signed) header.i=none; spf=SoftFail smtp.mailfrom=ludo@HIDDEN; dmarc=fail (p=none dis=none) d=gnu.org X-IronPort-AV: E=Sophos;i="6.13,238,1732575600"; d="scan'208";a="205240777" Received: from unknown (HELO ribbon) ([193.50.110.120]) by mail2-relais-roc.national.inria.fr with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Jan 2025 17:28:44 +0100 Date: Mon, 27 Jan 2025 17:28:44 +0100 Message-Id: <87cyg8mdab.fsf@HIDDEN> To: control <at> debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> Subject: control message for bug #75560 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -1.3 (-) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -2.3 (--) close 75560 quit
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.