GNU bug report logs - #75560
[PATCH] linux-container: Ignore EPERM when attempting to mount /sys.

Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Package: guix-patches; Reported by: Ludovic Courtès <ludo@HIDDEN>; Keywords: patch; Done: Ludovic Courtès <ludo@HIDDEN>; Maintainer for guix-patches is guix-patches@HIDDEN.
bug closed, send any further explanations to 75560 <at> debbugs.gnu.org and Ludovic Courtès <ludo@HIDDEN> Request was from Ludovic Courtès <ludo@HIDDEN> to control <at> debbugs.gnu.org. Full text available.

Message received at submit <at> debbugs.gnu.org:


Received: (at submit) by debbugs.gnu.org; 14 Jan 2025 17:04:12 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Tue Jan 14 12:04:12 2025
Received: from localhost ([127.0.0.1]:55497 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
	id 1tXkKq-00039m-4w
	for submit <at> debbugs.gnu.org; Tue, 14 Jan 2025 12:04:12 -0500
Received: from lists.gnu.org ([2001:470:142::17]:33590)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1tXkKo-00039L-30
 for submit <at> debbugs.gnu.org; Tue, 14 Jan 2025 12:04:11 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1tXkKg-0006Ux-Q5
 for guix-patches@HIDDEN; Tue, 14 Jan 2025 12:04:02 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
 id 1tXkKd-0002qI-Tq; Tue, 14 Jan 2025 12:04:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
 references; bh=Ne9EHrUpLBrhvfuoV6i9tzEyAVgYi2Kb9rGYJcvkOMY=; b=sEPv9Zm9cYc/qO
 ojxhMsYl0Vnz8swM4RfUL7DVrrLsTHxtFy+hyKr3wOTSh/2xeeY74iiOYGtIg5+WuBKPBm79A7/lj
 BVlYpFjw7HS7log7jY2t/YpEQS0dqOvYxw+anlzdvH/5Iu6vt838Oy5WK4+rKnzMg25uEHEUMGW3G
 DBu08uN56uTUj03vwPvjnf91j59aalDx9pphHu50pyCyeDOkFcIzn879yXfSaZVJCH1zWnOW/aOn4
 1Z0TfNYrBdPLDOKVHmGWC4Q+12IGgRsBD+pWQXj+lrqRGFFgXCFD6k3jtqpYCCx730aOLldmQSE1m
 LqR2/w/Sv5K0o0bQa0MQ==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: guix-patches@HIDDEN
Subject: [PATCH] linux-container: Ignore EPERM when attempting to mount /sys.
Date: Tue, 14 Jan 2025 18:03:47 +0100
Message-ID: <4cd56cb818ac45cc8d169aa460cc2b5e4801fddc.1736874209.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.47.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -0.0 (/)
X-Debbugs-Envelope-To: submit
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)

Fixes <https://issues.guix.gnu.org/61690>.

Until now, this would work:

  guix shell --no-cwd -CWP  -- guix shell -C coreutils -- ls -R /home

… but this would not:

  $ guix shell --no-cwd -CWPN  -- guix shell -C coreutils -- ls -R /home
  guix shell: error: mount: mount "none" on "/tmp/guix-directory.Wnc2OI/sys": Operation not permitted

This is annoying and hardly understandable.  Since we already disable
/sys mounts when sharing the global network namespace is asked (as in
‘guix shell -CN‘), for the very same reason, we can just as well disable
/sys mounts anytime it fails with EPERM.

* gnu/build/linux-container.scm (mount-file-systems): Silently ignore
EPERM when attempting to mount /sys.

Change-Id: If85b1d703ab58a98ea9873f4f8fed71a06b7aa63
---
 gnu/build/linux-container.scm | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index dee6885400..5c303da8c8 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -109,8 +109,14 @@ (define* (mount-file-systems root mounts #:key mount-/sys? mount-/proc?)
   ;; A sysfs mount requires the user to have the CAP_SYS_ADMIN capability in
   ;; the current network namespace.
   (when mount-/sys?
-    (mount* "none" (scope "/sys") "sysfs"
-            (logior MS_NOEXEC MS_NOSUID MS_NODEV MS_RDONLY)))
+    (catch 'system-error
+      (lambda ()
+        (mount* "none" (scope "/sys") "sysfs"
+                (logior MS_NOEXEC MS_NOSUID MS_NODEV MS_RDONLY)))
+      (lambda args
+        ;; EPERM means that CAP_SYS_ADMIN is missing.  Ignore.
+        (unless (= EPERM (system-error-errno args))
+          (apply throw args)))))
 
   (mount* "none" (scope "/dev") "tmpfs"
           (logior MS_NOEXEC MS_STRICTATIME)

base-commit: d804997897d2a531e0e3186e64df798a7e2e0d1a
-- 
2.47.1
Acknowledgement sent to Ludovic Courtès <ludo@HIDDEN>:
New bug report received and forwarded. Copy sent to guix-patches@HIDDEN. Full text available.
Report forwarded to guix-patches@HIDDEN:
bug#75560; Package guix-patches. Full text available.
Please note: This is a static page, with minimal formatting, updated once a day.
Click here to see this page with the latest information and nicer formatting.
Last modified: Mon, 27 Jan 2025 16:45:01 UTC

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997 nCipher Corporation Ltd, 1994-97 Ian Jackson.