bug#35662: Really relocatable binaries crash with Permission denied

Ludovic Courtès Mon, 13 May 2019 06:58:52 -0700

Hi Florian,

"pelzflorian (Florian Pelz)" <pelzflor...@pelzflorian.de> skribis:


> 32476 clone(child_stack=NULL, flags=CLONE_NEWNS|CLONE_NEWUSER|SIGCHLD) = 32477

[...]

> 32477 mount("//lib", "/tmp/guix-exec-eqHoYA/lib", 0x47e0c5, 
> MS_RDONLY|MS_BIND|MS_REC, NULL) = -1 EACCES (Permission denied)
> 32477 mkdir("/tmp/guix-exec-eqHoYA/home", 0700) = 0
> 32477 mount("//home", "/tmp/guix-exec-eqHoYA/home", 0x47e0c5, 
> MS_RDONLY|MS_BIND|MS_REC, NULL) = -1 EACCES (Permission denied)

This is weird.  On a machine without Guix and with “proper” user
namespace support, I see:

--8<---------------cut here---------------start------------->8---
4519  clone(child_stack=0, flags=CLONE_NEWNS|CLONE_NEWUSER|SIGCHLD) = 4520

[...]

4520  mkdir("/tmp/guix-exec-4lVNRO/tmp", 0700) = 0
4520  mount("//tmp", "/tmp/guix-exec-4lVNRO/tmp", 0x47e0cc, 
MS_RDONLY|MS_BIND|MS_REC, NULL) = 0
4520  mkdir("/tmp/guix-exec-4lVNRO/boot", 0700) = 0
4520  mount("//boot", "/tmp/guix-exec-4lVNRO/boot", 0x47e0cc, 
MS_RDONLY|MS_BIND|MS_REC, NULL) = 0
--8<---------------cut here---------------end--------------->8---

That is, all bind-mount operations in the child process, which lives in
a separate namespace, succeed.

Can you show the mount options of you root file system?

  mount | grep 'on / '

What’s the exit code of this command:

  guile -c '((@@ (guix scripts environment) assert-container-features))'

?

Thanks for helping out!

Ludo’.

bug#35662: Really relocatable binaries crash with Permission denied

Reply via email to