Hi! (Cc: Dave Thompson, the original author of this code.)
As you pointed out on IRC, the problem is that ‘guix shell -C’ provides /sys whereas ‘guix shell -CN’ doesn’t. This stems from this call in (gnu build linux-container), which has always been there: (mount-file-systems root mounts #:mount-/proc? (memq 'pid namespaces) #:mount-/sys? (memq 'net namespaces)) This is explained a few lines above: ;; A sysfs mount requires the user to have the CAP_SYS_ADMIN capability in ;; the current network namespace. (when mount-/sys? (mount* "none" (scope "/sys") "sysfs" (logior MS_NOEXEC MS_NOSUID MS_NODEV MS_RDONLY))) As you noticed with ‘--expose=/sys’, bind-mounting /sys doesn’t work either (‘mount’ fails with EINVAL). Not sure what to do. Thoughts? Ludo’.