From unknown Sat Sep 20 15:43:19 2025 X-Loop: help-debbugs@gnu.org Subject: [bug#28134] Nix daemon incorrectly decodes octal escapes in mount names Resent-From: Andy Wingo Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 18 Aug 2017 09:11:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 28134 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: 28134@debbugs.gnu.org X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.150304740916648 (code B ref -1); Fri, 18 Aug 2017 09:11:01 +0000 Received: (at submit) by debbugs.gnu.org; 18 Aug 2017 09:10:09 +0000 Received: from localhost ([127.0.0.1]:43518 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1didI9-0004KS-Bw for submit@debbugs.gnu.org; Fri, 18 Aug 2017 05:10:09 -0400 Received: from eggs.gnu.org ([208.118.235.92]:59097) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1didI7-0004K6-DM for submit@debbugs.gnu.org; Fri, 18 Aug 2017 05:10:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1didI1-0004GA-1k for submit@debbugs.gnu.org; Fri, 18 Aug 2017 05:10:02 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:41451) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1didI0-0004Fg-UO for submit@debbugs.gnu.org; Fri, 18 Aug 2017 05:10:00 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50059) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1didHz-0002RR-IZ for guix-patches@gnu.org; Fri, 18 Aug 2017 05:10:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1didHw-0004Dx-DP for guix-patches@gnu.org; Fri, 18 Aug 2017 05:09:59 -0400 Received: from pb-sasl2.pobox.com ([64.147.108.67]:51063 helo=sasl.smtp.pobox.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1didHw-0003ca-8o for guix-patches@gnu.org; Fri, 18 Aug 2017 05:09:56 -0400 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-sasl2.pobox.com (Postfix) with ESMTP id 4BE338D71A for ; Fri, 18 Aug 2017 05:09:19 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to :subject:date:message-id:mime-version:content-type; s=sasl; bh=f v7a0in5lIERxcYuhxIduoD3A/w=; b=V8iCxZ4Az7mO8iYMLq2hpxknFluz0Vpml tpH5/9zuF+o+KO8033zlxkcJLgm7zo3OgOwz/jArPznuGgHyvP3Gw+qZQYM7UdNB rzVytwLma32O//AQeULY6czNhOSHxymDaovAFn4mGENMmWO9FCyqpLMRJ8Du/ZPE EYO4ZaXzAQ= Received: from pb-sasl2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-sasl2.pobox.com (Postfix) with ESMTP id 41EA18D719 for ; Fri, 18 Aug 2017 05:09:19 -0400 (EDT) Received: from rusty (unknown [88.160.190.192]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pb-sasl2.pobox.com (Postfix) with ESMTPSA id 35D0F8D718 for ; Fri, 18 Aug 2017 05:09:18 -0400 (EDT) From: Andy Wingo Date: Fri, 18 Aug 2017 11:09:06 +0200 Message-ID: <87inhlgs3x.fsf@igalia.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Pobox-Relay-ID: EA506012-83F4-11E7-8C69-14228A4C8D7C-02397024!pb-sasl2.pobox.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.3 (----) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.3 (----) Hi, With Guix at 3bfa7af41754a19faa1b3b7232fd080436ccb386 I tried to build an installation image: guix system disk-image gnu/system/install.scm However: guix system: error: build failed: while setting up the build environment: unable to make filesystem `/media/wingo/Ubuntu.04.2 LTS amd64' private: No such file or directory That's weird; I do have an Ubuntu installer USB stick inserted though, the name looks similar but a bit weird... $ ls /media/wingo 'Ubuntu 16.04.2 LTS amd64' $ mount | grep wingo /dev/sdc1 on /media/wingo/Ubuntu 16.04.2 LTS amd64 type iso9660 (ro,nosuid,nodev,relatime,uid=1000,gid=1000,iocharset=utf8,mode=0400,dmode=0500,uhelper=udisks2) $ grep wingo /proc/self/mountinfo 89 22 8:33 / /media/wingo/Ubuntu\04016.04.2\040LTS\040amd64 ro,nosuid,nodev,relatime - iso9660 /dev/sdc1 ro,uid=1000,gid=1000,iocharset=utf8,mode=0400,dmode=0500 I see in nix/libstore.build.cc around line 2090: /* Make all filesystems private. This is necessary because subtrees may have been mounted as "shared" (MS_SHARED). (Systemd does this, for instance.) Even though we have a private mount namespace, mounting filesystems on top of a shared subtree still propagates outside of the namespace. Making a subtree private is local to the namespace, though, so setting MS_PRIVATE does not affect the outside world. */ Strings mounts = tokenizeString(readFile("/proc/self/mountinfo", true), "\n"); foreach (Strings::iterator, i, mounts) { vector fields = tokenizeString >(*i, " "); string fs = decodeOctalEscaped(fields.at(4)); if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1) throw SysError(format("unable to make filesystem `%1%' private") % fs); } I guess it would seem that decodeOctalEscaped didn't work? Indeed, from nix/libutil/util.cc: string decodeOctalEscaped(const string & s) { string r; for (string::const_iterator i = s.begin(); i != s.end(); ) { if (*i != '\\') { r += *i++; continue; } unsigned char c = 0; ++i; while (i != s.end() && *i >= '0' && *i < '8') c = c * 8 + (*i++ - '0'); r += c; } return r; } The same code is in upstream Nix: https://github.com/NixOS/nix/blob/master/src/libutil/util.cc#L1143 The octal escape is generated by the kernel, ultimately by this function: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/seq_file.c#n416 The kernel always generates three-character octal escapes. However it looks like upstream Nix no longer uses this function; instead they use the MS_REC flag: if (mount(0, "/", 0, MS_REC|MS_PRIVATE, 0) == -1) { throw SysError("unable to make '/' private mount"); } So I will change our copy of the daemon to do the same. Andy From unknown Sat Sep 20 15:43:19 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Andy Wingo Subject: bug#28134: closed (Applied in 842e0e439a22081be1b4fed7ddc21d6d228afd10) Message-ID: References: <87fuclz8yc.fsf@igalia.com> <87inhlgs3x.fsf@igalia.com> X-Gnu-PR-Message: they-closed 28134 X-Gnu-PR-Package: guix-patches Reply-To: 28134@debbugs.gnu.org Date: Mon, 21 Aug 2017 07:18:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1503299882-4533-1" This is a multi-part message in MIME format... ------------=_1503299882-4533-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #28134: Nix daemon incorrectly decodes octal escapes in mount names which was filed against the guix-patches package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 28134@debbugs.gnu.org. --=20 28134: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D28134 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1503299882-4533-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 28134-close) by debbugs.gnu.org; 21 Aug 2017 07:17:07 +0000 Received: from localhost ([127.0.0.1]:47240 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1djgxP-0001A1-Hk for submit@debbugs.gnu.org; Mon, 21 Aug 2017 03:17:07 -0400 Received: from pb-sasl1.pobox.com ([64.147.108.66]:55378 helo=sasl.smtp.pobox.com) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1djgxN-00019s-FO for 28134-close@debbugs.gnu.org; Mon, 21 Aug 2017 03:17:06 -0400 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-sasl1.pobox.com (Postfix) with ESMTP id A223B94F87 for <28134-close@debbugs.gnu.org>; Mon, 21 Aug 2017 03:17:04 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to :subject:date:message-id:mime-version:content-type; s=sasl; bh=0 qVzDYoD3Uvio/D59AnOjL+b2LU=; b=SRegKxYlcUNXPxKM+kFzyssptYcSDQvVn 8i40t7zaGg6XW8lpgw9sbWSdmcZFf7hyk2b7453IJHnxB3tpvo3OhQLxEOGedSxo qzjpHtPunCWaRikO2gHGWjdx0v8z0weHSpaJKIgJ/4e93th3SnNpB1+0TCHdLWoW Yndckp4KAo= Received: from pb-sasl1.nyi.icgroup.com (unknown [127.0.0.1]) by pb-sasl1.pobox.com (Postfix) with ESMTP id 9BCBD94F86 for <28134-close@debbugs.gnu.org>; Mon, 21 Aug 2017 03:17:04 -0400 (EDT) Received: from rusty (unknown [88.160.190.192]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pb-sasl1.pobox.com (Postfix) with ESMTPSA id DA49C94F85 for <28134-close@debbugs.gnu.org>; Mon, 21 Aug 2017 03:17:03 -0400 (EDT) From: Andy Wingo To: 28134-close@debbugs.gnu.org Subject: Applied in 842e0e439a22081be1b4fed7ddc21d6d228afd10 Date: Mon, 21 Aug 2017 09:16:59 +0200 Message-ID: <87fuclz8yc.fsf@igalia.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Pobox-Relay-ID: BB86232C-8640-11E7-A07D-2C49D6707B88-02397024!pb-sasl1.pobox.com X-Spam-Score: 0.7 (/) X-Debbugs-Envelope-To: 28134-close X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.7 (/) Fixed by cherry-picking a patch from upstream; I followed up by removing the function. Andy ------------=_1503299882-4533-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 18 Aug 2017 09:10:09 +0000 Received: from localhost ([127.0.0.1]:43518 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1didI9-0004KS-Bw for submit@debbugs.gnu.org; Fri, 18 Aug 2017 05:10:09 -0400 Received: from eggs.gnu.org ([208.118.235.92]:59097) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1didI7-0004K6-DM for submit@debbugs.gnu.org; Fri, 18 Aug 2017 05:10:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1didI1-0004GA-1k for submit@debbugs.gnu.org; Fri, 18 Aug 2017 05:10:02 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_DKIM_INVALID autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:41451) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1didI0-0004Fg-UO for submit@debbugs.gnu.org; Fri, 18 Aug 2017 05:10:00 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:50059) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1didHz-0002RR-IZ for guix-patches@gnu.org; Fri, 18 Aug 2017 05:10:00 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1didHw-0004Dx-DP for guix-patches@gnu.org; Fri, 18 Aug 2017 05:09:59 -0400 Received: from pb-sasl2.pobox.com ([64.147.108.67]:51063 helo=sasl.smtp.pobox.com) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1didHw-0003ca-8o for guix-patches@gnu.org; Fri, 18 Aug 2017 05:09:56 -0400 Received: from sasl.smtp.pobox.com (unknown [127.0.0.1]) by pb-sasl2.pobox.com (Postfix) with ESMTP id 4BE338D71A for ; Fri, 18 Aug 2017 05:09:19 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=from:to :subject:date:message-id:mime-version:content-type; s=sasl; bh=f v7a0in5lIERxcYuhxIduoD3A/w=; b=V8iCxZ4Az7mO8iYMLq2hpxknFluz0Vpml tpH5/9zuF+o+KO8033zlxkcJLgm7zo3OgOwz/jArPznuGgHyvP3Gw+qZQYM7UdNB rzVytwLma32O//AQeULY6czNhOSHxymDaovAFn4mGENMmWO9FCyqpLMRJ8Du/ZPE EYO4ZaXzAQ= Received: from pb-sasl2.nyi.icgroup.com (unknown [127.0.0.1]) by pb-sasl2.pobox.com (Postfix) with ESMTP id 41EA18D719 for ; Fri, 18 Aug 2017 05:09:19 -0400 (EDT) Received: from rusty (unknown [88.160.190.192]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by pb-sasl2.pobox.com (Postfix) with ESMTPSA id 35D0F8D718 for ; Fri, 18 Aug 2017 05:09:18 -0400 (EDT) From: Andy Wingo To: guix-patches@gnu.org Subject: Nix daemon incorrectly decodes octal escapes in mount names Date: Fri, 18 Aug 2017 11:09:06 +0200 Message-ID: <87inhlgs3x.fsf@igalia.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Pobox-Relay-ID: EA506012-83F4-11E7-8C69-14228A4C8D7C-02397024!pb-sasl2.pobox.com X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -4.3 (----) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -4.3 (----) Hi, With Guix at 3bfa7af41754a19faa1b3b7232fd080436ccb386 I tried to build an installation image: guix system disk-image gnu/system/install.scm However: guix system: error: build failed: while setting up the build environment: unable to make filesystem `/media/wingo/Ubuntu.04.2 LTS amd64' private: No such file or directory That's weird; I do have an Ubuntu installer USB stick inserted though, the name looks similar but a bit weird... $ ls /media/wingo 'Ubuntu 16.04.2 LTS amd64' $ mount | grep wingo /dev/sdc1 on /media/wingo/Ubuntu 16.04.2 LTS amd64 type iso9660 (ro,nosuid,nodev,relatime,uid=1000,gid=1000,iocharset=utf8,mode=0400,dmode=0500,uhelper=udisks2) $ grep wingo /proc/self/mountinfo 89 22 8:33 / /media/wingo/Ubuntu\04016.04.2\040LTS\040amd64 ro,nosuid,nodev,relatime - iso9660 /dev/sdc1 ro,uid=1000,gid=1000,iocharset=utf8,mode=0400,dmode=0500 I see in nix/libstore.build.cc around line 2090: /* Make all filesystems private. This is necessary because subtrees may have been mounted as "shared" (MS_SHARED). (Systemd does this, for instance.) Even though we have a private mount namespace, mounting filesystems on top of a shared subtree still propagates outside of the namespace. Making a subtree private is local to the namespace, though, so setting MS_PRIVATE does not affect the outside world. */ Strings mounts = tokenizeString(readFile("/proc/self/mountinfo", true), "\n"); foreach (Strings::iterator, i, mounts) { vector fields = tokenizeString >(*i, " "); string fs = decodeOctalEscaped(fields.at(4)); if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1) throw SysError(format("unable to make filesystem `%1%' private") % fs); } I guess it would seem that decodeOctalEscaped didn't work? Indeed, from nix/libutil/util.cc: string decodeOctalEscaped(const string & s) { string r; for (string::const_iterator i = s.begin(); i != s.end(); ) { if (*i != '\\') { r += *i++; continue; } unsigned char c = 0; ++i; while (i != s.end() && *i >= '0' && *i < '8') c = c * 8 + (*i++ - '0'); r += c; } return r; } The same code is in upstream Nix: https://github.com/NixOS/nix/blob/master/src/libutil/util.cc#L1143 The octal escape is generated by the kernel, ultimately by this function: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/fs/seq_file.c#n416 The kernel always generates three-character octal escapes. However it looks like upstream Nix no longer uses this function; instead they use the MS_REC flag: if (mount(0, "/", 0, MS_REC|MS_PRIVATE, 0) == -1) { throw SysError("unable to make '/' private mount"); } So I will change our copy of the daemon to do the same. Andy ------------=_1503299882-4533-1--