From unknown Sat Jun 21 05:12:49 2025 X-Loop: help-debbugs@gnu.org Subject: bug#44261: running a daemon with userns in relocateble pack breaks Resent-From: Jan Nieuwenhuizen Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 27 Oct 2020 19:50:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 44261 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 44261@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.160382816522794 (code B ref -1); Tue, 27 Oct 2020 19:50:01 +0000 Received: (at submit) by debbugs.gnu.org; 27 Oct 2020 19:49:25 +0000 Received: from localhost ([127.0.0.1]:45954 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kXUyD-0005va-EM for submit@debbugs.gnu.org; Tue, 27 Oct 2020 15:49:25 -0400 Received: from lists.gnu.org ([209.51.188.17]:39034) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kXUyC-0005vT-8M for submit@debbugs.gnu.org; Tue, 27 Oct 2020 15:49:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52934) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kXUyB-0006uB-U4 for bug-guix@gnu.org; Tue, 27 Oct 2020 15:49:23 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:57285) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kXUyB-0007ak-LW; Tue, 27 Oct 2020 15:49:23 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=55424 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kXUyB-000469-38; Tue, 27 Oct 2020 15:49:23 -0400 From: Jan Nieuwenhuizen Organization: AvatarAcademy.nl X-Url: http://AvatarAcademy.nl Date: Tue, 27 Oct 2020 20:49:19 +0100 Message-ID: <87blgn30w0.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Hi! As mentioned on IRC, running a daemon from a guix relocatable pack on a foreign distro using the user namespace feature is troublesome: it looks as if the daemon "loses" (its view of) the file-system once the parent process that creates the daemon exits. I'm attatching a package description for a test package "vork". It builds a program "test" that forks the program "daemon". The daemon program reads a character from /dev/urandom, prints it, and sleeps for a second; 10 times. The "test" parent program exits after 5 seconds. When the parent program exits, the daemon crashes. To reproduce, put "vork.scm" in a fresh directory and do something like: --8<---------------cut here---------------start------------->8--- fakeroot tar xf $(GUIX_PACKAGE_PATH=. guix pack --relocatable\ --symlink=/gnu/bin=bin guile shepherd vork --no-offload) guix gc -D $(guix build -f vork.scm) touch /tmp/daemon.log tail -f /tmp/daemon.log & GUILE_LOAD_COMPILED_PATH=$PWD/$(ls -1d gnu/store/*profile)/lib/guile/3.0/ccache\ :$PWD/$(ls -1d gnu/store/*profile)/lib/guile/3.0/site-ccache gnu/bin/test --8<---------------cut here---------------end--------------->8--- this gives something like --8<---------------cut here---------------start------------->8--- .daemon-start daemon: 10 ? .daemon: 9 ? .daemon: 8 T .daemon: 7 ^O .daemon: 6 O exit 20:42:38 janneke@dundal:~/src/guix/master/vork [env] $ 20:42:38 janneke@dundal:~/src/guix/master/vork [env] $ Backtrace: Exception thrown while printing backtrace: In procedure public-lookup: Module named (system repl debug) does not exist --8<---------------cut here---------------end--------------->8--- Greetings, Janneke --=-=-= Content-Type: application/octet-stream Content-Disposition: attachment; filename=vork.scm Content-Transfer-Encoding: base64 KGRlZmluZS1tb2R1bGUgKHZvcmspCiAgIzp1c2UtbW9kdWxlIChndWl4IGxpY2Vuc2VzKQogICM6 dXNlLW1vZHVsZSAoZ3VpeCBidWlsZC1zeXN0ZW0gdHJpdmlhbCkKICAjOnVzZS1tb2R1bGUgKGd1 aXggcGFja2FnZXMpCiAgIzp1c2UtbW9kdWxlIChnbnUgcGFja2FnZXMgYWRtaW4pCiAgIzp1c2Ut bW9kdWxlIChnbnUgcGFja2FnZXMgZ3VpbGUpCiAgIzp1c2UtbW9kdWxlIChnbnUgcGFja2FnZXMg cGtnLWNvbmZpZykpCgooZGVmaW5lLXB1YmxpYyBzaGVwaGVyZC1ndWlsZS0zLjAtbGF0ZXN0CiAg KHBhY2thZ2UKICAgIChpbmhlcml0IHNoZXBoZXJkKQogICAgKG5hdGl2ZS1pbnB1dHMKICAgICBg KCgicGtnLWNvbmZpZyIgLHBrZy1jb25maWcpCiAgICAgICAoImd1aWxlIiAsZ3VpbGUtMy4wLWxh dGVzdCkpKQogICAgKGlucHV0cwogICAgIGAoKCJndWlsZSIgLGd1aWxlLTMuMC1sYXRlc3QpKSkp KQoKKGRlZmluZS1wdWJsaWMgdm9yawogIChwYWNrYWdlCiAgICAobmFtZSAidm9yayIpCiAgICAo dmVyc2lvbiAiMCIpCiAgICAoc291cmNlICNmKQogICAgKGJ1aWxkLXN5c3RlbSB0cml2aWFsLWJ1 aWxkLXN5c3RlbSkKICAgIChpbnB1dHMgYCgoImd1aWxlIiAsZ3VpbGUtMy4wLWxhdGVzdCkKICAg ICAgICAgICAgICAoInNoZXBoZXJkIiAsc2hlcGhlcmQtZ3VpbGUtMy4wLWxhdGVzdCkpKQogICAg KGFyZ3VtZW50cwogICAgIGAoIzpndWlsZSAsZ3VpbGUtMy4wLWxhdGVzdAogICAgICAgIzptb2R1 bGVzICgoaWNlLTkgcG9wZW4pCiAgICAgICAgICAgICAgICAgIChndWl4IGJ1aWxkIHV0aWxzKSkK ICAgICAgICM6YnVpbGRlcgogICAgICAgKGJlZ2luCiAgICAgICAgICh1c2UtbW9kdWxlcyAoaWNl LTkgcG9wZW4pCiAgICAgICAgICAgICAgICAgICAgICAoZ3VpeCBidWlsZCB1dGlscykpCiAgICAg ICAgIChsZXQqICgob3V0IChhc3NvYy1yZWYgJW91dHB1dHMgIm91dCIpKQogICAgICAgICAgICAg ICAgKGJpbiAoc3RyaW5nLWFwcGVuZCBvdXQgIi9iaW4iKSkKICAgICAgICAgICAgICAgIChndWls ZSAoYXNzb2MtcmVmICVidWlsZC1pbnB1dHMgImd1aWxlIikpCiAgICAgICAgICAgICAgICAoZ3Vp bGUgKHN0cmluZy1hcHBlbmQgZ3VpbGUgIi9iaW4vZ3VpbGUiKSkKICAgICAgICAgICAgICAgIChk YWVtb24gKHN0cmluZy1hcHBlbmQgYmluICIvZGFlbW9uIikpCiAgICAgICAgICAgICAgICAodGVz dCAoc3RyaW5nLWFwcGVuZCBiaW4gIi90ZXN0IikpKQogICAgICAgICAgIChta2Rpci1wIGJpbikK ICAgICAgICAgICAoY2FsbC13aXRoLW91dHB1dC1maWxlIHRlc3QKICAgICAgICAgICAgIChsYW1i ZGEgKHApCiAgICAgICAgICAgICAgIChmb3JtYXQgcCAiIyEgfmEgLS1uby1hdXRvLWNvbXBpbGVc biIgZ3VpbGUgcCkKICAgICAgICAgICAgICAgKGZvcm1hdCBwICIhIwoodXNlLW1vZHVsZXMgKHNo ZXBoZXJkIHNlcnZpY2UpKQooZm9yaytleGVjLWNvbW1hbmQgKGxpc3QgfnMpICM6bG9nLWZpbGUg XCIvdG1wL2RhZW1vbi5sb2dcIikKKGxldCBsb29wICgoY291bnQgNSkpCiAgKHVubGVzcyAoemVy bz8gY291bnQpCiAgICAoZGlzcGxheSBcIi5cIikKICAgIChzbGVlcCAxKQogICAgKGxvb3AgKDEt IGNvdW50KSkpKQooZm9ybWF0ICN0IFwiXFxuZXhpdFxcblwiKQoiIGRhZW1vbikpKQogICAgICAg ICAgIChjaG1vZCB0ZXN0ICNvNzU1KQogICAgICAgICAgIChjYWxsLXdpdGgtb3V0cHV0LWZpbGUg ZGFlbW9uCiAgICAgICAgICAgICAobGFtYmRhIChwKQogICAgICAgICAgICAgICAoZm9ybWF0IHAg IiMhIH5hIC0tbm8tYXV0by1jb21waWxlXG4iIGd1aWxlIHApCiAgICAgICAgICAgICAgIChkaXNw bGF5ICIhIwooZm9ybWF0ICN0IFwiZGFlbW9uLXN0YXJ0XFxuXCIpCihsZXQgbG9vcCAoKGNvdW50 IDEwKSkKICAodW5sZXNzICh6ZXJvPyBjb3VudCkKICAgIChsZXQgKChjaGFyICh3aXRoLWlucHV0 LWZyb20tZmlsZSBcIi9kZXYvdXJhbmRvbVwiIHJlYWQtY2hhcikpKQogICAgICAoZm9ybWF0ICN0 IFwiZGFlbW9uOiB+YSB+YVxcblwiIGNvdW50IGNoYXIpCiAgICAgIChmb3JjZS1vdXRwdXQgKGN1 cnJlbnQtb3V0cHV0LXBvcnQpKQogICAgICAoY2FsbC13aXRoLW91dHB1dC1maWxlIFwiL2Rldi9u dWxsXCIKICAgICAgICAobGFtYmRhIChwKSAoZm9ybWF0IHAgXCJkYWVtb246IH5hIH5hXFxuXCIg Y291bnQgY2hhcikpKQogICAgICAoc2xlZXAgMSkKICAgICAgKGxvb3AgKDEtIGNvdW50KSkpKSkK KGZvcm1hdCAjdCBcIlxuZGFlbW9uLWV4aXRcXG5cIikKIiBwKSkpCiAgICAgICAgICAgKGNobW9k IGRhZW1vbiAjbzc1NSkpCiAgICAgICAgICN0KSkpCiAgICAoaG9tZS1wYWdlICJodHRwczovL2Rl enluZS5vcmciKQogICAgKHN5bm9wc2lzICJ2b3JrIikKICAgIChkZXNjcmlwdGlvbiAidm9yayIp CiAgICAobGljZW5zZSBncGwzKykpKQoKdm9yawoK --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-=-- From unknown Sat Jun 21 05:12:49 2025 X-Loop: help-debbugs@gnu.org Subject: bug#44261: running a daemon with userns in relocateble pack breaks Resent-From: Jan Nieuwenhuizen Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Tue, 27 Oct 2020 20:10:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 44261 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 44261@debbugs.gnu.org Cc: ludo@gnu.org Received: via spool by 44261-submit@debbugs.gnu.org id=B44261.160382935924772 (code B ref 44261); Tue, 27 Oct 2020 20:10:02 +0000 Received: (at 44261) by debbugs.gnu.org; 27 Oct 2020 20:09:19 +0000 Received: from localhost ([127.0.0.1]:46001 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kXVHO-0006RP-Ow for submit@debbugs.gnu.org; Tue, 27 Oct 2020 16:09:19 -0400 Received: from eggs.gnu.org ([209.51.188.92]:57868) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kXVHN-0006RD-14 for 44261@debbugs.gnu.org; Tue, 27 Oct 2020 16:09:13 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:57684) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kXVHF-000222-QR; Tue, 27 Oct 2020 16:09:05 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=55458 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kXVHE-0008GW-Fb; Tue, 27 Oct 2020 16:09:05 -0400 From: Jan Nieuwenhuizen Organization: AvatarAcademy.nl References: <87blgn30w0.fsf@gnu.org> X-Url: http://AvatarAcademy.nl Date: Tue, 27 Oct 2020 21:09:02 +0100 In-Reply-To: <87blgn30w0.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Tue, 27 Oct 2020 20:49:19 +0100") Message-ID: <875z6v2zz5.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --=-=-= Content-Type: text/plain Jan Nieuwenhuizen writes: Hi! I tried the hint from Ludovic to use MS_PRIVATE in the attached patch and that works for me; not sure if we want a test and even less sure how to write that... Janneke --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: inline; filename=0001-pack-Support-running-of-daemons-in-user-namespace-ba.patch Content-Transfer-Encoding: quoted-printable >From fd3104608c3fa6a2375b6c7df0862e5479976b39 Mon Sep 17 00:00:00 2001 From: "Jan (janneke) Nieuwenhuizen" Date: Tue, 27 Oct 2020 20:55:11 +0100 Subject: [PATCH] pack: Support running of daemons in user namespace-based relocation. MIME-Version: 1.0 Content-Type: text/plain; charset=3DUTF-8 Content-Transfer-Encoding: 8bit Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset=3DUTF-8 Add relocation via ld.so and fakechroot. Fixes . * gnu/packages/aux-files/run-in-namespace.c (bind_mount): Add 'MS_PRIVATE' = to avoid unmounting the bind mount when parent process exits. Co-authored-by: Ludovic Court=C3=A8s --- gnu/packages/aux-files/run-in-namespace.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gnu/packages/aux-files/run-in-namespace.c b/gnu/packages/aux-f= iles/run-in-namespace.c index 52a16a5362..67cea4fcd5 100644 --- a/gnu/packages/aux-files/run-in-namespace.c +++ b/gnu/packages/aux-files/run-in-namespace.c @@ -1,5 +1,6 @@ /* GNU Guix --- Functional package management for GNU Copyright (C) 2018, 2019, 2020 Ludovic Court=C3=A8s + Copyright (C) 2020 Jan (janneke) Nieuwenhuizen =20 This file is part of GNU Guix. =20 @@ -138,7 +139,7 @@ bind_mount (const char *source, const struct dirent *en= try, close (open (target, O_WRONLY | O_CREAT)); =20 return mount (source, target, "none", - MS_BIND | MS_REC | MS_RDONLY, NULL); + MS_BIND | MS_PRIVATE | MS_REC | MS_RDONLY, NULL); } =20 #if HAVE_EXEC_WITH_LOADER --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Oct 30 12:19:16 2020 Received: (at control) by debbugs.gnu.org; 30 Oct 2020 16:19:16 +0000 Received: from localhost ([127.0.0.1]:59456 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYX7T-0006ig-KL for submit@debbugs.gnu.org; Fri, 30 Oct 2020 12:19:15 -0400 Received: from eggs.gnu.org ([209.51.188.92]:50548) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYX7S-0006iM-Ip for control@debbugs.gnu.org; Fri, 30 Oct 2020 12:19:14 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:47687) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kYX7N-0008CA-Co for control@debbugs.gnu.org; Fri, 30 Oct 2020 12:19:09 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=54116 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kYX7M-00060Y-OQ for control@debbugs.gnu.org; Fri, 30 Oct 2020 12:19:09 -0400 Date: Fri, 30 Oct 2020 17:19:07 +0100 Message-Id: <87a6w3y9dw.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #44261 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) severity 44261 important quit From unknown Sat Jun 21 05:12:49 2025 X-Loop: help-debbugs@gnu.org Subject: bug#44261: running a daemon with userns in relocateble pack breaks Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 30 Oct 2020 21:34:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 44261 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Jan Nieuwenhuizen Cc: 44261@debbugs.gnu.org Received: via spool by 44261-submit@debbugs.gnu.org id=B44261.16040936348418 (code B ref 44261); Fri, 30 Oct 2020 21:34:02 +0000 Received: (at 44261) by debbugs.gnu.org; 30 Oct 2020 21:33:54 +0000 Received: from localhost ([127.0.0.1]:60003 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYc1x-0002Bh-Sl for submit@debbugs.gnu.org; Fri, 30 Oct 2020 17:33:54 -0400 Received: from eggs.gnu.org ([209.51.188.92]:37496) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYc1v-0002BU-Ns for 44261@debbugs.gnu.org; Fri, 30 Oct 2020 17:33:52 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:54943) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kYc1p-0007xF-3i; Fri, 30 Oct 2020 17:33:45 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=55656 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kYc1o-0000gr-J1; Fri, 30 Oct 2020 17:33:44 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <87blgn30w0.fsf@gnu.org> <875z6v2zz5.fsf@gnu.org> Date: Fri, 30 Oct 2020 22:33:42 +0100 In-Reply-To: <875z6v2zz5.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Tue, 27 Oct 2020 21:09:02 +0100") Message-ID: <871rhfxutl.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello! As discussed on IRC, my initial advice about MS_PRIVATE was misguided. The real issue is the =E2=80=9Crm_rf (new_root);=E2=80=9D call, which remov= es the root directory and thus leaves child processes (the daemon) with nothing. The attached patch adds a test loosely based on yours and a fix for that. The fix (for the =E2=80=9Cuserns=E2=80=9D engine) is to make NEW_ROO= T a tmpfs, such that upon completion, all we need to do is to unmount it and remove it; it lives on as the root file system of child processes. In the =E2=80=9Cfakechroot=E2=80=9D case, we have to leave NEW_ROOT behind,= which is not great but acceptable (it=E2=80=99s user-owned, #o700, and it=E2=80=99s unde= r /tmp). The test only checks the =E2=80=9Cuserns=E2=80=9D engine. If you confirm that it works for you and looks reasonable, we can apply it. Thanks, Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/gnu/packages/aux-files/run-in-namespace.c b/gnu/packages/aux-files/run-in-namespace.c index 52a16a5362..1d64ef9f44 100644 --- a/gnu/packages/aux-files/run-in-namespace.c +++ b/gnu/packages/aux-files/run-in-namespace.c @@ -41,6 +41,7 @@ #include #include #include +#include /* Whether we're building the ld.so/libfakechroot wrapper. */ #define HAVE_EXEC_WITH_LOADER \ @@ -258,11 +259,20 @@ exec_in_user_namespace (const char *store, int argc, char *argv[]) { /* Spawn @WRAPPED_PROGRAM@ in a separate namespace where STORE is bind-mounted in the right place. */ - int err; + int err, is_tmpfs; char *new_root = mkdtemp (strdup ("/tmp/guix-exec-XXXXXX")); char *new_store = concat (new_root, original_store); char *cwd = get_current_dir_name (); + /* Become the new parent of grand-children when their parent dies. */ + prctl (PR_SET_CHILD_SUBREAPER, 1); + + /* Optionally, make NEW_ROOT a tmpfs. That way, if we have to leave it + behind because there are sub-processes still running when this wrapper + exits, it's OK. */ + err = mount ("none", new_root, "tmpfs", 0, NULL); + is_tmpfs = (err == 0); + /* Create a child with separate namespaces and set up bind-mounts from there. That way, bind-mounts automatically disappear when the child exits, which simplifies cleanup for the parent. Note: clone is more @@ -300,6 +310,7 @@ exec_in_user_namespace (const char *store, int argc, char *argv[]) /* Failure: user namespaces not supported. */ fprintf (stderr, "%s: error: 'clone' failed: %m\n", argv[0]); rm_rf (new_root); + free (new_root); break; default: @@ -312,10 +323,27 @@ exec_in_user_namespace (const char *store, int argc, char *argv[]) write_id_map (child, "uid_map", getuid ()); write_id_map (child, "gid_map", getgid ()); - int status; + int status, status_other; waitpid (child, &status, 0); - chdir ("/"); /* avoid EBUSY */ - rm_rf (new_root); + + if (is_tmpfs) + { + /* NEW_ROOT lives on in child processes and we no longer need it + to exist as an empty directory in the global namespace. */ + umount (new_root); + rmdir (new_root); + } + /* Check whether there are child processes left. If there are none, + we can remove NEW_ROOT just fine. Conversely, if there are + processes left (for example because this wrapper's child forked), + we have to leave NEW_ROOT behind so that those processes can still + access their root file system (XXX). */ + else if (waitpid (-1 , &status_other, WNOHANG) == -1) + { + chdir ("/"); /* avoid EBUSY */ + rm_rf (new_root); + } + free (new_root); if (WIFEXITED (status)) @@ -490,6 +518,9 @@ exec_with_loader (const char *store, int argc, char *argv[]) setenv ("FAKECHROOT_BASE", new_root, 1); + /* Become the new parent of grand-children when their parent dies. */ + prctl (PR_SET_CHILD_SUBREAPER, 1); + pid_t child = fork (); switch (child) { @@ -507,11 +538,18 @@ exec_with_loader (const char *store, int argc, char *argv[]) default: { - int status; + int status, status_other; waitpid (child, &status, 0); - chdir ("/"); /* avoid EBUSY */ - rm_rf (new_root); - free (new_root); + + /* If there are child processes still running, leave NEW_ROOT around + so they can still access it. XXX: In that case NEW_ROOT is left + behind. */ + if (waitpid (-1 , &status_other, WNOHANG) == -1) + { + chdir ("/"); /* avoid EBUSY */ + rm_rf (new_root); + free (new_root); + } close (2); /* flushing stderr should be silent */ diff --git a/tests/guix-pack-relocatable.sh b/tests/guix-pack-relocatable.sh index a960ecd209..88cbe63b59 100644 --- a/tests/guix-pack-relocatable.sh +++ b/tests/guix-pack-relocatable.sh @@ -58,6 +58,19 @@ run_without_store () fi } +# Wait for the given file to show up. Error out if it doesn't show up in a +# timely fashion. +wait_for_file () +{ + i=0 + while ! test -f "$1" && test $i -lt 20 + do + sleep 0.3 + i=`expr $i + 1` + done + test -f "$1" +} + test_directory="`mktemp -d`" export test_directory trap 'chmod -Rf +w "$test_directory"; rm -rf "$test_directory"' EXIT @@ -129,6 +142,65 @@ case "`uname -m`" in ;; esac +if unshare -r true +then + # Check what happens if the wrapped binary forks and leaves child + # processes behind, like a daemon. The root file system should remain + # available to those child processes. See . + cat > "$test_directory/manifest.scm" < Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Fri, 30 Oct 2020 22:06:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 44261 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 44261@debbugs.gnu.org Received: via spool by 44261-submit@debbugs.gnu.org id=B44261.160409552011442 (code B ref 44261); Fri, 30 Oct 2020 22:06:01 +0000 Received: (at 44261) by debbugs.gnu.org; 30 Oct 2020 22:05:20 +0000 Received: from localhost ([127.0.0.1]:60045 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYcWO-0002yU-0e for submit@debbugs.gnu.org; Fri, 30 Oct 2020 18:05:20 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42218) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYcWM-0002yF-OU for 44261@debbugs.gnu.org; Fri, 30 Oct 2020 18:05:19 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:55268) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kYcWF-0003Ti-Vt; Fri, 30 Oct 2020 18:05:12 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=59316 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kYcWF-0002uh-D7; Fri, 30 Oct 2020 18:05:11 -0400 From: Jan Nieuwenhuizen Organization: AvatarAcademy.nl References: <87blgn30w0.fsf@gnu.org> <875z6v2zz5.fsf@gnu.org> <871rhfxutl.fsf@gnu.org> X-Url: http://AvatarAcademy.nl Date: Fri, 30 Oct 2020 23:05:08 +0100 In-Reply-To: <871rhfxutl.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Fri, 30 Oct 2020 22:33:42 +0100") Message-ID: <877dr7s73f.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s writes: Hi! > As discussed on IRC, my initial advice about MS_PRIVATE was misguided. > The real issue is the =E2=80=9Crm_rf (new_root);=E2=80=9D call, which rem= oves the root > directory and thus leaves child processes (the daemon) with nothing. Yes, I'm not entirely sure what I thought to see yesterday; anyway the rm_rf (new_root) is indeed the thing that makes the daemon crash. > The attached patch adds a test loosely based on yours and a fix for > that. The fix (for the =E2=80=9Cuserns=E2=80=9D engine) is to make NEW_R= OOT a tmpfs, > such that upon completion, all we need to do is to unmount it and remove > it; it lives on as the root file system of child processes. > > In the =E2=80=9Cfakechroot=E2=80=9D case, we have to leave NEW_ROOT behin= d, which is not > great but acceptable (it=E2=80=99s user-owned, #o700, and it=E2=80=99s un= der /tmp). The > test only checks the =E2=80=9Cuserns=E2=80=9D engine. Yes, I think this is acceptable. > If you confirm that it works for you and looks reasonable, we can apply > it. Yes, this works. The test and also my reproducer now work fine. Thanks a lot! Janneke --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com From unknown Sat Jun 21 05:12:49 2025 MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) X-Loop: help-debbugs@gnu.org From: help-debbugs@gnu.org (GNU bug Tracking System) To: Jan Nieuwenhuizen Subject: bug#44261: closed (Re: bug#44261: running a daemon with userns in relocateble pack breaks) Message-ID: References: <87blgirqbe.fsf@gnu.org> <87blgn30w0.fsf@gnu.org> X-Gnu-PR-Message: they-closed 44261 X-Gnu-PR-Package: guix Reply-To: 44261@debbugs.gnu.org Date: Sat, 31 Oct 2020 22:20:02 +0000 Content-Type: multipart/mixed; boundary="----------=_1604182802-24893-1" This is a multi-part message in MIME format... ------------=_1604182802-24893-1 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Your bug report #44261: running a daemon with userns in relocateble pack breaks which was filed against the guix package, has been closed. The explanation is attached below, along with your original report. If you require more details, please reply to 44261@debbugs.gnu.org. --=20 44261: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D44261 GNU Bug Tracking System Contact help-debbugs@gnu.org with problems ------------=_1604182802-24893-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at 44261-done) by debbugs.gnu.org; 31 Oct 2020 22:19:57 +0000 Received: from localhost ([127.0.0.1]:34840 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYzE5-0006T8-0Q for submit@debbugs.gnu.org; Sat, 31 Oct 2020 18:19:57 -0400 Received: from eggs.gnu.org ([209.51.188.92]:48868) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kYzE4-0006Sv-2J for 44261-done@debbugs.gnu.org; Sat, 31 Oct 2020 18:19:56 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:44833) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kYzDy-0004UN-RO; Sat, 31 Oct 2020 18:19:50 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=46358 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kYzDy-0006JL-8M; Sat, 31 Oct 2020 18:19:50 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Jan Nieuwenhuizen Subject: Re: bug#44261: running a daemon with userns in relocateble pack breaks References: <87blgn30w0.fsf@gnu.org> <875z6v2zz5.fsf@gnu.org> <871rhfxutl.fsf@gnu.org> <877dr7s73f.fsf@gnu.org> Date: Sat, 31 Oct 2020 23:19:49 +0100 In-Reply-To: <877dr7s73f.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Fri, 30 Oct 2020 23:05:08 +0100") Message-ID: <87blgirqbe.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 44261-done Cc: 44261-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi, Jan Nieuwenhuizen skribis: > Ludovic Court=C3=A8s writes: [...] >> The attached patch adds a test loosely based on yours and a fix for >> that. The fix (for the =E2=80=9Cuserns=E2=80=9D engine) is to make NEW_= ROOT a tmpfs, >> such that upon completion, all we need to do is to unmount it and remove >> it; it lives on as the root file system of child processes. >> >> In the =E2=80=9Cfakechroot=E2=80=9D case, we have to leave NEW_ROOT behi= nd, which is not >> great but acceptable (it=E2=80=99s user-owned, #o700, and it=E2=80=99s u= nder /tmp). The >> test only checks the =E2=80=9Cuserns=E2=80=9D engine. > > Yes, I think this is acceptable. > >> If you confirm that it works for you and looks reasonable, we can apply >> it. > > Yes, this works. The test and also my reproducer now work fine. Thanks for checking, I pushed the fix as bfe82fe2f6e9f34c0774fe2114cdc7e937ba8bd2. Ludo=E2=80=99. ------------=_1604182802-24893-1 Content-Type: message/rfc822 Content-Disposition: inline Content-Transfer-Encoding: 7bit Received: (at submit) by debbugs.gnu.org; 27 Oct 2020 19:49:25 +0000 Received: from localhost ([127.0.0.1]:45954 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kXUyD-0005va-EM for submit@debbugs.gnu.org; Tue, 27 Oct 2020 15:49:25 -0400 Received: from lists.gnu.org ([209.51.188.17]:39034) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kXUyC-0005vT-8M for submit@debbugs.gnu.org; Tue, 27 Oct 2020 15:49:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:52934) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kXUyB-0006uB-U4 for bug-guix@gnu.org; Tue, 27 Oct 2020 15:49:23 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:57285) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kXUyB-0007ak-LW; Tue, 27 Oct 2020 15:49:23 -0400 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=55424 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kXUyB-000469-38; Tue, 27 Oct 2020 15:49:23 -0400 From: Jan Nieuwenhuizen To: bug-guix@gnu.org Subject: running a daemon with userns in relocateble pack breaks Organization: AvatarAcademy.nl X-Url: http://AvatarAcademy.nl Date: Tue, 27 Oct 2020 20:49:19 +0100 Message-ID: <87blgn30w0.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain Hi! As mentioned on IRC, running a daemon from a guix relocatable pack on a foreign distro using the user namespace feature is troublesome: it looks as if the daemon "loses" (its view of) the file-system once the parent process that creates the daemon exits. I'm attatching a package description for a test package "vork". It builds a program "test" that forks the program "daemon". The daemon program reads a character from /dev/urandom, prints it, and sleeps for a second; 10 times. The "test" parent program exits after 5 seconds. When the parent program exits, the daemon crashes. To reproduce, put "vork.scm" in a fresh directory and do something like: --8<---------------cut here---------------start------------->8--- fakeroot tar xf $(GUIX_PACKAGE_PATH=. guix pack --relocatable\ --symlink=/gnu/bin=bin guile shepherd vork --no-offload) guix gc -D $(guix build -f vork.scm) touch /tmp/daemon.log tail -f /tmp/daemon.log & GUILE_LOAD_COMPILED_PATH=$PWD/$(ls -1d gnu/store/*profile)/lib/guile/3.0/ccache\ :$PWD/$(ls -1d gnu/store/*profile)/lib/guile/3.0/site-ccache gnu/bin/test --8<---------------cut here---------------end--------------->8--- this gives something like --8<---------------cut here---------------start------------->8--- .daemon-start daemon: 10 ? .daemon: 9 ? .daemon: 8 T .daemon: 7 ^O .daemon: 6 O exit 20:42:38 janneke@dundal:~/src/guix/master/vork [env] $ 20:42:38 janneke@dundal:~/src/guix/master/vork [env] $ Backtrace: Exception thrown while printing backtrace: In procedure public-lookup: Module named (system repl debug) does not exist --8<---------------cut here---------------end--------------->8--- Greetings, Janneke --=-=-= Content-Type: application/octet-stream Content-Disposition: attachment; filename=vork.scm Content-Transfer-Encoding: base64 KGRlZmluZS1tb2R1bGUgKHZvcmspCiAgIzp1c2UtbW9kdWxlIChndWl4IGxpY2Vuc2VzKQogICM6 dXNlLW1vZHVsZSAoZ3VpeCBidWlsZC1zeXN0ZW0gdHJpdmlhbCkKICAjOnVzZS1tb2R1bGUgKGd1 aXggcGFja2FnZXMpCiAgIzp1c2UtbW9kdWxlIChnbnUgcGFja2FnZXMgYWRtaW4pCiAgIzp1c2Ut bW9kdWxlIChnbnUgcGFja2FnZXMgZ3VpbGUpCiAgIzp1c2UtbW9kdWxlIChnbnUgcGFja2FnZXMg cGtnLWNvbmZpZykpCgooZGVmaW5lLXB1YmxpYyBzaGVwaGVyZC1ndWlsZS0zLjAtbGF0ZXN0CiAg KHBhY2thZ2UKICAgIChpbmhlcml0IHNoZXBoZXJkKQogICAgKG5hdGl2ZS1pbnB1dHMKICAgICBg KCgicGtnLWNvbmZpZyIgLHBrZy1jb25maWcpCiAgICAgICAoImd1aWxlIiAsZ3VpbGUtMy4wLWxh dGVzdCkpKQogICAgKGlucHV0cwogICAgIGAoKCJndWlsZSIgLGd1aWxlLTMuMC1sYXRlc3QpKSkp KQoKKGRlZmluZS1wdWJsaWMgdm9yawogIChwYWNrYWdlCiAgICAobmFtZSAidm9yayIpCiAgICAo dmVyc2lvbiAiMCIpCiAgICAoc291cmNlICNmKQogICAgKGJ1aWxkLXN5c3RlbSB0cml2aWFsLWJ1 aWxkLXN5c3RlbSkKICAgIChpbnB1dHMgYCgoImd1aWxlIiAsZ3VpbGUtMy4wLWxhdGVzdCkKICAg ICAgICAgICAgICAoInNoZXBoZXJkIiAsc2hlcGhlcmQtZ3VpbGUtMy4wLWxhdGVzdCkpKQogICAg KGFyZ3VtZW50cwogICAgIGAoIzpndWlsZSAsZ3VpbGUtMy4wLWxhdGVzdAogICAgICAgIzptb2R1 bGVzICgoaWNlLTkgcG9wZW4pCiAgICAgICAgICAgICAgICAgIChndWl4IGJ1aWxkIHV0aWxzKSkK ICAgICAgICM6YnVpbGRlcgogICAgICAgKGJlZ2luCiAgICAgICAgICh1c2UtbW9kdWxlcyAoaWNl LTkgcG9wZW4pCiAgICAgICAgICAgICAgICAgICAgICAoZ3VpeCBidWlsZCB1dGlscykpCiAgICAg ICAgIChsZXQqICgob3V0IChhc3NvYy1yZWYgJW91dHB1dHMgIm91dCIpKQogICAgICAgICAgICAg ICAgKGJpbiAoc3RyaW5nLWFwcGVuZCBvdXQgIi9iaW4iKSkKICAgICAgICAgICAgICAgIChndWls ZSAoYXNzb2MtcmVmICVidWlsZC1pbnB1dHMgImd1aWxlIikpCiAgICAgICAgICAgICAgICAoZ3Vp bGUgKHN0cmluZy1hcHBlbmQgZ3VpbGUgIi9iaW4vZ3VpbGUiKSkKICAgICAgICAgICAgICAgIChk YWVtb24gKHN0cmluZy1hcHBlbmQgYmluICIvZGFlbW9uIikpCiAgICAgICAgICAgICAgICAodGVz dCAoc3RyaW5nLWFwcGVuZCBiaW4gIi90ZXN0IikpKQogICAgICAgICAgIChta2Rpci1wIGJpbikK ICAgICAgICAgICAoY2FsbC13aXRoLW91dHB1dC1maWxlIHRlc3QKICAgICAgICAgICAgIChsYW1i ZGEgKHApCiAgICAgICAgICAgICAgIChmb3JtYXQgcCAiIyEgfmEgLS1uby1hdXRvLWNvbXBpbGVc biIgZ3VpbGUgcCkKICAgICAgICAgICAgICAgKGZvcm1hdCBwICIhIwoodXNlLW1vZHVsZXMgKHNo ZXBoZXJkIHNlcnZpY2UpKQooZm9yaytleGVjLWNvbW1hbmQgKGxpc3QgfnMpICM6bG9nLWZpbGUg XCIvdG1wL2RhZW1vbi5sb2dcIikKKGxldCBsb29wICgoY291bnQgNSkpCiAgKHVubGVzcyAoemVy bz8gY291bnQpCiAgICAoZGlzcGxheSBcIi5cIikKICAgIChzbGVlcCAxKQogICAgKGxvb3AgKDEt IGNvdW50KSkpKQooZm9ybWF0ICN0IFwiXFxuZXhpdFxcblwiKQoiIGRhZW1vbikpKQogICAgICAg ICAgIChjaG1vZCB0ZXN0ICNvNzU1KQogICAgICAgICAgIChjYWxsLXdpdGgtb3V0cHV0LWZpbGUg ZGFlbW9uCiAgICAgICAgICAgICAobGFtYmRhIChwKQogICAgICAgICAgICAgICAoZm9ybWF0IHAg IiMhIH5hIC0tbm8tYXV0by1jb21waWxlXG4iIGd1aWxlIHApCiAgICAgICAgICAgICAgIChkaXNw bGF5ICIhIwooZm9ybWF0ICN0IFwiZGFlbW9uLXN0YXJ0XFxuXCIpCihsZXQgbG9vcCAoKGNvdW50 IDEwKSkKICAodW5sZXNzICh6ZXJvPyBjb3VudCkKICAgIChsZXQgKChjaGFyICh3aXRoLWlucHV0 LWZyb20tZmlsZSBcIi9kZXYvdXJhbmRvbVwiIHJlYWQtY2hhcikpKQogICAgICAoZm9ybWF0ICN0 IFwiZGFlbW9uOiB+YSB+YVxcblwiIGNvdW50IGNoYXIpCiAgICAgIChmb3JjZS1vdXRwdXQgKGN1 cnJlbnQtb3V0cHV0LXBvcnQpKQogICAgICAoY2FsbC13aXRoLW91dHB1dC1maWxlIFwiL2Rldi9u dWxsXCIKICAgICAgICAobGFtYmRhIChwKSAoZm9ybWF0IHAgXCJkYWVtb246IH5hIH5hXFxuXCIg Y291bnQgY2hhcikpKQogICAgICAoc2xlZXAgMSkKICAgICAgKGxvb3AgKDEtIGNvdW50KSkpKSkK KGZvcm1hdCAjdCBcIlxuZGFlbW9uLWV4aXRcXG5cIikKIiBwKSkpCiAgICAgICAgICAgKGNobW9k IGRhZW1vbiAjbzc1NSkpCiAgICAgICAgICN0KSkpCiAgICAoaG9tZS1wYWdlICJodHRwczovL2Rl enluZS5vcmciKQogICAgKHN5bm9wc2lzICJ2b3JrIikKICAgIChkZXNjcmlwdGlvbiAidm9yayIp CiAgICAobGljZW5zZSBncGwzKykpKQoKdm9yawoK --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com --=-=-=-- ------------=_1604182802-24893-1-- From unknown Sat Jun 21 05:12:49 2025 X-Loop: help-debbugs@gnu.org Subject: bug#44261: running a daemon with userns in relocateble pack breaks Resent-From: Jan Nieuwenhuizen Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 01 Nov 2020 06:08:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 44261 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 44261-done@debbugs.gnu.org Received: via spool by 44261-done@debbugs.gnu.org id=D44261.160421087923376 (code D ref 44261); Sun, 01 Nov 2020 06:08:01 +0000 Received: (at 44261-done) by debbugs.gnu.org; 1 Nov 2020 06:07:59 +0000 Received: from localhost ([127.0.0.1]:35481 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kZ6X1-00064w-1k for submit@debbugs.gnu.org; Sun, 01 Nov 2020 01:07:59 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56474) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kZ6Wy-00064i-5Q for 44261-done@debbugs.gnu.org; Sun, 01 Nov 2020 01:07:57 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]:50323) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kZ6Wr-0005jM-Em; Sun, 01 Nov 2020 01:07:49 -0500 Received: from [2001:980:1b4f:1:42d2:832d:bb59:862] (port=59368 helo=dundal.janneke.lilypond.org) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kZ6Wr-0005z0-12; Sun, 01 Nov 2020 01:07:49 -0500 From: Jan Nieuwenhuizen Organization: AvatarAcademy.nl References: <87blgn30w0.fsf@gnu.org> <875z6v2zz5.fsf@gnu.org> <871rhfxutl.fsf@gnu.org> <877dr7s73f.fsf@gnu.org> <87blgirqbe.fsf@gnu.org> X-Url: http://AvatarAcademy.nl Date: Sun, 01 Nov 2020 07:07:47 +0100 In-Reply-To: <87blgirqbe.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Sat, 31 Oct 2020 23:19:49 +0100") Message-ID: <87pn4x8v9o.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Ludovic Court=C3=A8s writes: Hello, > Jan Nieuwenhuizen skribis: > >> Ludovic Court=C3=A8s writes: > > [...] > >>> If you confirm that it works for you and looks reasonable, we can apply >>> it. >> >> Yes, this works. The test and also my reproducer now work fine. > > Thanks for checking, I pushed the fix as > bfe82fe2f6e9f34c0774fe2114cdc7e937ba8bd2. \o/ Thank you Janneke. --=20 Jan Nieuwenhuizen | GNU LilyPond http://lilypond.org Freelance IT http://JoyofSource.com | Avatar=C2=AE http://AvatarAcademy.com