GNU bug report logs -
#44261
running a daemon with userns in relocateble pack breaks
Previous Next
Reported by: Jan Nieuwenhuizen <janneke <at> gnu.org>
Date: Tue, 27 Oct 2020 19:50:01 UTC
Severity: important
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your message dated Sat, 31 Oct 2020 23:19:49 +0100
with message-id <87blgirqbe.fsf <at> gnu.org>
and subject line Re: bug#44261: running a daemon with userns in relocateble pack breaks
has caused the debbugs.gnu.org bug report #44261,
regarding running a daemon with userns in relocateble pack breaks
to be marked as done.
(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)
--
44261: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=44261
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
[Message part 3 (text/plain, inline)]
Hi!
As mentioned on IRC, running a daemon from a guix relocatable pack on a
foreign distro using the user namespace feature is troublesome: it looks
as if the daemon "loses" (its view of) the file-system once the parent
process that creates the daemon exits.
I'm attatching a package description for a test package "vork". It
builds a program "test" that forks the program "daemon".
The daemon program reads a character from /dev/urandom, prints it,
and sleeps for a second; 10 times.
The "test" parent program exits after 5 seconds. When the parent
program exits, the daemon crashes.
To reproduce, put "vork.scm" in a fresh directory and do something like:
--8<---------------cut here---------------start------------->8---
fakeroot tar xf $(GUIX_PACKAGE_PATH=. guix pack --relocatable\
--symlink=/gnu/bin=bin guile shepherd vork --no-offload)
guix gc -D $(guix build -f vork.scm)
touch /tmp/daemon.log
tail -f /tmp/daemon.log &
GUILE_LOAD_COMPILED_PATH=$PWD/$(ls -1d gnu/store/*profile)/lib/guile/3.0/ccache\
:$PWD/$(ls -1d gnu/store/*profile)/lib/guile/3.0/site-ccache gnu/bin/test
--8<---------------cut here---------------end--------------->8---
this gives something like
--8<---------------cut here---------------start------------->8---
.daemon-start
daemon: 10 ?
.daemon: 9 ?
.daemon: 8 T
.daemon: 7 ^O
.daemon: 6 O
exit
20:42:38 janneke <at> dundal:~/src/guix/master/vork [env]
$ 20:42:38 janneke <at> dundal:~/src/guix/master/vork [env]
$ Backtrace:
Exception thrown while printing backtrace:
In procedure public-lookup: Module named (system repl debug) does not exist
--8<---------------cut here---------------end--------------->8---
Greetings,
Janneke
[vork.scm (application/octet-stream, attachment)]
[Message part 5 (text/plain, inline)]
--
Jan Nieuwenhuizen <janneke <at> gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
[Message part 6 (message/rfc822, inline)]
Hi,
Jan Nieuwenhuizen <janneke <at> gnu.org> skribis:
> Ludovic Courtès writes:
[...]
>> The attached patch adds a test loosely based on yours and a fix for
>> that. The fix (for the “userns” engine) is to make NEW_ROOT a tmpfs,
>> such that upon completion, all we need to do is to unmount it and remove
>> it; it lives on as the root file system of child processes.
>>
>> In the “fakechroot” case, we have to leave NEW_ROOT behind, which is not
>> great but acceptable (it’s user-owned, #o700, and it’s under /tmp). The
>> test only checks the “userns” engine.
>
> Yes, I think this is acceptable.
>
>> If you confirm that it works for you and looks reasonable, we can apply
>> it.
>
> Yes, this works. The test and also my reproducer now work fine.
Thanks for checking, I pushed the fix as
bfe82fe2f6e9f34c0774fe2114cdc7e937ba8bd2.
Ludo’.
This bug report was last modified 4 years and 204 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.