GNU bug report logs -
#44261
running a daemon with userns in relocateble pack breaks
Previous Next
Reported by: Jan Nieuwenhuizen <janneke <at> gnu.org>
Date: Tue, 27 Oct 2020 19:50:01 UTC
Severity: important
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
[Message part 1 (text/plain, inline)]
Your bug report
#44261: running a daemon with userns in relocateble pack breaks
which was filed against the guix package, has been closed.
The explanation is attached below, along with your original report.
If you require more details, please reply to 44261 <at> debbugs.gnu.org.
--
44261: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=44261
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems
[Message part 2 (message/rfc822, inline)]
Hi,
Jan Nieuwenhuizen <janneke <at> gnu.org> skribis:
> Ludovic Courtès writes:
[...]
>> The attached patch adds a test loosely based on yours and a fix for
>> that. The fix (for the “userns” engine) is to make NEW_ROOT a tmpfs,
>> such that upon completion, all we need to do is to unmount it and remove
>> it; it lives on as the root file system of child processes.
>>
>> In the “fakechroot” case, we have to leave NEW_ROOT behind, which is not
>> great but acceptable (it’s user-owned, #o700, and it’s under /tmp). The
>> test only checks the “userns” engine.
>
> Yes, I think this is acceptable.
>
>> If you confirm that it works for you and looks reasonable, we can apply
>> it.
>
> Yes, this works. The test and also my reproducer now work fine.
Thanks for checking, I pushed the fix as
bfe82fe2f6e9f34c0774fe2114cdc7e937ba8bd2.
Ludo’.
[Message part 3 (message/rfc822, inline)]
[Message part 4 (text/plain, inline)]
Hi!
As mentioned on IRC, running a daemon from a guix relocatable pack on a
foreign distro using the user namespace feature is troublesome: it looks
as if the daemon "loses" (its view of) the file-system once the parent
process that creates the daemon exits.
I'm attatching a package description for a test package "vork". It
builds a program "test" that forks the program "daemon".
The daemon program reads a character from /dev/urandom, prints it,
and sleeps for a second; 10 times.
The "test" parent program exits after 5 seconds. When the parent
program exits, the daemon crashes.
To reproduce, put "vork.scm" in a fresh directory and do something like:
--8<---------------cut here---------------start------------->8---
fakeroot tar xf $(GUIX_PACKAGE_PATH=. guix pack --relocatable\
--symlink=/gnu/bin=bin guile shepherd vork --no-offload)
guix gc -D $(guix build -f vork.scm)
touch /tmp/daemon.log
tail -f /tmp/daemon.log &
GUILE_LOAD_COMPILED_PATH=$PWD/$(ls -1d gnu/store/*profile)/lib/guile/3.0/ccache\
:$PWD/$(ls -1d gnu/store/*profile)/lib/guile/3.0/site-ccache gnu/bin/test
--8<---------------cut here---------------end--------------->8---
this gives something like
--8<---------------cut here---------------start------------->8---
.daemon-start
daemon: 10 ?
.daemon: 9 ?
.daemon: 8 T
.daemon: 7 ^O
.daemon: 6 O
exit
20:42:38 janneke <at> dundal:~/src/guix/master/vork [env]
$ 20:42:38 janneke <at> dundal:~/src/guix/master/vork [env]
$ Backtrace:
Exception thrown while printing backtrace:
In procedure public-lookup: Module named (system repl debug) does not exist
--8<---------------cut here---------------end--------------->8---
Greetings,
Janneke
[vork.scm (application/octet-stream, attachment)]
[Message part 6 (text/plain, inline)]
--
Jan Nieuwenhuizen <janneke <at> gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com
This bug report was last modified 4 years and 204 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.