GNU bug report logs - #64014
'guix pack -R' breaks bubblewrap

Previous Next

Package: guix;

Reported by: André A. Gomes <andremegafone <at> gmail.com>

Date: Mon, 12 Jun 2023 13:00:02 UTC

Severity: normal

Tags: moreinfo

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 64014 in the body.
You can then email your comments to 64014 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#64014; Package guix. (Mon, 12 Jun 2023 13:00:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to André A. Gomes <andremegafone <at> gmail.com>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Mon, 12 Jun 2023 13:00:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: André A. Gomes <andremegafone <at> gmail.com>
To: bug-guix <at> gnu.org
Subject: guix pack regression 
Date: Mon, 12 Jun 2023 15:59:25 +0300

Hello Guix,

I've produced a guix pack with the same command that I've always used
(which includes passing the -RR flag), but I now get the following
message:

--8<---------------cut here---------------start------------->8---
bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
--8<---------------cut here---------------end--------------->8---

Any ideas?  Thanks.


Guix version:

--8<---------------cut here---------------start------------->8---
  guix f36b8a9
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: f36b8a9763087d2b9d3705595fbc34b054297ab8
--8<---------------cut here---------------end--------------->8---

-- 
André A. Gomes
"You cannot even find the ruins..."
Information forwarded to bug-guix <at> gnu.org:
bug#64014; Package guix. (Thu, 15 Jun 2023 16:00:02 GMT) Full text and rfc822 format available.

Message #8 received at 64014 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: André A. Gomes <andremegafone <at> gmail.com>
Cc: 64014 <at> debbugs.gnu.org
Subject: Re: bug#64014: guix pack regression 
Date: Thu, 15 Jun 2023 17:57:19 +0200

Hi,

André A. Gomes <andremegafone <at> gmail.com> skribis:

> I've produced a guix pack with the same command that I've always used
> (which includes passing the -RR flag), but I now get the following
> message:
>
> bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.

This message is apparently from bubblewrap, not from Guix.

I suppose you might get this is you do ‘guix pack -R bubblewrap’ and
then try to run ‘bwrap’ from that pack: the ‘bwrap’ executable already
runs in a separate user namespace and might be unable to create one (?).

HTH,
Ludo’.
Information forwarded to bug-guix <at> gnu.org:
bug#64014; Package guix. (Thu, 15 Jun 2023 16:12:02 GMT) Full text and rfc822 format available.

Message #11 received at 64014 <at> debbugs.gnu.org (full text, mbox):

From: André A. Gomes <andremegafone <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 64014 <at> debbugs.gnu.org
Subject: Re: bug#64014: guix pack regression
Date: Thu, 15 Jun 2023 19:10:55 +0300

Ludovic Courtès <ludo <at> gnu.org> writes:

> I suppose you might get this is you do ‘guix pack -R bubblewrap’ and
> then try to run ‘bwrap’ from that pack: the ‘bwrap’ executable already
> runs in a separate user namespace and might be unable to create one (?).

Hi Ludovic,

Thanks for the answer.  You've helped me to figure it out.  The guix
pack I've created has webkitgtk in it, which in turn uses bubblewrap.

However, I didn't have this issue in the past.  It could be that
webkitgtk changed something in their logic perhaps.  I'd have to look
deeper.

Another strategy would be to try to reproduce your recipe in an older
Guix version to see what happens (guix pack -R bubblewrap followed by
bwrap).


-- 
André A. Gomes
"You cannot even find the ruins..."
Information forwarded to bug-guix <at> gnu.org:
bug#64014; Package guix. (Sat, 17 Jun 2023 14:09:01 GMT) Full text and rfc822 format available.

Message #14 received at 64014 <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: André A. Gomes <andremegafone <at> gmail.com>
Cc: 64014 <at> debbugs.gnu.org
Subject: Re: bug#64014: guix pack regression 
Date: Sat, 17 Jun 2023 16:08:24 +0200

Hi,

André A. Gomes <andremegafone <at> gmail.com> skribis:

> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> I suppose you might get this is you do ‘guix pack -R bubblewrap’ and
>> then try to run ‘bwrap’ from that pack: the ‘bwrap’ executable already
>> runs in a separate user namespace and might be unable to create one (?).

[...]

> Another strategy would be to try to reproduce your recipe in an older
> Guix version to see what happens (guix pack -R bubblewrap followed by
> bwrap).

Yes, that’d be great.  If you still have that older pack that didn’t
have the problem, you could also run it under ‘strace -f -o
/tmp/log.strace’ to see what happens before the failure.

Thanks,
Ludo’.
Added tag(s) moreinfo. Request was from Ludovic Courtès <ludo <at> gnu.org> to control <at> debbugs.gnu.org. (Sat, 17 Jun 2023 14:09:02 GMT) Full text and rfc822 format available.
Changed bug title to ''guix pack -R' breaks bubblewrap' from 'guix pack regression ' Request was from Ludovic Courtès <ludo <at> gnu.org> to control <at> debbugs.gnu.org. (Sat, 17 Jun 2023 14:10:01 GMT) Full text and rfc822 format available.
Information forwarded to bug-guix <at> gnu.org:
bug#64014; Package guix. (Fri, 30 Jun 2023 14:57:02 GMT) Full text and rfc822 format available.

Message #21 received at 64014 <at> debbugs.gnu.org (full text, mbox):

From: André A. Gomes <andremegafone <at> gmail.com>
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: 64014 <at> debbugs.gnu.org
Subject: Re: bug#64014: guix pack regression
Date: Fri, 30 Jun 2023 17:56:18 +0300

Ludovic Courtès <ludo <at> gnu.org> writes:

> Yes, that’d be great.  If you still have that older pack that didn’t
> have the problem, you could also run it under ‘strace -f -o
> /tmp/log.strace’ to see what happens before the failure.

Ludovic, I didn't reach any meaningful conclusion.  Please close this
issue.  Thanks.


-- 
André A. Gomes
"You cannot even find the ruins..."
Reply sent to Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility. (Mon, 10 Jul 2023 21:31:01 GMT) Full text and rfc822 format available.
Notification sent to André A. Gomes <andremegafone <at> gmail.com>:
bug acknowledged by developer. (Mon, 10 Jul 2023 21:31:02 GMT) Full text and rfc822 format available.

Message #26 received at 64014-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: André A. Gomes <andremegafone <at> gmail.com>
Cc: 64014-done <at> debbugs.gnu.org
Subject: Re: bug#64014: guix pack regression
Date: Mon, 10 Jul 2023 23:30:07 +0200

André A. Gomes <andremegafone <at> gmail.com> skribis:

> Ludovic Courtès <ludo <at> gnu.org> writes:
>
>> Yes, that’d be great.  If you still have that older pack that didn’t
>> have the problem, you could also run it under ‘strace -f -o
>> /tmp/log.strace’ to see what happens before the failure.
>
> Ludovic, I didn't reach any meaningful conclusion.  Please close this
> issue.  Thanks.

Done!
bug archived. Request was from Debbugs Internal Request <help-debbugs <at> gnu.org> to internal_control <at> debbugs.gnu.org. (Tue, 08 Aug 2023 11:24:05 GMT) Full text and rfc822 format available.
This bug report was last modified 1 year and 321 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.