GNU bug report logs - #69708
Guix-Jupyter download directive: "Operation not permitted"

Previous Next

Package: guix;

Reported by: Troy Figiel <troy <at> troyfigiel.com>

Date: Sun, 10 Mar 2024 11:19:02 UTC

Severity: normal

To reply to this bug, email your comments to 69708 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to bug-guix <at> gnu.org:
bug#69708; Package guix. (Sun, 10 Mar 2024 11:19:02 GMT) Full text and rfc822 format available.
Acknowledgement sent to Troy Figiel <troy <at> troyfigiel.com>:
New bug report received and forwarded. Copy sent to bug-guix <at> gnu.org. (Sun, 10 Mar 2024 11:19:02 GMT) Full text and rfc822 format available.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Troy Figiel <troy <at> troyfigiel.com>
To: bug-guix <at> gnu.org
Subject: Guix-Jupyter download directive: "Operation not permitted"
Date: Sun, 10 Mar 2024 12:17:25 +0100

Hi Guix-Jupyter,

Please let me know if this is the right location to file a bug. Since I
don't have an account on gitlab.inria.fr, I can't file an issue there.

In any case, the ;;guix download directive assumes the ability to hard
link from the gnu store to your tmp directory. This killed the Guix
kernel and returned an "Operation not permitted" error in my Jupyter
console.

As it turns out, there is a kernel parameter called
"fs.protected_hardlinks" which prevents the creation of hard links by
users that do not own the source. Since my gnu store is root owned and I
run Jupyter as non-root (hence creating the container in the tmp
directory as non-root), this fails. For my system
"fs.protected_hardlinks" was set to 1 by default. Setting it to 0 fixes
the problem.

However, I am not convinced hard linking is the right solution anyway.
For one, it is not uncommon to have tmp and the gnu store living on
different volumes (which seems to be fixed upstream, but not tagged
yet). Copying would be an improvement, as it circumvents these issues,
but with the obvious downside that it duplicates all the data.

I was thinking it might make more sense to bind mount the file into the
container. This would solve the above issues, but not duplicate the
data. The raw data would then be completely immutable, however, I do not
see this as a downside, since treating raw data as immutable is already
a good practice.

WDYT?

Best wishes,

Troy
This bug report was last modified 1 year and 97 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.