GNU bug report logs -
#77862
guix-daemon run as non-root sets up /etc/group incorrectly in build container
Previous Next
Full log
Message #52 received at 77862 <at> debbugs.gnu.org (full text, mbox):
On 03.05.2025 18:14, Ludovic Courtès wrote:
> Hi,
>
> keinflue <keinflue <at> posteo.net> writes:
>
>> Unfortunately the python package also fails with equivalent test
>> failures. It also has another failure mode where it expects a syscall
>> to change ownership to the overflow uid to result in EPERM, while it
>> will produce EINVAL (which happens even if there are no supplementary
>> groups). Should I post the details here or open a new issue?
>
> I think you can post it here. Perhaps we should eventually keep all
> the
> issues in this category together in a text file somewhere, with log
> excerpts: that would allow us to better assess the packages affected by
> this difference between the privileged and the unprivileged daemon is.
It seems that the "chown to overflowgid" issue is somewhat widespread. I
also see the testsuite for go (bootstrap) failing in the same way. I'd
guess most implementations of "chown" system call wrappers in various
languages will have test cases like this that fail to anticipate user
namespaces. I will let my system build keep running a bit longer and
will then post the list of packages I found with log excerpts here.
>
> I wonder if we should set up a separate Cuirass instance or something
> building everything with the unprivileged daemon.
That would probably help since I am going to only test the packages that
I am using myself in order to evaluate switching to the unprivileged
guix-daemon. I don't have the resources to do more.
> Thanks,
> Ludo’.
This bug report was last modified 9 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.