GNU bug report logs -
#78363
Home is read-only in guix shell container
Previous Next
Reported by: keinflue <keinflue <at> posteo.net>
Date: Sat, 10 May 2025 23:00:02 UTC
Severity: normal
Merged with 78440
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 78363 in the body.
You can then email your comments to 78363 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Sat, 10 May 2025 23:00:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
keinflue <keinflue <at> posteo.net>:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org.
(Sat, 10 May 2025 23:00:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
I am not sure whether this is intended behavior, but it seems weird to
me. Inside e.g.
guix shell -Cu test coreutils
/home/test is mounted read-only and I do not see any way to make it
writable without sharing a host directory.
Information forwarded
to
bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Sun, 11 May 2025 11:45:03 GMT)
Full text and
rfc822 format available.
Message #8 received at 78363 <at> debbugs.gnu.org (full text, mbox):
> I am not sure whether this is intended behavior, but it seems weird to
> me. Inside e.g.
>
> guix shell -Cu test coreutils
>
> /home/test is mounted read-only and I do not see any way to make it
> writable without sharing a host directory.
Yes this is intentional. The root has been changed to read only
recently. See the guix news. Use --writable-root to restore the previous behavior.
Information forwarded
to
bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Sun, 11 May 2025 12:17:03 GMT)
Full text and
rfc822 format available.
Message #11 received at 78363 <at> debbugs.gnu.org (full text, mbox):
Oh ok, if that is intentionally including the home directory, then
everything is ok. I missed the --writable-root option when reading the
man page.
This can be closed then.
On 11.05.2025 13:44, Rutherther wrote:
>> I am not sure whether this is intended behavior, but it seems weird to
>> me. Inside e.g.
>>
>> guix shell -Cu test coreutils
>>
>> /home/test is mounted read-only and I do not see any way to make it
>> writable without sharing a host directory.
>
> Yes this is intentional. The root has been changed to read only
> recently. See the guix news. Use --writable-root to restore the
> previous behavior.
Information forwarded
to
bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Sun, 11 May 2025 15:37:04 GMT)
Full text and
rfc822 format available.
Message #14 received at 78363 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Rutherther via Bug reports for GNU Guix <bug-guix <at> gnu.org> writes:
>> I am not sure whether this is intended behavior, but it seems weird to
>> me. Inside e.g.
>>
>> guix shell -Cu test coreutils
>>
>> /home/test is mounted read-only and I do not see any way to make it
>> writable without sharing a host directory.
>
> Yes this is intentional. The root has been changed to read only
> recently. See the guix news. Use --writable-root to restore the previous behavior.
I think this is a bug, just like issues.guix.gnu.org/78272
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Sun, 11 May 2025 16:32:02 GMT)
Full text and
rfc822 format available.
Message #17 received at 78363 <at> debbugs.gnu.org (full text, mbox):
Hi,
keinflue <keinflue <at> posteo.net> writes:
> I am not sure whether this is intended behavior, but it seems weird to
> me. Inside e.g.
>
> guix shell -Cu test coreutils
>
> /home/test is mounted read-only and I do not see any way to make it
> writable without sharing a host directory.
As noted in the ‘guix pull’ news, you can use ‘--writable-root’.
Otherwise, everything but the current directory and /tmp is read-only.
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Sun, 11 May 2025 20:27:02 GMT)
Full text and
rfc822 format available.
Message #20 received at 78363 <at> debbugs.gnu.org (full text, mbox):
Ludovic Courtès <ludo <at> gnu.org> writes:
> keinflue <keinflue <at> posteo.net> writes:
>
>> I am not sure whether this is intended behavior, but it seems weird to
>> me. Inside e.g.
>>
>> guix shell -Cu test coreutils
>>
>> /home/test is mounted read-only and I do not see any way to make it
>> writable without sharing a host directory.
>
> As noted in the ‘guix pull’ news, you can use ‘--writable-root’.
> Otherwise, everything but the current directory and /tmp is read-only.
Does that make sense though? You have already made an exception for
/tmp, I would argue that ~ is another candidate for special-casing.
I think people would reasonably expect that touching a file in your own
home should work. But it does not:
--8<---------------cut here---------------start------------->8---
$ guix shell --no-cwd -C coreutils bash -- sh -c 'touch ~/foo'
touch: cannot touch '/home/user/foo': Read-only file system
--8<---------------cut here---------------end--------------->8---
Some software just fails to start in the container:
--8<---------------cut here---------------start------------->8---
$ guix shell --no-cwd -C deluge -- deluged
20:22:20 [ERROR ][deluge.common:136 ] Unable to use default config directory, exiting... ([Errno 30] Read-only file system: '/home/user/.config')
--8<---------------cut here---------------end--------------->8---
Sure, I *can* use --writable-root, but I agree that root being read-only
is a good idea. Maybe --writable-home, which would default to #t, would
be a good addition?
Tomas
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
Information forwarded
to
bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Wed, 14 May 2025 17:05:03 GMT)
Full text and
rfc822 format available.
Message #23 received at 78363 <at> debbugs.gnu.org (full text, mbox):
Hello,
Tomas Volf <~@wolfsden.cz> writes:
>> As noted in the ‘guix pull’ news, you can use ‘--writable-root’.
>> Otherwise, everything but the current directory and /tmp is read-only.
>
> Does that make sense though? You have already made an exception for
> /tmp, I would argue that ~ is another candidate for special-casing.
>
> I think people would reasonably expect that touching a file in your own
> home should work. But it does not:
>
> $ guix shell --no-cwd -C coreutils bash -- sh -c 'touch ~/foo'
> touch: cannot touch '/home/user/foo': Read-only file system
>
>
> Some software just fails to start in the container:
>
> $ guix shell --no-cwd -C deluge -- deluged
> 20:22:20 [ERROR ][deluge.common:136 ] Unable to use default config directory, exiting... ([Errno 30] Read-only file system: '/home/user/.config')
It’s surprising that deluged tries to write to ~/.config, but yeah, more
generally, I agree that many programs will want to write to ~/.cache and
the likes.
So hmm, maybe we can make another exception? It doesn’t hurt anyway
since it’s a tmpfs.
Ludo’.
Information forwarded
to
bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Fri, 16 May 2025 15:50:02 GMT)
Full text and
rfc822 format available.
Message #26 received at 78363 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Ludovic Courtès <ludo <at> gnu.org> writes:
>>> As noted in the ‘guix pull’ news, you can use ‘--writable-root’.
>>> Otherwise, everything but the current directory and /tmp is read-only.
>>
>> Does that make sense though? You have already made an exception for
>> /tmp, I would argue that ~ is another candidate for special-casing.
>>
>> I think people would reasonably expect that touching a file in your own
>> home should work. But it does not:
>>
>> $ guix shell --no-cwd -C coreutils bash -- sh -c 'touch ~/foo'
>> touch: cannot touch '/home/user/foo': Read-only file system
>>
>>
>> Some software just fails to start in the container:
>>
>> $ guix shell --no-cwd -C deluge -- deluged
>> 20:22:20 [ERROR ][deluge.common:136 ] Unable to use default config directory, exiting... ([Errno 30] Read-only file system: '/home/user/.config')
>
> It’s surprising that deluged tries to write to ~/.config,
In absence of the configuration, it generates default one and stores it
into the ~/.config/deluge. This behavior is sensible for this specific
program.
> but yeah, more generally, I agree that many programs will want to
> write to ~/.cache and the likes.
>
> So hmm, maybe we can make another exception? It doesn’t hurt anyway
> since it’s a tmpfs.
Yeah, I agree. I can try to produce a patch (I should have some time on
Sunday), but obviously anyone feel free to step in.
Tomas
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
[signature.asc (application/pgp-signature, inline)]
Information forwarded
to
bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Fri, 16 May 2025 20:46:04 GMT)
Full text and
rfc822 format available.
Message #29 received at 78363 <at> debbugs.gnu.org (full text, mbox):
Tomas Volf <~@wolfsden.cz> writes:
> Yeah, I agree. I can try to produce a patch (I should have some time on
> Sunday), but obviously anyone feel free to step in.
Wonderful, thanks. :-)
Ludo’.
Information forwarded
to
guix <at> cbaines.net, dev <at> jpoiret.xyz, ludo <at> gnu.org, othacehe <at> gnu.org, zimon.toutoune <at> gmail.com, me <at> tobias.gr, bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Sun, 18 May 2025 13:40:04 GMT)
Full text and
rfc822 format available.
Message #32 received at 78363 <at> debbugs.gnu.org (full text, mbox):
* guix/scripts/environment.scm (file-name-equal-or-under?): New procedure.
(override-user-mappings, override-user-dir): Use it.
Change-Id: Iadd9b838f6442a8080998ed7e07414db562068bf
---
guix/scripts/environment.scm | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index 3c66906793..bc06e97d7b 100644
--- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -979,6 +979,12 @@ (define (user-override-home user)
"Return home directory for override user USER."
(string-append "/home/" user))
+(define (file-name-equal-or-under? file-name directory)
+ "Is @var{file-name} equal to or under @var{directory}?"
+ (or (string=? directory file-name)
+ (and (string-prefix? directory file-name)
+ (char=? #\/ (string-ref file-name (string-length directory))))))
+
(define (override-user-mappings user home mappings)
"If a username USER is provided, rewrite each HOME prefix in file system
mappings MAPPINGS to a home directory determined by 'override-user-dir';
@@ -987,7 +993,7 @@ (define (override-user-mappings user home mappings)
mappings
(map (lambda (mapping)
(let ((target (file-system-mapping-target mapping)))
- (if (string-prefix? home target)
+ (if (file-name-equal-or-under? target home)
(file-system-mapping
(inherit mapping)
(target (override-user-dir user home target)))
@@ -997,7 +1003,7 @@ (define (override-user-mappings user home mappings)
(define (override-user-dir user home dir)
"If username USER is provided, overwrite string prefix HOME in DIR with a
directory determined by 'user-override-home'; otherwise, return DIR."
- (if (and user (string-prefix? home dir))
+ (if (and user (file-name-equal-or-under? dir home))
(string-append (user-override-home user)
(substring dir (string-length home)))
dir))
--
2.49.0
Information forwarded
to
guix <at> cbaines.net, dev <at> jpoiret.xyz, ludo <at> gnu.org, othacehe <at> gnu.org, zimon.toutoune <at> gmail.com, me <at> tobias.gr, bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Sun, 18 May 2025 13:40:12 GMT)
Full text and
rfc822 format available.
Message #35 received at 78363 <at> debbugs.gnu.org (full text, mbox):
* guix/scripts/environment.scm (override-user-mappings): Use inherit.
Change-Id: Iadd9b838f6442a8080998ed7e07414db562068bf
---
guix/scripts/environment.scm | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index 7103fdaf20..3c66906793 100644
--- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -989,9 +989,8 @@ (define (override-user-mappings user home mappings)
(let ((target (file-system-mapping-target mapping)))
(if (string-prefix? home target)
(file-system-mapping
- (source (file-system-mapping-source mapping))
- (target (override-user-dir user home target))
- (writable? (file-system-mapping-writable? mapping)))
+ (inherit mapping)
+ (target (override-user-dir user home target)))
mapping)))
mappings)))
--
2.49.0
Information forwarded
to
guix <at> cbaines.net, dev <at> jpoiret.xyz, ludo <at> gnu.org, othacehe <at> gnu.org, zimon.toutoune <at> gmail.com, me <at> tobias.gr, bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Sun, 18 May 2025 13:41:03 GMT)
Full text and
rfc822 format available.
Message #38 received at 78363 <at> debbugs.gnu.org (full text, mbox):
* guix/scripts/environment.scm (launch-environment/container): Add tmpfs for
home.
* tests/guix-environment-container.sh: Add test.
Change-Id: Iadd9b838f6442a8080998ed7e07414db562068bf
---
guix/scripts/environment.scm | 9 ++++++++-
tests/guix-environment-container.sh | 4 ++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index bc06e97d7b..96bbc6c9fa 100644
--- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -874,7 +874,14 @@ (define* (launch-environment/container #:key command bash user user-mappings
(writable? #f)))
reqs)))
(file-systems (append %container-file-systems
- (list tmpfs)
+ (list tmpfs ; RW /tmp
+ (file-system ; RW ~
+ (device "none")
+ (mount-point
+ (or (and=> user user-override-home)
+ home))
+ (type "tmpfs")
+ (check? #f)))
(if network?
(filter-map optional-mapping->fs
%network-file-mappings)
diff --git a/tests/guix-environment-container.sh b/tests/guix-environment-container.sh
index d0f19c8372..e1c3655846 100644
--- a/tests/guix-environment-container.sh
+++ b/tests/guix-environment-container.sh
@@ -199,6 +199,10 @@ guix environment --bootstrap --container --ad-hoc guile-bootstrap \
guix environment --bootstrap --container --ad-hoc guile-bootstrap \
-- guile -c '(mkdir "/tmp/foo")'
+# And so is ~.
+guix environment --bootstrap --container --ad-hoc guile-bootstrap \
+ -- guile -c '(mkdir (string-append (getenv "HOME") "/foo"))'
+
# Check the exit code.
--
2.49.0
Information forwarded
to
bug-guix <at> gnu.org:
bug#78363; Package
guix.
(Sun, 18 May 2025 13:46:02 GMT)
Full text and
rfc822 format available.
Message #41 received at 78363 <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Ludo',
Ludovic Courtès <ludo <at> gnu.org> writes:
> Tomas Volf <~@wolfsden.cz> writes:
>
>> Yeah, I agree. I can try to produce a patch (I should have some time on
>> Sunday), but obviously anyone feel free to step in.
>
> Wonderful, thanks. :-)
I have sent a couple of patches to this issue. It is 3 part series,
each patch is independent though. First is just a simplification,
second fixes unrelated bug, and third makes home writable. I can send
the first two as separate issues if your would prefer.
Anyway, let me know what you think.
Tomas
--
There are only two hard things in Computer Science:
cache invalidation, naming things and off-by-one errors.
[signature.asc (application/pgp-signature, inline)]
Merged 78363 78440.
Request was from
Ludovic Courtès <ludo <at> gnu.org>
to
control <at> debbugs.gnu.org.
(Sun, 18 May 2025 21:05:02 GMT)
Full text and
rfc822 format available.
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Sun, 18 May 2025 21:05:03 GMT)
Full text and
rfc822 format available.
Notification sent
to
keinflue <keinflue <at> posteo.net>:
bug acknowledged by developer.
(Sun, 18 May 2025 21:05:03 GMT)
Full text and
rfc822 format available.
Message #48 received at 78363-done <at> debbugs.gnu.org (full text, mbox):
Hello,
Tomas Volf <~@wolfsden.cz> writes:
> * guix/scripts/environment.scm (launch-environment/container): Add tmpfs for
> home.
> * tests/guix-environment-container.sh: Add test.
>
> Change-Id: Iadd9b838f6442a8080998ed7e07414db562068bf
I added a “Fixes” line referencing the initial bug report and applied
all three patches. Thanks!
11e88de060 * environment: Make home writable.
7a888d9841 * environment: Translate only file names under home directory.
8654aecf74 * environment: Use inherit for new mapping.
Ludo’.
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Sun, 18 May 2025 21:05:03 GMT)
Full text and
rfc822 format available.
Notification sent
to
"Navid.Afkhami <at> mdc-berlin.de" <Navid.Afkhami <at> mdc-berlin.de>:
bug acknowledged by developer.
(Sun, 18 May 2025 21:05:03 GMT)
Full text and
rfc822 format available.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Mon, 16 Jun 2025 11:24:10 GMT)
Full text and
rfc822 format available.
This bug report was last modified 1 day ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.