From mboxrd@z Thu Jan 1 00:00:00 1970 From: Dylan Jeffers Subject: bug#24108: guix make tests failure Date: Sat, 30 Jul 2016 17:40:27 -0700 Message-ID: <20160730174027.0551e855@openmailbox.org> References: <4c03321977ef605cc34a23986d83ce47@openmailbox.org> <874m77e0ky.fsf@gnu.org> <20160730104312.2166ffa5@openmailbox.org> <87bn1ebynp.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:39306) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bTeoV-00031h-Qv for bug-guix@gnu.org; Sat, 30 Jul 2016 20:41:08 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bTeoQ-0003rb-OH for bug-guix@gnu.org; Sat, 30 Jul 2016 20:41:06 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:54580) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bTeoQ-0003rP-Kv for bug-guix@gnu.org; Sat, 30 Jul 2016 20:41:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bTeoQ-0004TT-Gg for bug-guix@gnu.org; Sat, 30 Jul 2016 20:41:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87bn1ebynp.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 24108@debbugs.gnu.org On Sat, 30 Jul 2016 23:31:54 +0200 ludo@gnu.org (Ludovic Court=C3=A8s) wrote: > Dylan Jeffers skribis: >=20 > > On Sat, 30 Jul 2016 15:07:25 +0200 > > ludo@gnu.org (Ludovic Court=C3=A8s) wrote: =20 >=20 > [...] >=20 > >> > test-name: clone > >> > location: /home/sapientech/Dev/guix/guix_wip/tests/syscalls.scm:109 > >> > source: > >> > + (test-assert > >> > + "clone" > >> > + (match (clone (logior CLONE_NEWUSER SIGCHLD)) > >> > + (0 (primitive-exit 42)) > >> > + (pid (and (not (equal? > >> > + (readlink (user-namespace pid)) > >> > + (readlink (user-namespace > >> > (getpid))))) > >> > + (match (waitpid pid) > >> > + ((_ . status) (=3D 42 (status:exit-val > >> > status)))))))) actual-value: #f > >> > actual-error: > >> > + (system-error > >> > + "clone" > >> > + "~d: ~A" > >> > + (268435473 "Operation not permitted") > >> > + (1)) > >> > result: FAIL =20 > >>=20 > >> What does =E2=80=9Cuname -srv=E2=80=9D report on this machine? It see= ms this > >> kernel does not support namespaces. > >>=20 > >> Thanks, > >> Ludo=E2=80=99. =20 > > > > Hi Ludo, > > > > Thanks for getting back so quick. > > Output of uname -srv: Linux 4.6.4-gnu-201607192040-1-grsec #1 SMP > > PREEMPT Wed Jul 20 15:37:34 UYT 2016 =20 >=20 > These tests are skipped when user namespaces are not supported, as per > this condition: >=20 > (define perform-container-tests? > (and (user-namespace-supported?) > (unprivileged-user-namespace-supported?))) >=20 > =E2=80=A6 which is true iff (1) /proc/self/ns/user exists, and (2) > /proc/sys/kernel/unprivileged_userns_clone does not exist, or it > exists and contains =E2=80=9C1=E2=80=9D. >=20 > Do these files exist on this system? (1) /proc/self/ns/user exists, and (2) /proc/sys/kernel/unpriviledged_userns_clone D.N.E Ideas on the best approach to allow the build to succeed? I also have had issues with qemu, so it makes sense that vm/container stuff both have issues. I have a feeling its due to the grsec kernel. https://wiki.archlinux.org/index.php/Grsecurity_Patchset talks a bit about userspace/namespace hardening + issues with xen and virtbox. Going to reboot with an lts kernel and try again. Will post update... Best, Dylan Best, Dylan