From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id 2JP7GiDV9mUwEQAAe85BDQ:P1 (envelope-from ) for ; Sun, 17 Mar 2024 12:33:52 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:58f0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id 2JP7GiDV9mUwEQAAe85BDQ (envelope-from ) for ; Sun, 17 Mar 2024 12:33:52 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=troyfigiel.com header.s=MBO0001 header.b=mn88QbwL; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=troyfigiel.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1710675232; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature:autocrypt:autocrypt; bh=qnPD2N7zsNp6PMMW1eI//XA8HM0CwoerGvsRMBryV4I=; b=j1YL6sZ6sW7Cd3OJ0VukbrBjFordklZFcAmS51kRkhucAaTGDvJPZ52WcBeYPf13shU4Jk EYGlLq29oAMgnnDPV9I0C4GmWReaXzx2SF+bXxkxLGlpCHHumziqRo9GshIMPom0ovvTrw +CjKwQ6/Qxr7LxPjRT39uw60orJVGXqu6Cw2CmeTHrrxeZ1ahTI0iZAoD0X9eHiM67gABs EhIKLn6C4zYS3S7iqWIV5VIkT7vmVElHCWmKzHoknOymwaqEsbkaVJTi5kXiuircI2bl/2 qmQWw2GMZtqHN6OKOD43I36fs1YmvHMz6B/cQcThrD/86rCeGriNtKjFx+/Zyg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1710675232; a=rsa-sha256; cv=none; b=pedcfBOWAgmhd2VIYkGlWYir8J+8Wq1cZP1F/dbNMMQbIesMb6P6sjCsI2tJKukKpV51fP WoWgYZ61TLEh+6vKIJ2rxn/Jp04WTQ+lXTL0ekCIDzOZbU6rRZEMp6nbJCI/D3RiTQoO+q IpXehR/TKDju6yy0sjJ2zGOTIPL4bO8mHhpnIWrTGYw0vvpmGNUpfEps7DzDigB1YCWy+4 YVY5hrCFyglskTyzdW4naOHsI27mFWv77M0ZPTP64tcm+K4HtCy9lpg2cFv4XxZkTcaFms kX8VGONjaBdpvdIHBpUQIggKYbP1G1Iy7lXhXwmirvQjuNWRuU1TLp8fOzuSHg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=troyfigiel.com header.s=MBO0001 header.b=mn88QbwL; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed)" header.from=troyfigiel.com (policy=none) Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 264C942F5A for ; Sun, 17 Mar 2024 12:33:52 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rloli-0006S7-Gv; Sun, 17 Mar 2024 07:33:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rjHCH-0002ra-S3 for bug-guix@gnu.org; Sun, 10 Mar 2024 07:18:30 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rjHCH-0007Vb-JS for bug-guix@gnu.org; Sun, 10 Mar 2024 07:18:29 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rjHCo-0007eF-I8 for bug-guix@gnu.org; Sun, 10 Mar 2024 07:19:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#69708: Guix-Jupyter download directive: "Operation not permitted" Resent-From: Troy Figiel Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 10 Mar 2024 11:19:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 69708 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 69708@debbugs.gnu.org X-Debbugs-Original-To: bug-guix@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.171006949529312 (code B ref -1); Sun, 10 Mar 2024 11:19:02 +0000 Received: (at submit) by debbugs.gnu.org; 10 Mar 2024 11:18:15 +0000 Received: from localhost ([127.0.0.1]:35721 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rjHC3-0007ci-AB for submit@debbugs.gnu.org; Sun, 10 Mar 2024 07:18:15 -0400 Received: from lists.gnu.org ([209.51.188.17]:57554) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rjHC0-0007ca-Rr for submit@debbugs.gnu.org; Sun, 10 Mar 2024 07:18:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rjHBT-0002eE-53 for bug-guix@gnu.org; Sun, 10 Mar 2024 07:17:39 -0400 Received: from mout-p-202.mailbox.org ([2001:67c:2050:0:465::202]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1rjHBR-0007N1-3x for bug-guix@gnu.org; Sun, 10 Mar 2024 07:17:38 -0400 Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:b231:465::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-202.mailbox.org (Postfix) with ESMTPS id 4Tsy6s72Ztz9scm for ; Sun, 10 Mar 2024 12:17:25 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=troyfigiel.com; s=MBO0001; t=1710069446; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding:autocrypt:autocrypt; bh=qnPD2N7zsNp6PMMW1eI//XA8HM0CwoerGvsRMBryV4I=; b=mn88QbwL6ZUIt+kJdpz8K1oXCwIOu/ZYwAtN71Wegc0WBp+1j+z7f4oqaRf4QLvh1oMjcS ILjoBcaBb4SWArP276AyebjghbJhmj2l2x/HRbX1K9mTobJ+V/POGlEPlmY4WllHkeIt6b 3GwHlVtqHYERr5da2goGRpciT0SHlUBvirwGsTJTS9ksX5ebERNFqhQN6zIch+80sCLXW7 Gc6pQ0qbjUP0gh8cB7Yk7CAql28qriKSNgzW0wXUJzx5eBPhyowxF+LzdF620tUYuRrFoE JI9jV+Js7HKHnhwA4VKwWZ/V9kuD7KluEHXzC/DYSJYjoOa8Z5/MlVGOUHt48g== Message-ID: <444aafb6-1092-43dd-a186-5b24e32f71c2@troyfigiel.com> Date: Sun, 10 Mar 2024 12:17:25 +0100 MIME-Version: 1.0 Content-Language: en-US, de-DE, nl From: Troy Figiel Autocrypt: addr=troy@troyfigiel.com; keydata= xsFNBGKp71YBEADDmh9HMTg0Z8/xxf4yT6UX2wO8u0Q2nbOAhzROSabUVyBp8Gz6jLcoFN8x rg8XxxBWTCENBWqKkYG6Z/GgPmeKuacAeZIW7dGYaGu4bZHgLsTqk04J/dM63aVveJJY4M4r KNx0Mew+SYTGrh3NnoSF0+ZIskGGh4NJpXOGUSUihjdddn8ouFDDy01GJ9N2ZWprfWo3ynMA xEHhD6CWniQMkmd+TVKjQt+BC8d+nHlOt6vFoDGH9PehXmmBLyOJAVMAlPMyrN8ZjmbRp91s 4Sz2rqjD2GXFGvKClhyxcr2qEUJmCg/Vp8PiZWOwxA/6BCWuNmrl1d1FhXjMMIzz2y92MOlD 5kQm7/261cuXTJvKZOLmHelY0m7gReWnc9peGPmGeukkdblmjwJTnetzvF/AUXNpS29Nmyie 4PgsAbkmL0PwKCbf+6WRWywRidR1narANINGJHL8MDIgdUwuJsYhD5s10bIsg2dOOxFioOnm kgpWiVLmZSq9bkX+SRyWNL+hDhEbGLnZ5WUOszPXgo9Lo2dCGBr4YkCaxVCCCfgAn8TpgcLQ VW37N75MjEX3kVBGBiiifbQUedKHqMddlUEYLSjpBCNxqF1X5fTuurFrfq8EYcYcQGW5Telh fX1I6md7xt0FDBRAVx8jAvy7Rkt6CeKP7oPNMVfoQ62oMT85JQARAQABzSFUcm95IEZpZ2ll bCA8dHJveUB0cm95ZmlnaWVsLmNvbT7CwY8EEwEKADkCGwMECwkIBwQVCgkIBRYCAwEAAh4F AheAFiEE5HwNzSdo36E4/NzWxnyRgbOJP7AFAmVCwP8CGQEACgkQxnyRgbOJP7DK/A/+L6IY xHhr4ZCz5Mk8s0OHAQTP3ZlAtmjMB+Lg0nwg8hVRzF1O/mCQKaFeKwKgh0I0zZIYucnylG6K KtVoa1ZNrpOCO2Qau7C/j6u7lmZGoEyEf9ePvhpVPcqFXSeehNl/nmaAFuLXTTTvkUubuU2m OEQe1oua/9HQPbd2mlKNjUnj9YmYs9qqF9bcJmT0U2WUg4Jz3DmHQiK175QqJv7fXtIdHzAk BRlJdrslLPOrIDb7WAnXpUQs1bcirKuSFOsyeGn0plh3t0uSm8d3BValRArPMw/h9FldGRXr KycSCIuU/vL94mncXSwIy8ifY4XkcBVvuZ8CbAh3G3iuZ6LLoMsjGmCXkm6Ru9OieC8xmAae 69RYw/zXHoIkW+/nLygEv7+7tMrYTFcUR0RmMvHjiZafnGwHkBCFMojUapcG/EAsSYQzssGP qYLuqIaq2weCYpfNUMDye3rivOKFcO6Aa63lCb1TLy/OVoK0al04WdO+teDJVj88WNyMZu1c SdBYd3lJ9VLSmsBJ0FFksuDyXQqmrN+Uckka+JdKHiADGGaztMHmbJkZ1DZ2jfEh0kJTcCr8 PAXIvTMcgi/BLP3R6u+iHnycypID8pwLIDg3Gg3cLcfeBmCBEAft/Gk5RF0POIL8QAx7IVwu AD4kpM6fkXc6Dq9sl6us38ekm6M7fprOwU0EYqnvVgEQANU4cn+tMmYLMMJA3yeE7JIlY5E+ xZ5qrvNA+UwqTuZGcQH3Th81fsF1qYYiT38fq6GAEImJ19VqVs9f/YGSdkUk1ZA46AwzPuij pFGUm3yL71kCzPblF1zUCzOllc1N7pi3YD+XQr7ggqX/s/MS1uxR9Sgs5coYUT0ygXVOGkSk OQjdQ99B2+BUTos28C2sDfJfCd5ekLCp02EUle527sX8QjyTiTUlu5pvFnCtzO6MWf3loiJb Vi9vA0hQFOnu4jM0TjzIc4vWJpX1oExfFwEsoSVLDQh3CFIoe8wHsRgpIvtWiiRIuaaJawhx ac6mj4yaB2UR/MW8KFpUmqzTgVn8FLt0S0yo1PpleTFT8IsGY8luoyWIaUyNCrjXxrps8yFj HoE54Abb0S6Z15Ko2csG2DR1u4ZtELVsHcF3gZT5q1Nt9BnV8TYi0+vNjVjQ7OODQMOBSIB8 bBEQogtbTxBYvIs57ClYAd0fHssz7fJHaKDbcsZXGWKdiSEQrrfc78tOgmYml997og7SyLg+ YI9X8G4RJiIF9EThRtAKK92i9xktWLLBCl5q5nwRPcObVgy7AiwQBPX1WVR3+Uy6BaeyylPY YIAyM6dHwl4/e5HczR5Nt6pzmnOza8F2JT4blqJd+QVeL+xDtBvzKWLBVZkPJMbwqYS/1MOu 4UdmuNIpABEBAAHCwXYEGAEKACAWIQTkfA3NJ2jfoTj83NbGfJGBs4k/sAUCYqnvVgIbDAAK CRDGfJGBs4k/sAQUD/4xIZxwGDsBc3mf4qnahCEAN3NjyhI/9q2oFGzyN0t9ifh7u7HD5R0F 5WdI2JnOnW3Bjl3YnsMfLg9wHnsT3R1xresf59wXuKQ7UIpqPfMXLZnHtaUP5bmpETvkvybN f0zkekbU27chbmiAOyDB3ApsFQ7lqwvOO0K3+sx94ROsJwb+MDpjGAOewVPk7V0br0twFo2R 5/vtp8cNCg/lKlqWDmJ0fWipxazSzVAMDxn+ci0DB5o5UyHhxc8WgXXLl7t22m7b6kVZ0EKN oEPa7/TvIj1wVDFUFrEMEuJFBMDqZDLdBMZzEsq7O0sHaGifiy0zHRE7Eyfo+9sV0ccSWdeE f5GjoKLtR7MlJ+I9IfHuCl++Gxa+MM8yXfn/tk7vcsGJhewrqqTlvnpMuITCmdTJymgnKS/B jSDDKjgRsZLLzhkE+dVTBZRkHFOGf9rV8+JQRYwqZVIjIEln6EZdfOQIKPll4EY19f9stj7h ptM9jXDTBm4MBxdCdWIRsU19w4TqvitioADjMSZ1MYqQlS6pWQI9tDMJ/mLqKcWrHhar6rwv v/gTpsbePtVR2GkWMjEHE1VS1LKmr+UcWFu3MJIHMd4DFnypp1n1cY+u0emp93JUMDMqa79F G+6Sbeaw5G+/fx8S4hpw63SiA1x8c5PMjKGwx5G4ZZfNwT+mAi6dHA== Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4Tsy6s72Ztz9scm Received-SPF: pass client-ip=2001:67c:2050:0:465::202; envelope-from=troy@troyfigiel.com; helo=mout-p-202.mailbox.org X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Mailman-Approved-At: Sun, 17 Mar 2024 07:33:32 -0400 X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Spam-Score: -4.52 X-Spam-Score: -4.52 X-Migadu-Queue-Id: 264C942F5A X-Migadu-Scanner: mx11.migadu.com X-TUID: ikDeg3djvlkF Hi Guix-Jupyter, Please let me know if this is the right location to file a bug. Since I don't have an account on gitlab.inria.fr, I can't file an issue there. In any case, the ;;guix download directive assumes the ability to hard link from the gnu store to your tmp directory. This killed the Guix kernel and returned an "Operation not permitted" error in my Jupyter console. As it turns out, there is a kernel parameter called "fs.protected_hardlinks" which prevents the creation of hard links by users that do not own the source. Since my gnu store is root owned and I run Jupyter as non-root (hence creating the container in the tmp directory as non-root), this fails. For my system "fs.protected_hardlinks" was set to 1 by default. Setting it to 0 fixes the problem. However, I am not convinced hard linking is the right solution anyway. For one, it is not uncommon to have tmp and the gnu store living on different volumes (which seems to be fixed upstream, but not tagged yet). Copying would be an improvement, as it circumvents these issues, but with the obvious downside that it duplicates all the data. I was thinking it might make more sense to bind mount the file into the container. This would solve the above issues, but not duplicate the data. The raw data would then be completely immutable, however, I do not see this as a downside, since treating raw data as immutable is already a good practice. WDYT? Best wishes, Troy