From: Leo Prikler <leo.prikler@student.tugraz.at>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: 47106@debbugs.gnu.org
Subject: bug#47106: Bubblewrap hates Guix containers 😞
Date: Sun, 14 Mar 2021 21:43:57 +0100 [thread overview]
Message-ID: <6c6b39f495962ec906255cac212b66962d549eab.camel@student.tugraz.at> (raw)
In-Reply-To: <87sg4xlbn0.fsf@gnu.org>
Am Sonntag, den 14.03.2021, 21:32 +0100 schrieb Ludovic Courtès:
> Hi Leo,
>
> Leo Prikler <leo.prikler@student.tugraz.at> skribis:
>
> > Nah, it's a rather ad-hoc definition grown from what should be an
> > Eolie
> > container from the cookbook (also refer to #47097).
> >
> > guix environment --preserve='^DISPLAY$' --preserve=XAUTHORITY \
> > --preserve=TERM \
> > --expose=$XAUTHORITY \
> > --expose=/etc/machine-id \
> > --expose=/etc/ssl/certs/ \
> > --expose=/sys/block --expose=/sys/class --expose=/sys/bus \
> > --expose=/sys/dev --expose=/sys/devices \
> > --ad-hoc epiphany nss-certs dbus procps coreutils psmisc
> > screen
>
> I’m not sure I follow; does it work when you do this?
It does work insofar as I don't get any warnings about resources
missing from /sys, but the bubblewrapped WebKit processes don't have
access to $DISPLAY even though epiphany itself has. While they don't
crash the browser itself and just infinitely respawn, that's still far
from usable.
> /sys is already mounted inside ‘guix environment -C’ containers so I
> don’t see what difference it would make.
I think I've been told this several times, but I don't believe it. Not
adding all these expose=/sys lines triggers the "warnings" in the
original post. (Okay, perhaps one of /sys/dev and /sys/devices is
superfluous, I would need to check.)
> But wait, the example above lacks ‘-C’; a mistake?
Indeed, -CN should also be given, but I hastily edited the command line
inside the email to make it appear more beautiful than it actually is,
thereby deleting it. I'm sorry. The preserves and exposes should be
the same list as I'm actually using however.
Regards,
Leo
next prev parent reply other threads:[~2021-03-14 20:45 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-12 17:43 bug#47106: Bubblewrap hates Guix containers 😞 Leo Prikler
2021-03-13 10:48 ` Ludovic Courtès
2021-03-13 11:07 ` Leo Prikler
2021-03-13 12:27 ` Bengt Richter
2021-03-13 14:43 ` Leo Prikler
2021-03-13 17:07 ` Bengt Richter
2021-03-13 18:01 ` Leo Prikler
2021-03-14 17:45 ` Bengt Richter
2021-03-14 18:05 ` Leo Prikler
2021-03-14 20:32 ` Ludovic Courtès
2021-03-14 20:43 ` Leo Prikler [this message]
2021-03-15 9:52 ` Ludovic Courtès
2021-03-15 10:14 ` Leo Prikler
2021-03-15 13:29 ` Ludovic Courtès
2021-03-16 10:54 ` Bengt Richter
2021-03-16 11:13 ` Leo Prikler
2021-04-14 20:07 ` Leo Famulari
2021-04-14 21:23 ` Leo Prikler
2021-04-14 22:00 ` Leo Famulari
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6c6b39f495962ec906255cac212b66962d549eab.camel@student.tugraz.at \
--to=leo.prikler@student.tugraz.at \
--cc=47106@debbugs.gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).