bug#45066: guix environment --container is borken

bug#45066: guix environment --container is borken

[luhux]

[-- Attachment #1: Type: text/plain, Size: 364 bytes --]

In the new guix `guix environment --container` is borken.

The reason lies in the 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e of the master branch:



It checks if the file exists and then returns a boolean




None of my 3 Guix System machines have this file but they can still run unprivileged containers.

Please fix it,

thanks very much


luhux

[-- Attachment #2: Type: text/html, Size: 467 bytes --]

bug#45066: guix environment --container is borken

[zimoun]

Hi,

On Sun, 06 Dec 2020 at 16:59, luhux <luhux@outlook.com> wrote:
> In the new guix `guix environment --container` is borken.

It is not broken.

> Please fix it,

Please fix your config. :-)


The message says:

--8<---------------cut here---------------start------------->8---
$ guix environment -C --ad-hoc hello -- hello 
guix environment: error: cannot create container: unprivileged user cannot create user namespaces
guix environment: error: please set /proc/sys/kernel/unprivileged_userns_clone to "1"
--8<---------------cut here---------------end--------------->8---

Have you tried the recommendation?

--8<---------------cut here---------------start------------->8---
$ su -
Password: 
# echo 1 > /proc/sys/kernel/unprivileged_userns_clone 
# logout

$ guix environment -C --ad-hoc hello -- hello 
Hello, world!
--8<---------------cut here---------------end--------------->8---

Feel free to comment on the thread:

<https://yhetil.org/guix/e5c86d238ca5174b745b8ea6cb0cb6ad6b20aa5e.camel@yasuaki.com>

if it does not work for you.


If no major objection, I am closing.

All the best,
simon

bug#45066: guix environment --container is borken

[Marius Bakke]

[-- Attachment #1: Type: text/plain, Size: 770 bytes --]

zimoun <zimon.toutoune@gmail.com> skriver:

> Hi,
>
> On Sun, 06 Dec 2020 at 16:59, luhux <luhux@outlook.com> wrote:
>> In the new guix `guix environment --container` is borken.
>
> It is not broken.

It was broken.  :-)

> Have you tried the recommendation?
>
> --8<---------------cut here---------------start------------->8---
> $ su -
> Password: 
> # echo 1 > /proc/sys/kernel/unprivileged_userns_clone 
> # logout
>
> $ guix environment -C --ad-hoc hello -- hello 
> Hello, world!
> --8<---------------cut here---------------end--------------->8---

...because this only works on the Debian kernel.

We need to find a more robust test for user namespaces, but for now I
reverted the commit.

Closing!  Thanks for the report luhux.  :-)

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]

bug#45066: guix environment --container is borken

[zimoun]

Hi Marius,

On Sun, 06 Dec 2020 at 22:02, Marius Bakke <marius@gnu.org> wrote:

>> Have you tried the recommendation?

> It was broken.  :-)

[...]

> ...because this only works on the Debian kernel.

Therefore, what does the recommendation mean?  From [1] on Guix System:

--8<---------------cut here---------------start------------->8---
~/co/guix (master)$ guix environment -C guix
guix environment: error: cannot create container: unprivileged user cannot create user namespaces
guix environment: error: please set /proc/sys/kernel/unprivileged_userns_clone to "1"
--8<---------------cut here---------------end--------------->8---


1: <https://yhetil.org/guix/e5c86d238ca5174b745b8ea6cb0cb6ad6b20aa5e.camel@yasuaki.com>


> We need to find a more robust test for user namespaces, but for now I
> reverted the commit.

How do you «set /proc/sys/kernel/unprivileged_userns_clone to "1"» on
Guix System?


BTW, reverting means reopen #31977; I did.


All the best,
simon