From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id eBwZOY2/4F+XFwAA0tVLHw (envelope-from ) for ; Mon, 21 Dec 2020 15:30:21 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id kC3vNI2/4F/fAQAA1q6Kng (envelope-from ) for ; Mon, 21 Dec 2020 15:30:21 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 41B1C94050C for ; Mon, 21 Dec 2020 15:30:21 +0000 (UTC) Received: from localhost ([::1]:42828 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1krN8e-0004lu-2p for larch@yhetil.org; Mon, 21 Dec 2020 10:30:20 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:52142) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1krN8M-0004jo-AW for bug-guix@gnu.org; Mon, 21 Dec 2020 10:30:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:36469) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1krN8M-0005Xo-1H for bug-guix@gnu.org; Mon, 21 Dec 2020 10:30:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1krN8L-0004QX-T6 for bug-guix@gnu.org; Mon, 21 Dec 2020 10:30:01 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#31977: clone tests fail on CentOS 7 Resent-From: Paul Garlick Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Mon, 21 Dec 2020 15:30:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 31977 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: zimoun Received: via spool by 31977-submit@debbugs.gnu.org id=B31977.160856457816954 (code B ref 31977); Mon, 21 Dec 2020 15:30:01 +0000 Received: (at 31977) by debbugs.gnu.org; 21 Dec 2020 15:29:38 +0000 Received: from localhost ([127.0.0.1]:48015 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1krN7x-0004PO-Ru for submit@debbugs.gnu.org; Mon, 21 Dec 2020 10:29:38 -0500 Received: from smtp.hosts.co.uk ([85.233.160.19]:12382) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1krN7v-0004P7-IA for 31977@debbugs.gnu.org; Mon, 21 Dec 2020 10:29:36 -0500 Received: from maikeh336.claranet.co.uk ([79.123.23.187] helo=pancake.local) by smtp.hosts.co.uk with esmtpsa (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim) (envelope-from ) id 1krN7p-0001j8-Av; Mon, 21 Dec 2020 15:29:29 +0000 Message-ID: <8738bc1a86f5af35a9aa79e3e7da0e4fac15348e.camel@tourbillion-technology.com> From: Paul Garlick Date: Mon, 21 Dec 2020 15:29:27 +0000 In-Reply-To: <867dpervs5.fsf@gmail.com> References: <1530022595.3353.22.camel@tourbillion-technology.com> <86ft4pv1ik.fsf@gmail.com> <1317d9cf798a52364abd5905c17f207e8d9e31ed.camel@tourbillion-technology.com> <86mtyq8mh0.fsf@gmail.com> <867dpervs5.fsf@gmail.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.2 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: 31977@debbugs.gnu.org Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-Spam-Score: -1.82 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org X-Migadu-Queue-Id: 41B1C94050C X-Spam-Score: -1.82 X-Migadu-Scanner: scn1.migadu.com X-TUID: vFHCyNzhG3vr Hi Simon, > If I understand well your message: > > Files: > a) '/proc/self/ns/user' exists > b) '/proc/sys/kernel/unprivileged_userns_clone' does not exist. Yes, this is the case on CentOS. So testing for the existence of the unprivileged_userns_clone file is an insufficent test for unprivileged user namespaces. We have learnt that trying to create the file as a dummy file does not work, since the /proc/sys/kernel directory is read-only even for root. So the current 'unprivileged-user-namespace-supported?' function in gnu/build/linux-container.scm really only works for Debian-derived systems. Other systems, that co not create the unprivileged_userns_clone file, differ in their default configurations. CentOS, for example, disables the feature. However, Guix System enables it. It has been suggested that the feature itself should be tested, instead of relying on the /proc filesystem. This could well be a better idea and I gather from the thread that this idea is being worked on. I can test on CentOS when a new patch is available. Best regards, Paul.