From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id JVxiG0/kmmJOowAAbAwnHQ (envelope-from ) for ; Sat, 04 Jun 2022 06:49:19 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id oAs1Gk/kmmJFhgEAauVa8A (envelope-from ) for ; Sat, 04 Jun 2022 06:49:19 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id E61241057C for ; Sat, 4 Jun 2022 06:49:18 +0200 (CEST) Received: from localhost ([::1]:57224 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nxLiw-0006cI-4p for larch@yhetil.org; Sat, 04 Jun 2022 00:49:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:40192) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nxLY2-0006MC-IO for bug-guix@gnu.org; Sat, 04 Jun 2022 00:38:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:35262) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nxLY2-0004c9-A7 for bug-guix@gnu.org; Sat, 04 Jun 2022 00:38:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nxLY2-0000XL-6u for bug-guix@gnu.org; Sat, 04 Jun 2022 00:38:02 -0400 X-Loop: help-debbugs@gnu.org Subject: bug#54786: Installation tests are failing Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sat, 04 Jun 2022 04:38:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54786 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: othacehe@gnu.org, 54786@debbugs.gnu.org Received: via spool by 54786-submit@debbugs.gnu.org id=B54786.16543174642037 (code B ref 54786); Sat, 04 Jun 2022 04:38:02 +0000 Received: (at 54786) by debbugs.gnu.org; 4 Jun 2022 04:37:44 +0000 Received: from localhost ([127.0.0.1]:57392 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nxLXk-0000Wn-3s for submit@debbugs.gnu.org; Sat, 04 Jun 2022 00:37:44 -0400 Received: from mail-qt1-f178.google.com ([209.85.160.178]:42909) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nxLXi-0000Wb-3M for 54786@debbugs.gnu.org; Sat, 04 Jun 2022 00:37:43 -0400 Received: by mail-qt1-f178.google.com with SMTP id p8so7062373qtx.9 for <54786@debbugs.gnu.org>; Fri, 03 Jun 2022 21:37:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version:content-transfer-encoding; bh=VU1OD1zBx/gwl4iYH0VrHzA7El6pY/HND9RPJcxKeE8=; b=EQfY2tKZ6d02zD6PxkI7NOjveZQpFacgWimLBhjOlqf+JmCCiWB5od1j2sHJhRkuiO wzSNQU+9XF67qmZrdIyGS5CBRmMaCvKDO1EJPC6qMwOkFky0+yotgnAzC1Yt88Hlvumx 6fntgUuCr7UPjA14n1a2r5dY2vvZUSWG3FrzHBYEjU2ar7yDUYI62JjLNnyt3KM1rVus KeGqMlCffCc4Hks7BH73NgP+2g7G84E+F7F9yw2amBP8SnkpBqgUaEGFgClgp1z/0HgY B9Y0WKwkFiusDA7EsNKSv0IxI7BzL+nUZYJvy8gsLMEWeNHcAPnU2PiKJIurPYvoZ/sW eBtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version:content-transfer-encoding; bh=VU1OD1zBx/gwl4iYH0VrHzA7El6pY/HND9RPJcxKeE8=; b=pSd9J0ChNaNX/skXsayED1cSmyLJCnZmtq8Ddt79jnA4r9N/Kn8KEMqLp28rk5wnSs QUgSYEFN0Ow30X5HfSNEDe0a6JxIcps0TJ05vCoMTy8cwpMqIMplcITqAhg4/zN8Ukt+ eam7Jt7sjKgLEQmmdYu0XimrDcsWhvi9Ee/ml0PNPv6+Iy7TUiiw9y5EZRlP2+qcFgP1 kMW7J7bn+u/YXAC++iPO1gd4jkRgCZDJ8Pli9AE2NddzR1LyUrsZ2qmXQZfpke+Jzkib wYmEVSRX9sbxHMIAks3DmgHi/j1jRUPCEVw9uycEmK0ZWVQMTFtCX3kdjtPibmXOrClp Hn1w== X-Gm-Message-State: AOAM530Nbf3IK7h3OhdzWFlR8m4QGgE91khYpWcxloeNC9nDuUwymSNE btDq8+rZ2ttKDM1SBIIn1WY= X-Google-Smtp-Source: ABdhPJxlGrdGmoZjmM3yHcArL3P2xl7OQta+EwZJAkVN0EBYn5j/NET7j63bsSzHJw2bVslFJYzVqg== X-Received: by 2002:a05:622a:1895:b0:304:8024:332d with SMTP id v21-20020a05622a189500b003048024332dmr10533507qtc.682.1654317456511; Fri, 03 Jun 2022 21:37:36 -0700 (PDT) Received: from hurd (dsl-10-134-175.b2b2c.ca. [72.10.134.175]) by smtp.gmail.com with ESMTPSA id t14-20020ac8760e000000b00304e2e4bf1esm1590335qtq.88.2022.06.03.21.37.34 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 03 Jun 2022 21:37:34 -0700 (PDT) From: Maxim Cournoyer References: <878rql9wh9.fsf@gnu.org> <20220531164407.13914-1-maxim.cournoyer@gmail.com> <87o7zcwvy6.fsf_-_@gnu.org> <878rqgr0l4.fsf@gmail.com> <8735gnqkcp.fsf@gnu.org> <877d5zx9jt.fsf@gmail.com> <87v8tilrsh.fsf@gnu.org> Date: Sat, 04 Jun 2022 00:37:33 -0400 In-Reply-To: <87v8tilrsh.fsf@gnu.org> ("Ludovic =?UTF-8?Q?Court=C3=A8s?="'s message of "Thu, 02 Jun 2022 22:43:58 +0200") Message-ID: <874k11ujqq.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: "bug-Guix" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1654318159; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=VU1OD1zBx/gwl4iYH0VrHzA7El6pY/HND9RPJcxKeE8=; b=RuaCBBqnmmWlA6ulqhBv5l6wSyqD8Xj4RTQROVbuVHWKkZswbBMWtrwn01IU0ZTIouWi3a 8ZucgDxrzGPrPCvj/KQjAXPzO72s2vo7HZhjqBUy7lV3E10tWDB8YBzpWVn/Ur/IRIDiUd nsp6tUbN/8RuJfao6aGV7/Cdx0QBaBYPV3/TwySuurqRvaAyEucs+Yz9V3LFxoGsmCDSoP Qaqq9YNgr8QPd7zzR4Dy53sDltWKlF9xiPnSa/xs7mypg/lU8FPFwDTcrNuEq8r91Ao7cW LcqN1Wx7n9jxj80/xJKCwbOpCmZHJg/9OMYufDJ0WM4lf20co0y3LTSlaNTCKA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1654318159; a=rsa-sha256; cv=none; b=OVyiId3Pgwz3AJ47UDA0Nv4jjyLEK76mMpW/tEauvxk/96gZMkZiCGg7zyT6b0hNM3ztkL W0hG7mr74/l/0mcFmlTIis7WOHwlZ8V23CZmelEGKjb/FmMrCLPZzZGKQduRf4Rg6dJKZV 0jSAhbH5ky+yjoS+vB2wU8xrF8noPsjDiWfgc96PUCGgfr7cNVejBqOv/UtXEKZt8vhnhQ kBuyCb5q1iCVy3X4baT5wAUhxh4H8nhgj/EQfIaX//JU/P5Q/LrGvvEfskQz2CT2JvgCoH nBjqRyCudrWHPWz0wfnBZc8jxurt+3NZjkOA38Mlx3CwRflJHdD/LSRBT+TIWA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=EQfY2tKZ; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 5.98 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20210112 header.b=EQfY2tKZ; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: E61241057C X-Spam-Score: 5.98 X-Migadu-Scanner: scn1.migadu.com X-TUID: jzMghx3XR86F Hi Ludovic! Ludovic Court=C3=A8s writes: > Howdy! > > Maxim Cournoyer skribis: [...] >> I reviewed how that works, and it'd be easy; I just didn't see the >> incentive yet (there's no composition needed for the service, and it'd >> make the definition slightly less readable). If you tell me >> mark+forkexec-constructor/container is going the way of the Dodo though, >> that's a good enough incentive :-). That turns out to be bit problematic; dbus-daemon must not run in its own user namespace (CLONE_NEWUSER) as it wants to validate user/group IDs. That's probably the reason it was working with 'make-forkexec-constructor/container', as this was dropping the user and net namespaces, contrary to least-authority, which uses them all. The problem then seems to be that since we need CAP_SYS_ADMIN when dropping the user namespace, as CLONE_NEWUSER is what gives us superpowers. Per 'man user_namespaces': The child process created by clone(2) with the CLONE_NEWUSER flag starts out with a complete set of capabilities in the new user namespace. Which means that if we combine something like (untested): --8<---------------cut here---------------start------------->8--- (make-forkexec-constructor (least-authority (list (file-append coreutils "/bin/true")) (mappings (delq 'user %namespaces)) #:user "nobody" #:group "nobody")) --8<---------------cut here---------------end--------------->8--- the make-forkexec-constructor will switch to the non-privileged user before the clone call is made, and it will fail with EPERM. When using 'make-forkexec-constructor/container', the clone(2) call happens before switching user, thus as 'root' in Shepherd, which explains why it works. I'm not sure how it could be fixed; it seems the user changing business would need to be handled by the least-authority-wrapper code? And the make-forkexec-constructor would probably need to detect that command is a pola wrapper and then avoid changing the user/group itself to not interfere. To be continued! Maxim