unofficial mirror of bug-guix@gnu.org 
 help / color / mirror / code / Atom feed
* bug#59185: Trouble mounting recursive file systems in containers
@ 2022-11-10 22:35 Morgan Smith
  2022-11-19 22:23 ` Ricardo Wurmus
  0 siblings, 1 reply; 4+ messages in thread
From: Morgan Smith @ 2022-11-10 22:35 UTC (permalink / raw)
  To: 59185

Hello!

So I was trying to mount /run/user/1000 in a container so it would have
access to all my wayland sockets and such when I got a very cryptic
error message.

I was trying something like this:

guix shell --share=/run/user/1000 -C coreutils

After far too long tracking down the issue, it turns out that the
directory had submounts within it meaning that the MS_REC flag is
required to bind mount it.

My /run/user/1000 only had a submount because xdg-document-portal was
making one.  To test this yourself you can run `mount` to find something
with some submounts.  I think /sys/fs might fail for me for the same
reason.

Now I have no clue what we should do to enable this use case.  Maybe we
should allow users to specify mount options using something like this?

guix shell -C --mount=rbind,ro=/run/user/1000

Maybe we could always bind with the recursive flag?


Thanks,

Morgan




^ permalink raw reply	[flat|nested] 4+ messages in thread
* bug#59185: Trouble mounting recursive file systems in containers
  2022-11-10 22:35 bug#59185: Trouble mounting recursive file systems in containers Morgan Smith
@ 2022-11-19 22:23 ` Ricardo Wurmus
  2022-11-19 22:29   ` Ludovic Courtès
  0 siblings, 1 reply; 4+ messages in thread
From: Ricardo Wurmus @ 2022-11-19 22:23 UTC (permalink / raw)
  To: 59185

[-- Attachment #1: Type: text/plain, Size: 248 bytes --]

Hi Morgan,

yes, mounting with MS_REC seems sensible.  Not mounting with MS_REC is
also responsible for a couple of errors e.g. when trying to map / inside
the container (when / has other bind mounts).

Here’s a patch that works for me:


[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-WIP.patch --]
[-- Type: text/x-patch, Size: 1491 bytes --]

From 806969ad86038052bf4d0dd2755617beaaa33cb6 Mon Sep 17 00:00:00 2001
From: Ricardo Wurmus <rekado@elephly.net>
Date: Sat, 19 Nov 2022 23:16:52 +0100
Subject: [PATCH] WIP

---
 gnu/build/file-systems.scm | 2 +-
 guix/build/syscalls.scm    | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/gnu/build/file-systems.scm b/gnu/build/file-systems.scm
index 15b8f73312..66ca22d6ea 100644
--- a/gnu/build/file-systems.scm
+++ b/gnu/build/file-systems.scm
@@ -1127,7 +1127,7 @@ (define (mount-flags->bit-mask flags)
       (('read-only rest ...)
        (logior MS_RDONLY (loop rest)))
       (('bind-mount rest ...)
-       (logior MS_BIND (loop rest)))
+       (logior MS_REC (logior MS_BIND (loop rest))))
       (('no-suid rest ...)
        (logior MS_NOSUID (loop rest)))
       (('no-dev rest ...)
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 61926beb80..2a12567b15 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -51,6 +51,7 @@ (define-module (guix build syscalls)
             MS_RELATIME
             MS_BIND
             MS_MOVE
+            MS_REC
             MS_SHARED
             MS_LAZYTIME
             MNT_FORCE
@@ -541,6 +542,7 @@ (define MS_NOATIME         1024)
 (define MS_NODIRATIME      2048)
 (define MS_BIND            4096)
 (define MS_MOVE            8192)
+(define MS_REC            16384)
 (define MS_SHARED       1048576)
 (define MS_RELATIME     2097152)
 (define MS_STRICTATIME 16777216)
-- 
2.36.1


[-- Attachment #3: Type: text/plain, Size: 14 bytes --]



-- 
Ricardo

^ permalink raw reply related	[flat|nested] 4+ messages in thread
* bug#59185: Trouble mounting recursive file systems in containers
  2022-11-19 22:23 ` Ricardo Wurmus
@ 2022-11-19 22:29   ` Ludovic Courtès
  2022-11-20 20:35     ` Ricardo Wurmus
  0 siblings, 1 reply; 4+ messages in thread
From: Ludovic Courtès @ 2022-11-19 22:29 UTC (permalink / raw)
  To: Ricardo Wurmus; +Cc: 59185

Hi,

Ricardo Wurmus <rekado@elephly.net> skribis:

> yes, mounting with MS_REC seems sensible.  Not mounting with MS_REC is
> also responsible for a couple of errors e.g. when trying to map / inside
> the container (when / has other bind mounts).

Having reread mount(2), bind-mounting with MS_REC by default seems like
a reasonable choice, indeed.

Ludo’.




^ permalink raw reply	[flat|nested] 4+ messages in thread
* bug#59185: Trouble mounting recursive file systems in containers
  2022-11-19 22:29   ` Ludovic Courtès
@ 2022-11-20 20:35     ` Ricardo Wurmus
  0 siblings, 0 replies; 4+ messages in thread
From: Ricardo Wurmus @ 2022-11-20 20:35 UTC (permalink / raw)
  To: Ludovic Courtès; +Cc: 59185-done


Ludovic Courtès <ludo@gnu.org> writes:

> Ricardo Wurmus <rekado@elephly.net> skribis:
>
>> yes, mounting with MS_REC seems sensible.  Not mounting with MS_REC is
>> also responsible for a couple of errors e.g. when trying to map / inside
>> the container (when / has other bind mounts).
>
> Having reread mount(2), bind-mounting with MS_REC by default seems like
> a reasonable choice, indeed.

Great.  I’ve pushed this with commit c585b4bc68813a351d6a87d19b9adf4041506355.

-- 
Ricardo




^ permalink raw reply	[flat|nested] 4+ messages in thread
end of thread, other threads:[~2022-11-20 20:37 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-11-10 22:35 bug#59185: Trouble mounting recursive file systems in containers Morgan Smith
2022-11-19 22:23 ` Ricardo Wurmus
2022-11-19 22:29   ` Ludovic Courtès
2022-11-20 20:35     ` Ricardo Wurmus

Code repositories for project(s) associated with this public inbox

	https://git.savannah.gnu.org/cgit/guix.git

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).