From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@gnu.org>
Subject: bug#35662: Really relocatable binaries crash with Permission denied
Date: Wed, 15 May 2019 18:15:19 +0200
Message-ID: <87d0kju220.fsf@gnu.org>
References: <87o94ax9lw.fsf@gnu.org>
	<20190511050518.ozmvhsov6meg6g5f@pelzflorian.localdomain>
	<87ftpivlnv.fsf@gnu.org>
	<20190513103440.xkri3uk2oxtk4rn6@pelzflorian.localdomain>
	<87r292qx30.fsf@gnu.org>
	<20190513151736.ffbuofr3vmyqaoov@pelzflorian.localdomain>
	<87tvdyozra.fsf@gnu.org>
	<20190513204524.ozcnp6faamrbfkcv@pelzflorian.localdomain>
	<20190514080525.xspgsob6payn2ioa@pelzflorian.localdomain>
	<87h89wydf7.fsf@gnu.org>
	<20190514210453.2p7x3ibpgohwaxot@pelzflorian.localdomain>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([209.51.188.92]:56029)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hQwZX-0003K1-Fw
	for bug-guix@gnu.org; Wed, 15 May 2019 12:16:04 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hQwZW-0000ev-IR
	for bug-guix@gnu.org; Wed, 15 May 2019 12:16:03 -0400
Received: from debbugs.gnu.org ([209.51.188.43]:39695)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
	id 1hQwZW-0000ej-E1
	for bug-guix@gnu.org; Wed, 15 May 2019 12:16:02 -0400
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
	(envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1hQwZW-0002lf-95
	for bug-guix@gnu.org; Wed, 15 May 2019 12:16:02 -0400
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-Message-ID: <handler.35662.B35662.155793693110596@debbugs.gnu.org>
In-Reply-To: <20190514210453.2p7x3ibpgohwaxot@pelzflorian.localdomain>
	(pelzflorian@pelzflorian.de's message of "Tue, 14 May 2019 23:04:53
	+0200")
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/bug-guix/>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
	<mailto:bug-guix-request@gnu.org?subject=subscribe>
Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org>
To: "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de>
Cc: 35662@debbugs.gnu.org

Hi,

"pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:

> Do I understand correctly that user namespaces are not really disabled
> (?) but fail on ZFS?

Correct.  Specifically, read-only bind mounts of (and to?) files that
reside on ZFS fail with EACCESS, which is normally =E2=80=9Cimpossible.=E2=
=80=9D

It would be great if you could ask the admins specifically what they did
in relation to user namespaces.

>> I don=E2=80=99t have any great option to offer.  You could perhaps modify
>> run-in-namespace.c so that it doesn=E2=80=99t even try user namespaces a=
nd
>> instead goes directly to the PRoot option?
>>
>> However working around this behavior of ZFS it not completely trivial
>> and I=E2=80=99m not sure we should put much energy to paper over non-sta=
ndard
>> file system behavior.
>>=20
>> Thoughts?
>>
>
> If ZFS makes user namespaces fail, then could run-un-namespace.c fall
> back to PRoot when detecting ZFS, somehow?

It=E2=80=99s code, so everything is possible :-), but like I wrote it=E2=80=
=99s a bit of
work, and it=E2=80=99s something that cannot happen (AFAIK) with file syste=
ms
that are part of Linux.

Thanks,
Ludo=E2=80=99.