From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <bug-guix-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id 8C4xLfvPG2AKZwAA0tVLHw
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 04 Feb 2021 10:44:11 +0000
Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id 0Lr7KPvPG2DgPQAA1q6Kng
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Thu, 04 Feb 2021 10:44:11 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx1.migadu.com (Postfix) with ESMTPS id 369C694029C
	for <larch@yhetil.org>; Thu,  4 Feb 2021 10:44:11 +0000 (UTC)
Received: from localhost ([::1]:36482 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-guix-bounces+larch=yhetil.org@gnu.org>)
	id 1l7c7M-0000Ez-P8
	for larch@yhetil.org; Thu, 04 Feb 2021 05:44:08 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:35298)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1l7c7G-0000Er-RU
 for bug-guix@gnu.org; Thu, 04 Feb 2021 05:44:02 -0500
Received: from debbugs.gnu.org ([209.51.188.43]:56513)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1l7c7G-0003BS-KH
 for bug-guix@gnu.org; Thu, 04 Feb 2021 05:44:02 -0500
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1l7c7G-0000xc-Ce; Thu, 04 Feb 2021 05:44:02 -0500
X-Loop: help-debbugs@gnu.org
Subject: bug#46292: =?UTF-8?Q?=E2=80=98guix?= environment
 =?UTF-8?Q?-C=E2=80=99?= fails with Linux 4.19 (Debian)
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@inria.fr>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: dimitri.delabroye@inria.fr, bug-guix@gnu.org
Resent-Date: Thu, 04 Feb 2021 10:44:02 +0000
Resent-Message-ID: <handler.46292.B.16124354363662@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 46292
X-GNU-PR-Package: guix
X-GNU-PR-Keywords: 
To: 46292@debbugs.gnu.org
X-Debbugs-Original-To: <bug-guix@gnu.org>
X-Debbugs-Original-Xcc: Dimitri DELABROYE <dimitri.delabroye@inria.fr>
Received: via spool by submit@debbugs.gnu.org id=B.16124354363662
 (code B ref -1); Thu, 04 Feb 2021 10:44:02 +0000
Received: (at submit) by debbugs.gnu.org; 4 Feb 2021 10:43:56 +0000
Received: from localhost ([127.0.0.1]:39825 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1l7c7A-0000x0-4o
 for submit@debbugs.gnu.org; Thu, 04 Feb 2021 05:43:56 -0500
Received: from lists.gnu.org ([209.51.188.17]:58858)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludovic.courtes@inria.fr>) id 1l7c78-0000ws-Kz
 for submit@debbugs.gnu.org; Thu, 04 Feb 2021 05:43:55 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:35260)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludovic.courtes@inria.fr>)
 id 1l7c78-0000Eb-Dd
 for bug-guix@gnu.org; Thu, 04 Feb 2021 05:43:54 -0500
Received: from mail2-relais-roc.national.inria.fr ([192.134.164.83]:51632)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludovic.courtes@inria.fr>)
 id 1l7c74-00033c-OT
 for bug-guix@gnu.org; Thu, 04 Feb 2021 05:43:53 -0500
X-IronPort-AV: E=Sophos;i="5.79,400,1602540000"; d="scan'208";a="490816946"
Received: from 91-160-117-201.subs.proxad.net (HELO ribbon) ([91.160.117.201])
 by mail2-relais-roc.national.inria.fr with
 ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 04 Feb 2021 11:43:47 +0100
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludovic.courtes@inria.fr>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: 16 =?UTF-8?Q?Pluvi=C3=B4se?= an 229 de la
 =?UTF-8?Q?R=C3=A9volution?=
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4  0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 04 Feb 2021 11:43:47 +0100
Message-ID: <87h7ms8658.fsf@inria.fr>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Received-SPF: pass client-ip=192.134.164.83;
 envelope-from=ludovic.courtes@inria.fr;
 helo=mail2-relais-roc.national.inria.fr
X-Spam_score_int: -41
X-Spam_score: -4.2
X-Spam_bar: ----
X-Spam_report: (-4.2 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3,
 RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: bug-guix@gnu.org
List-Id: Bug reports for GNU Guix <bug-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-guix>
List-Post: <mailto:bug-guix@gnu.org>
List-Help: <mailto:bug-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-guix>,
 <mailto:bug-guix-request@gnu.org?subject=subscribe>
Cc: Dimitri DELABROYE <dimitri.delabroye@inria.fr>
Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org
Sender: "bug-Guix" <bug-guix-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
X-Migadu-Spam-Score: -2.36
Authentication-Results: aspmx1.migadu.com;
	dkim=none;
	dmarc=none;
	spf=pass (aspmx1.migadu.com: domain of bug-guix-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=bug-guix-bounces@gnu.org
X-Migadu-Queue-Id: 369C694029C
X-Spam-Score: -2.36
X-Migadu-Scanner: scn0.migadu.com
X-TUID: sBsOxrMeB1jQ

I=E2=80=99m observing this:

--8<---------------cut here---------------start------------->8---
$ guix environment --ad-hoc coreutils -C
guix environment: error: mount: mount "/gnu/store/mmhimfwmmidf09jw1plw3aw1g=
1zn2nkh-bash-static-5.0.16" on "/tmp/guix-directory.Nagh8Y//gnu/store/mmhim=
fwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16": Operation not permitted
$ uname -rv
4.19.0-13-amd64 #1 SMP Debian 4.19.160-2 (2020-11-28)
$ cat /proc/sys/kernel/unprivileged_userns_clone
1
--8<---------------cut here---------------end--------------->8---

Excerpt of the strace log:

--8<---------------cut here---------------start------------->8---
7605  mkdir("/tmp/guix-directory.EtXAVT/dev/mqueue", 0777) =3D 0
7605  mount("mqueue", "/tmp/guix-directory.EtXAVT//dev/mqueue", "mqueue", M=
S_NOSUID|MS_NODEV|MS_NOEXEC, NULL) =3D 0
7605  stat("/home/lcourtes", {st_mode=3DS_IFDIR|0710, st_size=3D4096, ...})=
 =3D 0
7605  mkdir("/tmp", 0777)               =3D -1 EEXIST (File exists)
7605  mkdir("/tmp/guix-directory.EtXAVT", 0777) =3D -1 EEXIST (File exists)
7605  mkdir("/tmp/guix-directory.EtXAVT/home", 0777) =3D 0
7605  mkdir("/tmp/guix-directory.EtXAVT/home/lcourtes", 0777) =3D 0
7605  mount("/home/lcourtes", "/tmp/guix-directory.EtXAVT//home/lcourtes", =
0xeea390, MS_BIND, NULL) =3D 0
7605  stat("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16"=
, {st_mode=3DS_IFDIR|0555, st_size=3D4096, ...}) =3D 0
7605  mkdir("/tmp", 0777)               =3D -1 EEXIST (File exists)
7605  mkdir("/tmp/guix-directory.EtXAVT", 0777) =3D -1 EEXIST (File exists)
7605  mkdir("/tmp/guix-directory.EtXAVT/gnu", 0777) =3D 0
7605  mkdir("/tmp/guix-directory.EtXAVT/gnu/store", 0777) =3D 0
7605  mkdir("/tmp/guix-directory.EtXAVT/gnu/store/mmhimfwmmidf09jw1plw3aw1g=
1zn2nkh-bash-static-5.0.16", 0777) =3D 0
7605  mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16=
", "/tmp/guix-directory.EtXAVT//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-=
bash-static-5.0.16", 0xeea3b0, MS_RDONLY|MS_BIND, NULL) =3D 0
7605  mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16=
", "/tmp/guix-directory.EtXAVT//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-=
bash-static-5.0.16", 0xeea3d0, MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) =3D -1 E=
PERM (Operation not permitted)
--8<---------------cut here---------------end--------------->8---

The read-only remount comes from =E2=80=98mount-file-system=E2=80=99 in (gn=
u build
file-systems):

    ;; For read-only bind mounts, an extra remount is needed, as per
    ;; <http://lwn.net/Articles/281157/>, which still applies to Linux
    ;; 4.0.
    (when (and (=3D MS_BIND (logand flags MS_BIND))
               (=3D MS_RDONLY (logand flags MS_RDONLY)))
      (let ((flags (logior MS_BIND MS_REMOUNT MS_RDONLY)))
        (mount source mount-point type flags #f)))

This recipe has been working well =E2=80=9Cforever=E2=80=9D, although it=E2=
=80=99s probably
unnecessary with recent kernels (the LWN article is from 2008).

The problem may have to do with the fact that /gnu/store is an NFS
mount.  Indeed, similar commands fail on $HOME (also an NFS mount):

--8<---------------cut here---------------start------------->8---
$ mkdir t m
$ unshare -mrf
# mount --bind ./t ./m
# mount --bind -r -o remount ./t ./m
mount: /home/lcourtes/m: permission denied.
--8<---------------cut here---------------end--------------->8---

=E2=80=A6 but they succeed on /tmp (not an NFS mount):

--8<---------------cut here---------------start------------->8---
$ mkdir /tmp/t
$ mkdir /tmp/m
$ unshare -mrf
# mount --bind /tmp/{t,m}
# mount --bind -r -o remount /tmp/{t,m}
--8<---------------cut here---------------end--------------->8---

To be continued=E2=80=A6

Ludo=E2=80=99.