From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Subject: bug#35662: Really relocatable binaries crash with Permission denied Date: Mon, 13 May 2019 15:54:11 +0200 Message-ID: <87r292qx30.fsf@gnu.org> References: <20190509220136.tli7um2heocifrpq@pelzflorian.localdomain> <87o94ax9lw.fsf@gnu.org> <20190511050518.ozmvhsov6meg6g5f@pelzflorian.localdomain> <87ftpivlnv.fsf@gnu.org> <20190513103440.xkri3uk2oxtk4rn6@pelzflorian.localdomain> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:33024) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hQBPz-0006pk-BI for bug-guix@gnu.org; Mon, 13 May 2019 09:55:04 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hQBPy-0000nX-AX for bug-guix@gnu.org; Mon, 13 May 2019 09:55:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:59181) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hQBPy-0000nT-75 for bug-guix@gnu.org; Mon, 13 May 2019 09:55:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hQBPx-0002P3-Ur for bug-guix@gnu.org; Mon, 13 May 2019 09:55:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <20190513103440.xkri3uk2oxtk4rn6@pelzflorian.localdomain> (pelzflorian@pelzflorian.de's message of "Mon, 13 May 2019 12:34:40 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: "pelzflorian (Florian Pelz)" Cc: 35662@debbugs.gnu.org Hi Florian, "pelzflorian (Florian Pelz)" skribis: > 32476 clone(child_stack=3DNULL, flags=3DCLONE_NEWNS|CLONE_NEWUSER|SIGCHLD= ) =3D 32477 [...] > 32477 mount("//lib", "/tmp/guix-exec-eqHoYA/lib", 0x47e0c5, MS_RDONLY|MS_= BIND|MS_REC, NULL) =3D -1 EACCES (Permission denied) > 32477 mkdir("/tmp/guix-exec-eqHoYA/home", 0700) =3D 0 > 32477 mount("//home", "/tmp/guix-exec-eqHoYA/home", 0x47e0c5, MS_RDONLY|M= S_BIND|MS_REC, NULL) =3D -1 EACCES (Permission denied) This is weird. On a machine without Guix and with =E2=80=9Cproper=E2=80=9D= user namespace support, I see: --8<---------------cut here---------------start------------->8--- 4519 clone(child_stack=3D0, flags=3DCLONE_NEWNS|CLONE_NEWUSER|SIGCHLD) =3D= 4520 [...] 4520 mkdir("/tmp/guix-exec-4lVNRO/tmp", 0700) =3D 0 4520 mount("//tmp", "/tmp/guix-exec-4lVNRO/tmp", 0x47e0cc, MS_RDONLY|MS_BI= ND|MS_REC, NULL) =3D 0 4520 mkdir("/tmp/guix-exec-4lVNRO/boot", 0700) =3D 0 4520 mount("//boot", "/tmp/guix-exec-4lVNRO/boot", 0x47e0cc, MS_RDONLY|MS_= BIND|MS_REC, NULL) =3D 0 --8<---------------cut here---------------end--------------->8--- That is, all bind-mount operations in the child process, which lives in a separate namespace, succeed. Can you show the mount options of you root file system? mount | grep 'on / ' What=E2=80=99s the exit code of this command: guile -c '((@@ (guix scripts environment) assert-container-features))' ? Thanks for helping out! Ludo=E2=80=99.