From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?UTF-8?Q?Court=C3=A8s?=) Subject: bug#32183: New =?UTF-8?Q?=E2=80=98guix_?= =?UTF-8?Q?pull=E2=80=99?= /root/.config/current/bin/guix: Permission denied Date: Tue, 11 Sep 2018 12:12:15 +0200 Message-ID: <87zhwo9wcg.fsf@gnu.org> References: <20180717085541.g6nuycopf5kxoin7@thebird.nl> <20180723222855.osvahab6uo677nfd@thebird.nl> <87tvomxfzy.fsf@gnu.org> <871sacats5.fsf@gnu.org> <20180902142855.llzongao3kraunys@thebird.nl> <87efeb64z3.fsf@gnu.org> <20180906211033.nszav6ubctku737d@thebird.nl> <87zhwq91dc.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:35920) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fzffN-0006tz-Al for bug-guix@gnu.org; Tue, 11 Sep 2018 06:13:06 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fzffJ-0007R9-VC for bug-guix@gnu.org; Tue, 11 Sep 2018 06:13:05 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:60164) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1fzffJ-0007R2-RJ for bug-guix@gnu.org; Tue, 11 Sep 2018 06:13:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1fzffJ-0000cg-LD for bug-guix@gnu.org; Tue, 11 Sep 2018 06:13:01 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: (Konrad Hinsen's message of "Tue, 11 Sep 2018 11:34:33 +0200") List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Konrad Hinsen Cc: 32183@debbugs.gnu.org Hi Konrad, Konrad Hinsen skribis: >> Specifically, you=E2=80=99d have to run something along these lines as r= oot: >> >> strace -f -p $(pidof guix-daemon) -o log >> >> and then, as root or non-root (it doesn=E2=80=99t matter), run, say: >> >> guix build curl -S --no-substitutes > > The log file (compressed) is attached. > > In doing this I noticed that I have two guix-daemon processes running: > > root 1583 0.0 0.0 33156 2412 ? Ss 08:55 0:00 /root/.c= onfig/guix/current/bin/guix-daemon --build-users-group=3Dguixbuild > root 13003 0.0 0.0 36028 6256 ? Ss 11:28 0:00 /root/.c= onfig/guix/current/bin/guix-daemon 12770 > > I ran strace on the first one. Ooh, I see. The log shows this: --8<---------------cut here---------------start------------->8--- 13795 setgroups(1, [999]) =3D 0 13795 setgid(999) =3D 0 13795 getgid() =3D 999 13795 getegid() =3D 999 13795 setuid(499) =3D 0 13795 getuid() =3D 499 13795 geteuid() =3D 499 [...] 13795 execve("/gnu/store/sf84mb2y5vcykwq9fv02l2nipp34qng2-guix-daemon-0.15.= 0-3.3d43017/libexec/guix/download", ["download", "/gnu/store/j3swd19y4wzv6n= rr13bv7"..., "/gnu/store/rdlndkf50sn0jq7bqkbhm"...], 0xa26f60 /* 17 vars */= ) =3D 0 [...] 13795 execve("/root/.config/guix/current/bin/guix", ["/root/.config/guix/cu= rrent/bin/g"..., "perform-download", "/gnu/store/j3swd19y4wzv6nrr13bv7"...,= "/gnu/store/rdlndkf50sn0jq7bqkbhm"...], 0x6c0530 /* 19 vars */) =3D -1 EAC= CES (Permission denied) 13795 stat("/root/.config/guix/current/bin/guix", 0x7fffffffe1d0) =3D -1 EA= CCES (Permission denied) --8<---------------cut here---------------end--------------->8--- The download process is running as a build user, not as root, hence the permission issue (silly me!). Now we need to find a way to use =E2=80=98guix=E2=80=99 from root=E2=80=99s ~/.config/guix/current. A solution may be to expose that profile under /var/guix/profiles. Needs more thought=E2=80=A6 Thanks for helping out! Ludo=E2=80=99.