* bug#45066: guix environment --container is borken
@ 2020-12-06 8:59 luhux
2020-12-06 17:05 ` zimoun
0 siblings, 1 reply; 4+ messages in thread
From: luhux @ 2020-12-06 8:59 UTC (permalink / raw)
To: 45066
[-- Attachment #1: Type: text/plain, Size: 364 bytes --]
In the new guix `guix environment --container` is borken.
The reason lies in the 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e of the master branch:
It checks if the file exists and then returns a boolean
None of my 3 Guix System machines have this file but they can still run unprivileged containers.
Please fix it,
thanks very much
luhux
[-- Attachment #2: Type: text/html, Size: 467 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#45066: guix environment --container is borken
2020-12-06 8:59 bug#45066: guix environment --container is borken luhux
@ 2020-12-06 17:05 ` zimoun
2020-12-06 21:02 ` Marius Bakke
0 siblings, 1 reply; 4+ messages in thread
From: zimoun @ 2020-12-06 17:05 UTC (permalink / raw)
To: luhux, 45066
Hi,
On Sun, 06 Dec 2020 at 16:59, luhux <luhux@outlook.com> wrote:
> In the new guix `guix environment --container` is borken.
It is not broken.
> Please fix it,
Please fix your config. :-)
The message says:
--8<---------------cut here---------------start------------->8---
$ guix environment -C --ad-hoc hello -- hello
guix environment: error: cannot create container: unprivileged user cannot create user namespaces
guix environment: error: please set /proc/sys/kernel/unprivileged_userns_clone to "1"
--8<---------------cut here---------------end--------------->8---
Have you tried the recommendation?
--8<---------------cut here---------------start------------->8---
$ su -
Password:
# echo 1 > /proc/sys/kernel/unprivileged_userns_clone
# logout
$ guix environment -C --ad-hoc hello -- hello
Hello, world!
--8<---------------cut here---------------end--------------->8---
Feel free to comment on the thread:
<https://yhetil.org/guix/e5c86d238ca5174b745b8ea6cb0cb6ad6b20aa5e.camel@yasuaki.com>
if it does not work for you.
If no major objection, I am closing.
All the best,
simon
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#45066: guix environment --container is borken
2020-12-06 17:05 ` zimoun
@ 2020-12-06 21:02 ` Marius Bakke
2020-12-07 0:52 ` zimoun
0 siblings, 1 reply; 4+ messages in thread
From: Marius Bakke @ 2020-12-06 21:02 UTC (permalink / raw)
To: zimoun, luhux, 45066-done
[-- Attachment #1: Type: text/plain, Size: 770 bytes --]
zimoun <zimon.toutoune@gmail.com> skriver:
> Hi,
>
> On Sun, 06 Dec 2020 at 16:59, luhux <luhux@outlook.com> wrote:
>> In the new guix `guix environment --container` is borken.
>
> It is not broken.
It was broken. :-)
> Have you tried the recommendation?
>
> --8<---------------cut here---------------start------------->8---
> $ su -
> Password:
> # echo 1 > /proc/sys/kernel/unprivileged_userns_clone
> # logout
>
> $ guix environment -C --ad-hoc hello -- hello
> Hello, world!
> --8<---------------cut here---------------end--------------->8---
...because this only works on the Debian kernel.
We need to find a more robust test for user namespaces, but for now I
reverted the commit.
Closing! Thanks for the report luhux. :-)
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 507 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#45066: guix environment --container is borken
2020-12-06 21:02 ` Marius Bakke
@ 2020-12-07 0:52 ` zimoun
0 siblings, 0 replies; 4+ messages in thread
From: zimoun @ 2020-12-07 0:52 UTC (permalink / raw)
To: Marius Bakke, luhux, 45066-done
Hi Marius,
On Sun, 06 Dec 2020 at 22:02, Marius Bakke <marius@gnu.org> wrote:
>> Have you tried the recommendation?
> It was broken. :-)
[...]
> ...because this only works on the Debian kernel.
Therefore, what does the recommendation mean? From [1] on Guix System:
--8<---------------cut here---------------start------------->8---
~/co/guix (master)$ guix environment -C guix
guix environment: error: cannot create container: unprivileged user cannot create user namespaces
guix environment: error: please set /proc/sys/kernel/unprivileged_userns_clone to "1"
--8<---------------cut here---------------end--------------->8---
1: <https://yhetil.org/guix/e5c86d238ca5174b745b8ea6cb0cb6ad6b20aa5e.camel@yasuaki.com>
> We need to find a more robust test for user namespaces, but for now I
> reverted the commit.
How do you «set /proc/sys/kernel/unprivileged_userns_clone to "1"» on
Guix System?
BTW, reverting means reopen #31977; I did.
All the best,
simon
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2020-12-07 0:54 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2020-12-06 8:59 bug#45066: guix environment --container is borken luhux
2020-12-06 17:05 ` zimoun
2020-12-06 21:02 ` Marius Bakke
2020-12-07 0:52 ` zimoun
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).