From mboxrd@z Thu Jan  1 00:00:00 1970
From: rekado <rekado@elephly.net>
Subject: Re: permission denied: /gnu/store/...guile...
Date: Fri, 22 May 2015 16:33:17 +0800
Message-ID: <14d7ac1498c.12ad9f4e8144025.5836079713405423473@elephly.net>
References: <14d7811908c.f06290cb71568.256566750208527927@elephly.net>
	<87wq01y4uo.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:51431)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <rekado@elephly.net>) id 1YviOT-00076Y-Bo
	for guix-devel@gnu.org; Fri, 22 May 2015 04:33:26 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <rekado@elephly.net>) id 1YviOS-0001bS-E8
	for guix-devel@gnu.org; Fri, 22 May 2015 04:33:25 -0400
In-Reply-To: <87wq01y4uo.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Cc: guix-devel@gnu.org

---- On Fri, 22 May 2015 05:53:51 +0800 Ludovic Court=C3=A8s<ludo@gnu.org> =
wrote ----=20
 > Could you try this:=20
 > =20
 > --8<---------------cut here---------------start------------->8---=20
 > (chdir "/tmp")=20
 > (setgroups #())=20
 > (setgid 30000)=20
 > (setuid 30001)=20
 > (pk 'uid/gid (getuid) (getgid))=20
 > (pk 'euid/egid (geteuid) (getegid))=20
 > (let loop ((i 3))=20
 >   (when (< i 1024)=20
 >     (false-if-exception (close-fdes i))=20
 >     (loop (+ 1 i))))=20
 > (execl "/gnu/store/cnqmkmj40jmssnx6fkf9n0n3bqj5x426-guile-2.0.11/bin/gui=
le" "guile"=20
 >        "-c" "(pk 'running (getuid) (geteuid))")=20
 > --8<---------------cut here---------------end--------------->8---=20
 > =20
 > and then as root run:=20
 > =20
 >   # guile the-above-file.scm=20
 > =20
 > It should return zero and print:=20
 > =20
 > --8<---------------cut here---------------start------------->8---=20
 > ;;; (uid/gid 30001 30000)=20
 > =20
 > ;;; (euid/egid 30001 30000)=20
 > =20
 > ;;; (running 30001 30001)=20
 > --8<---------------cut here---------------end--------------->8---=20

I ran it in a guile REPL (as root) and I got the first two outputs, but an =
error on (execl ...).  It's an unhelpful message:

    ERROR: In procedure execl:
    ERROR: In procedure execl: Permission denied

The backtrace just shows me the line that failed.

When I save it in a file and run that with guile as root I get this error a=
fter the first two output lines:

    Backtrace:
    In ice-9/boot-9.scm:
      157: 7 Exception thrown while printing backtrace:
    ERROR: In procedure private-lookup: Module named (system vm frame) does=
 not exist

    ERROR: In procedure execl:
    ERROR: In procedure execl: Permission denied

That's all.