From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: Compiling guix 0.3 on a fedora 8 planetlab node
Date: Fri, 30 Aug 2013 14:05:40 +0200
Message-ID: <877gf31izv.fsf@gnu.org>
References: <1377704712.3250.69.camel@fulcrum.net.in.tum.de>
	<521F6CE7.60804@gmail.com> <87ob8g9sex.fsf@gnu.org>
	<20130829201332.GB18687@debian> <20130829201538.GC18687@debian>
	<8738ps5glx.fsf@gnu.org>
	<1377856872.3250.98.camel@fulcrum.net.in.tum.de>
	<87eh9b306i.fsf@gnu.org>
	<1377861537.3250.105.camel@fulcrum.net.in.tum.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60046)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1VFNXM-0003cQ-SQ
	for guix-devel@gnu.org; Fri, 30 Aug 2013 08:10:54 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1VFNXH-00087o-8O
	for guix-devel@gnu.org; Fri, 30 Aug 2013 08:10:48 -0400
Received: from hera.aquilenet.fr ([141.255.128.1]:55215)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
	id 1VFNXG-00087f-Vk
	for guix-devel@gnu.org; Fri, 30 Aug 2013 08:10:43 -0400
In-Reply-To: <1377861537.3250.105.camel@fulcrum.net.in.tum.de> (Matthias
	Wachs's message of "Fri, 30 Aug 2013 13:18:57 +0200")
List-Id: <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Matthias Wachs <wachs@net.in.tum.de>
Cc: guix-devel@gnu.org

Matthias Wachs <wachs@net.in.tum.de> skribis:

>> How did it complain exactly?  Is it running as =E2=80=98root=E2=80=99, a=
s per
>> <http://www.gnu.org/software/guix/manual/guix.html#Setting-Up-the-Daemon=
>?
>>=20
>> The ability to run build processes in a chroot and under separate UIDs
>> is essential to achieve reproducibility.
>
> The basic issue is:=20
> I cannot add a builder group since on these machines I don't have the
> "groupadd" command ... limitations of the image/testbed

You may have =E2=80=98addgroup=E2=80=99 instead, no?

> So when starting the daemon with:
>
> [tumple_gnunet_deployment@planetlab-02 ~]$ sudo guix-daemon
> warning: daemon is running as root, so using `--build-users-group' is
> highly recommended
> accepted connection from pid 13641, uid 1376
> 245 operations
>
> The client prints:
>
> guix package -i make
> <removed>
> substituter-succeeded /nix/store/qhkvy39118lccxxsnrwjb9xp7s4627py-make-3.=
82-debug
> guix package: error: build failed: unable to fork: Operation not
> permitted

Can you try to set those CLONE_* constants that you added to 0 instead
of some other value?

According to the clone(2) man page, EPERM means:

  CLONE_NEWIPC,  CLONE_NEWNET,  CLONE_NEWNS, CLONE_NEWPID, or CLONE_NEWUTS =
was specified by
  an unprivileged process (process without CAP_SYS_ADMIN).

But you said guix-daemon is running as =E2=80=98root=E2=80=99.  So it might=
 be that the
kernel doesn=E2=80=99t recognize these flags, and returns EPERM for lack of=
 a
better idea.

Thanks,
Ludo=E2=80=99.