From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Subject: Re: 33/33: daemon: Workaround issues for the Hurd.
Date: Wed, 11 Mar 2020 15:50:26 +0100
Message-ID: <87h7yvgd3h.fsf@gnu.org>
References: <20200310075832.7126.86402@vcs0.savannah.gnu.org>
 <20200310075853.45FCC21252@vcs0.savannah.gnu.org>
 <87v9ncwpg4.fsf@gnu.org> <87k13s2wwl.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org>
Received: from eggs.gnu.org ([2001:470:142:3::10]:50177)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <ludo@gnu.org>) id 1jC2go-0006H3-4B
 for guix-devel@gnu.org; Wed, 11 Mar 2020 10:50:31 -0400
In-Reply-To: <87k13s2wwl.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Tue, 10
 Mar 2020 13:54:02 +0100")
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org
Sender: "Guix-devel"
 <guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org>
To: Jan Nieuwenhuizen <janneke@gnu.org>
Cc: guix-devel@gnu.org

Hi!

Jan Nieuwenhuizen <janneke@gnu.org> skribis:

>>> +#if !__GNU__
>>>      int status =3D pid.wait(true);
>>>      if (status !=3D 0)
>>>          throw Error(format("cannot kill processes for uid `%1%': %2%")=
 % uid % statusToString(status));
>>> +#endif
>>
>> Do you know what the rationale was?  It looks like it could leave
>> zombies behind us.
>
> No, maybe Manolis knows?  What I do know is why I used the patch: before
> applying this patch I could only build up to binutils-boot0.
> binutils-boot0 would always fail like so
>
>     ./pre-inst-env guix build -e '(@@ (gnu packages commencement) binutil=
s-boot0)' --no-offload
>     XXX fails: Workaround for nix daemon
> phase `compress-documentation' succeeded after 0.4 seconds
> error: cannot kill processes for uid `999': Operation not permitted
> guix build: error: cannot kill processes for uid `999': failed with exit =
code 1

But is the build process actually running as UID 999?  If you pass
=E2=80=98--disable-chroot=E2=80=99, then I think build users are not used a=
t all, right?

> From 0307646b22fc488e6342f5814fdef336dd154be3 Mon Sep 17 00:00:00 2001
> From: Manolis Ragkousis <manolis837@gmail.com>
> Date: Sun, 7 Aug 2016 17:48:30 +0300
> Subject: [PATCH 1/2] daemon: Break CHROOT_ENABLED into smaller macros.
>
> Checking for CLONE_NEWNS is only needed for using tha Linux specific clon=
e(2),
> otherwise we can use fork(2).
>
> * nix/libstore/build.cc (CHROOT_ENABLED): Break into CHROOT_ENABLED
> and CLONE_ENABLED.
> (DerivationGoal::startBuilder): Replace CHROOT_ENABLED with CLONE_ENABLED.
> (DerivationGoal::runChild): Only define pivot_root() if SYS_pivot_root is
> defined.

[...]

> -#define CHROOT_ENABLED HAVE_CHROOT && HAVE_SYS_MOUNT_H && defined(MS_BIN=
D) && defined(MS_PRIVATE) && defined(CLONE_NEWNS) && defined(SYS_pivot_root)
> +#define CHROOT_ENABLED HAVE_CHROOT && HAVE_SYS_MOUNT_H && defined(MS_BIN=
D) && defined(MS_PRIVATE)
> +#define CLONE_ENABLED defined(CLONE_NEWNS)
> +
> +#if defined(SYS_pivot_root)
> +#define pivot_root(new_root, put_old) (syscall(SYS_pivot_root, new_root,=
put_old))
> +#endif
>=20=20
>  #if CHROOT_ENABLED
>  #include <sys/socket.h>
> @@ -2005,7 +2010,7 @@ void DerivationGoal::startBuilder()
>         - The UTS namespace ensures that builders see a hostname of
>           localhost rather than the actual hostname.
>      */
> -#if CHROOT_ENABLED
> +#if CLONE_ENABLED
>      if (useChroot) {
>  	char stack[32 * 1024];
>  	int flags =3D CLONE_NEWPID | CLONE_NEWNS | CLONE_NEWIPC | CLONE_NEWUTS =
| SIGCHLD;

I=E2=80=99m not sure this is correct.  Perhaps we rather need an =E2=80=9C#=
ifdef
__linux__=E2=80=9D around the use of clone(2)?

Other options:

  1. Implement clone(2) with CLONE_NEW* in libc on GNU/Hurd.

  2. Add a =E2=80=9Csandbox=E2=80=9D abstraction in the daemon, with OS-spe=
cific
     implementations of the abstraction (the Nix daemon did that at some
     point, with the goal of supporting proprietary macOS etc.)

     For GNU/Linux, it=E2=80=99d use chroot(2)+clone(NEWNS) etc. as root.

     On GNU/Hurd, it could spawn the process in a sub-Hurd, i.e., with
     its own proc server, root file system server, and without a pfinet
     server running.

Option #2 can be fun to implement and probably easier and less
controversial than Option #1.  However, it does mean adding more code of
the C++ code base, which is sad.

Either way, it=E2=80=99s a bit of work, so this can definitely come later.

Ludo=E2=80=99.