From: Omar Tarabai <tarabai@devegypt.com>
To: "Ludovic Courtès" <ludo@gnu.org>
Cc: guix-devel@gnu.org
Subject: Re: GUIX on fedora 14
Date: Wed, 8 Jan 2014 23:15:55 +0100 [thread overview]
Message-ID: <CAK9pnb7LyLQy2_m5MZQyk06aUj2y2E5GLGEbJ=iLrRo3iqhcXA@mail.gmail.com> (raw)
In-Reply-To: <87mwj79zbl.fsf@gnu.org>
[-- Attachment #1: Type: text/plain, Size: 2343 bytes --]
Hi,
On Tue, Jan 7, 2014 at 11:55 PM, Ludovic Courtès <ludo@gnu.org> wrote:
> Hello,
>
> Omar Tarabai <tarabai@devegypt.com> skribis:
>
> > I have Guix 0.5 installed on a fedora 14, 2.6.32 kernel.
> >
> > Running the following:
> > guix package --verbose -i tar
> >
> > I get the error:
> > guix package: error: build failed: unable to fork: Operation not
> permitted
> >
> > I traced the error to the clone() operation in build.cc.
>
> Right. The original report is at <http://bugs.gnu.org/15209>.
>
> However, CLONE_NEWNET & co. appeared in 2.6.24 according to clone(2), so
> this kernel should have them. Perhaps the libc headers lack the
> definitions; could you check if they’re in /usr/include/bits/sched.h?
> What libc version is it?
>
>
They are all there in /usr/include/bits/sched.h, libc version 2.13
> > As mentioned by Ludovic in a previous conversation with Matthias
> > Wachs, it seems to be a problem of a missing capability CAP_SYS_ADMIN.
> > I tried running the daemon as root only or with
> > --build-users-group=guix-builder but I get the same error. I also
> > tried isolating the clone operation in a test script to verify the
> > problem, fails again (running as root).
> >
> > I tried removing all the CLONE_* flags as recommended by Ludovic, I get
> the
> > error:
> > build error: cannot set loopback interface flags: Permission denied
> >
> > I assume its because of the missing CLONE_NEWNET
>
> Yes. You could comment out the few lines that set up the loopback
> interface in build.cc, line 2074 onwards. The global ‘lo’ interface
> will be visible in the build environment anyway.
>
> Let us know how far that gets.
>
>
Now I get the error:
build error: unable to make filesystem `/' private: Operation not permitted
> > It seems that for some reason on this system, processes started with root
> > privileges does not get the CAP_SYS_ADMIN capability.
>
> What makes you think so? To me it seems to be about working around the
> assumptions that there’s a separate network interface name space, etc.
>
>
Can you elaborate on this point?
> I hope this helps. What would be best is to switch to a newer kernel
> and libc. :-)
>
>
Unfortunately we are stuck with this for now :(
Thanks a lot,
Omar
> Thanks,
> Ludo’.
>
[-- Attachment #2: Type: text/html, Size: 3769 bytes --]
next prev parent reply other threads:[~2014-01-08 22:16 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-07 13:57 GUIX on fedora 14 Omar Tarabai
2014-01-07 22:55 ` Ludovic Courtès
2014-01-08 22:15 ` Omar Tarabai [this message]
2014-01-08 22:39 ` Ludovic Courtès
2014-01-09 13:30 ` Omar Tarabai
2014-01-09 23:01 ` Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAK9pnb7LyLQy2_m5MZQyk06aUj2y2E5GLGEbJ=iLrRo3iqhcXA@mail.gmail.com' \
--to=tarabai@devegypt.com \
--cc=guix-devel@gnu.org \
--cc=ludo@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).