* FUSE works as non-root user but not in Shepherd service under same user
@ 2021-05-16 18:16 raingloom
0 siblings, 0 replies; only message in thread
From: raingloom @ 2021-05-16 18:16 UTC (permalink / raw)
So, I've been struggling with this for a few days now.
I have a Chez script that waits until a SQL dump is written, cleanly
shuts down the FUSE file system that uses the corresponding database,
deletes the database, undumps it from the newly written SQL script, and
waits for the next write, all in an infinite loop.
To make the system a bit more secure, I run it as the gmnisrv user.
It works fine when I run it with su as:
su -s $(guix build memex-runner)/bin/memex-runner.sps gmnisrv
Translation, because su's syntax is a bit weird:
`su -s <executable> <username> [args...]`
runs <executable> [args...] as username.
So, should have the same effect as specifying user and group in the
service description, right? But when I run the service I get this error:
Mounting to "wiki/tags"
Forked into background PID 1478
fusermount: mount failed: Operation not permitted
I have no clue what's going wrong. The mount point is owned by gmnisrv,
the database file too, /dev/fuse has read and write access for user,
group, and other, looking at the strace output doesn't reveal anything
obviously wrong or different between running it with su or with
I also thought that I might be wrapping memex-runner.sps wrong and it
finding the binaries in /gnu/store before the ones in
/run/setuid-programs, so now wrap-program suffixes the PATH of inputs
instead of prefixing it, but that still didn't fix anything.
I'm out of ideas. Any idea how to proceed, short of going through the
source code for everything that's involved here, including FUSE,
Shepherd, Linux, and Supertag?
Here is my channel, look for raingloom/services/gemini.scm and
My machine configs are private but if needed I can share the relevant
bits, but I don't think there is anything relevant. It's a pretty basic
web server setup with Nginx and Molly Brown.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-05-16 20:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-05-16 18:16 FUSE works as non-root user but not in Shepherd service under same user raingloom
unofficial mirror of email@example.com
This inbox may be cloned and mirrored by anyone:
git clone --mirror https://yhetil.org/guix-user/0 guix-user/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 guix-user guix-user/ https://yhetil.org/guix-user \
Example config snippet for mirrors.
Newsgroups are available over NNTP:
AGPL code for this site: git clone http://ou63pmih66umazou.onion/public-inbox.git