Hi bbb,

bbb ee 写道：
> I feel guix shell --container can only mount subdir in /tmp, and 
> fail for
> all other dir:

Your example for ‘all other dir’ just tests /home/dev_1 again, 
which looks extremely much like a mount point.  So does /mnt.  So 
no mystery there, but I do wonder what's *special* about these 
mountpoints compared to others.

What is mounted at /home/dev_1 and (presumably) /mnt on your 
system?  Anything mounted at /home?  Anything mounted *below* 
/mnt/*?

On my system:

--8<---------------cut here---------------start------------->8---
~ λ mountpoint /tmp
/tmp is a mountpoint

~ λ guix shell -C --expose=/tmp=/test coreutils -- echo Elmo world
Elmo world

~ λ guix shell -C --expose=/proc=/test coreutils -- echo Elmo 
world
guix shell: error: mount: mount "/proc" on 
"/tmp/guix-directory.zTa1qb//test": Invalid argument
--8<---------------cut here---------------end--------------->8---

Weird!  Clearly, /proc is imbued with magical Kernel magick and 
simply canno— what?  Oh:

--8<---------------cut here---------------start------------->8---
~ λ mount | grep /proc
none on /proc type proc (rw,relatime)
binfmt_misc on /proc/sys/fs/binfmt_misc type binfmt_misc 
(rw,relatime)
--8<---------------cut here---------------end--------------->8---

Surely not…

--8<---------------cut here---------------start------------->8---
~ λ sudo umount /proc/sys/fs/binfmt_misc

~ λ guix shell -C --expose=/proc=/test coreutils -- echo Elmo 
world
Elmo world
--8<---------------cut here---------------end--------------->8---

…huh.

So, ‘guix shell --container’ apparently takes issue with rbind'ing 
mounts, or something like that.

Maybe that's something Guix can handle by bind-mounting the entire 
subtree itself, or maybe it's a hard permissions error enforced by 
the kernel.  I don't know.

Someone with podman/Docker/similar experience might.

Kind regards,

T G-R