From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp2.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms8.migadu.com with LMTPS id yIpPIdkS5WW2GgAAe85BDQ:P1 (envelope-from ) for ; Mon, 04 Mar 2024 01:16:25 +0100 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp2.migadu.com with LMTPS id yIpPIdkS5WW2GgAAe85BDQ (envelope-from ) for ; Mon, 04 Mar 2024 01:16:25 +0100 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b="pMH/C3JP"; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1709511385; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=gsQw2pJ9OXkWgR0+8m+DAzIPrB37BLWaEPGAOqMU7AM=; b=Pv6GRN01e9L9uHRFs1UNxJ9/FNKVtX+P0Nt3JxYgVm6ycc+Jcf1hgAXC2Qzx8PNsgl6Rv0 sh23WFkELmGk+h/rram31Y9qGTRicX37ib2u8FLGfP9oyyoo60OtQUoQVIdieOXEud9Obn gP6ggOxAsLrz9j1yo9N/1H9VFBap8fc5HF4uJklPUjgBcNQRFTnvXX8jIVbvi3pL7zoId+ FzZwyK26BYHxdXLRbTNItmUiSKzfjWYAcc3NfAyq461MM75pDUrKTfJ39Hzl4hhP0omR0w q2GwtHQv7UJJcbhwv6g8+baecYis0sFWDJLSot4Go8jwh+6dOzzPoMhz0uEZzQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lease-up.com header.s=2017 header.b="pMH/C3JP"; spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1709511385; a=rsa-sha256; cv=none; b=DD6n5k9iu8dnPBO6JHjdXpHekTOt8GfCyLGssVCIijqXmN05iQyssiCWhil/w/Vno8GWS7 sYyhB6ehZDKLKJeS4Ma9vXooNmGg86w8jqr5VBSOLDbrVJb1VPizhp0ABZmFB93LAUugPh ZzASYcHUx1LTqhprdoJXL77GDvb94HmthogIMw/sRQR3t0a/g6tp9kWikLvZ8GKeRYkDCH a/2SY27ZJd91LArV2pMhd9irAuxK5bliUr8Cu6Qpv5hrivYh4eS/lXe/gOtxuo5IGhPJ2g KAuALHaLCCSNYI3mj7UNAmbprsLycckU1ExfEajnASWXBzWDTyT1ZVrUM44R/A== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id EE46F6E002 for ; Mon, 4 Mar 2024 01:16:24 +0100 (CET) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rgvzv-0007FM-Ou; Sun, 03 Mar 2024 19:16:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rgvzt-0007F6-Dn for help-guix@gnu.org; Sun, 03 Mar 2024 19:16:01 -0500 Received: from sail-ipv4.us-core.com ([208.82.101.137]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_CHACHA20_POLY1305:256) (Exim 4.90_1) (envelope-from ) id 1rgvzr-0007KW-Gb for help-guix@gnu.org; Sun, 03 Mar 2024 19:16:01 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; s=2017; bh=y+OGMOwMTSmczLE YBoP96+F5gabLfIA+25yrU+3RZBU=; h=date:references:in-reply-to:subject: cc:to:from; d=lease-up.com; b=pMH/C3JPBa644Upir2o7s/tyM3NP8hCw0/tqHZ8J wVL5gO7kucrUY7VPgWBFuZUlBnFYZzDCgnnH+ykyVutQLWu/gsiA7wc4Y2+OwkAUe05hFg O+E+45JNp6BkiEi35f6m52mz3ak/3lUmSbgdlLoTc9fx+0QNOwdDVXaoizYIw= Received: by sail-ipv4.us-core.com (OpenSMTPD) with ESMTPSA id 143ea417 (TLSv1.3:TLS_CHACHA20_POLY1305_SHA256:256:NO); Mon, 4 Mar 2024 00:15:56 +0000 (UTC) To: William Cc: help-guix@gnu.org, Abdelhakim Qbaich Subject: Re: Configuring mount for NTFS partition at boot makes the system unbootable. In-Reply-To: <20240303233648.55a40747@fedora.email> References: <20240303215558.3efe589d@fedora.email> <87wmqjyplh.fsf@lease-up.com> <20240303233648.55a40747@fedora.email> Date: Sun, 03 Mar 2024 16:15:56 -0800 Message-ID: <87ttlmzwar.fsf@lease-up.com> MIME-Version: 1.0 Content-Type: text/plain Received-SPF: pass client-ip=208.82.101.137; envelope-from=felix.lechner@lease-up.com; helo=sail-ipv4.us-core.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Felix Lechner From: Felix Lechner via Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: -4.91 X-Spam-Score: -4.91 X-Migadu-Queue-Id: EE46F6E002 X-TUID: Snpuh8lBVe04 Hi William, It seems that help-guix was inadvertently left off of the recipients. I hope you don't mind that I copied the mailing list on your response. On Sun, Mar 03 2024, William wrote: > Hello. > > Thanks for the input, this certainly helped me diagnose the issue. > > I set some options so Guix keeps booting if mounting the filesystem > fails, now I can boot. > > I potentially figured out what the issue may be, the filesystem entry is > defined on /etc/fstab so I tried running "mount -a" without root, and it > printed this: > >> Mount is denied because setuid and setgid root ntfs-3g is insecure >> with the external FUSE library. Either remove the setuid/setgid bit >> from the binary or rebuild NTFS-3G with integrated FUSE support and >> make it setuid root. >> Please see more information at >> https://github.com/tuxera/ntfs-3g/wiki/NTFS-3G-FAQ > > It seems it's another issue with setuid/setgid. I think this could be > solved if ntfs-3g is compiled with integrated FUSE support, so > it doesn't require libfuse at all, then the declaration to load the FUSE > module wouldn't be needed either I suppose. I also use FUSE every day and believe it's compiled into our kernels (i.e. no module). Perhaps someone can help you find our kernel configurations. The security concern may also be further explained here. [1] > Maybe this should be reported as an issue on the Guix tracker? There is already a bug about it. [2] The filing is from 2021. There is no proposed solution. I would write to the bug [3] and ask if there are workarounds. Please make sure to cc Abdelhakim, whose address you can find here. [4] (I also copied him on this message.) No one else will receive or read your message to the bug tracker. Kind regards Felix P.S. Sorry about the complexity of our bug reporting tools. Some work is being done to simplify them. [1] https://unparalleled.eu/blog/2022/20220607-help-to-heap-suid-privilege-escalation/ [2] https://issues.guix.gnu.org/46980 [3] 46980@debbugs.gnu.org [4] https://debbugs.gnu.org/46980