From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id 6PSSHEjPGWTRcQEASxT56A (envelope-from ) for ; Tue, 21 Mar 2023 16:37:44 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id EJZ+HEjPGWQingAA9RJhRA (envelope-from ) for ; Tue, 21 Mar 2023 16:37:44 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id F3F2E13A0D for ; Tue, 21 Mar 2023 16:37:43 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=gmail.com header.s=20210112 header.b=fzGYu2yM; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1679413064; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=rD0g2ihlUyFawoBoOl0AqX+jd2Z2012aWCY3Jy8+tBI=; b=AKh2gPG5iU2WVVtbLqEyNc9Ed2rzKgsUIdw3FN9vuINpPfISuL0lPkYZpoiD1RgyeVvQe2 zCoozvnraMAri7OTvU2EvlkG0OKRuQICf0/cDgdw4qOtIcGmJlyDYPB9sBka1Znlpfe8IK t6Qr5ImU/BskusvbnR47RPYcrQ2+teVuuJR8s/5td2DFsHq/Uf/v1cPLkJwl69+Grk9R7t z0FxUFkz0Xj0R536XlbTkINhzJCEb/IK7FpLPCEDuPzsZabi5p5aJCAU44dbKg4awgmO2X jiEeyPzhK4VMiiSZR5oH0gux0Bma4AavCsA0p+p8eVdV0XgD4QmM62c5nCFtrw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=gmail.com header.s=20210112 header.b=fzGYu2yM; dmarc=fail reason="SPF not aligned (relaxed)" header.from=gmail.com (policy=none); spf=pass (aspmx1.migadu.com: domain of "help-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="help-guix-bounces+larch=yhetil.org@gnu.org" ARC-Seal: i=1; s=key1; d=yhetil.org; t=1679413064; a=rsa-sha256; cv=none; b=d0eHD6Y+NPqU22vAUsVmK6fXXQAikXqfkcIQE6QuNFHiQDV2VevpLX+/l5NGY7esGNIZEl r4JQf3lX3X7J7DN3UuKmhlebL5Tf120kEUVmzrrVXEMiFfa5FBG3DyFmeL2VWjrByjo/y+ Y7/0Lq98WaPmFn5Kg/K5ZXNzHFBA7e0d4101rpNsSX/LcmKOA/U0RZlQSVHm+cqI7/VICh 69WAYd4azY8SW0bndDzG4qz3ui0MdTuEEaoXIVavGUTV7quscgT943A5/7c/owezTyzWIL G1sTxv5puF09HBuzuH74bX6NMNcT83M6Z5LW8TN0n2nzrk7Vul8w1oT7GDbqdw== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pedb2-00040n-Vg; Tue, 21 Mar 2023 11:08:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pedb1-00040K-4w for help-guix@gnu.org; Tue, 21 Mar 2023 11:08:19 -0400 Received: from mail-ed1-x52c.google.com ([2a00:1450:4864:20::52c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1peday-0000lJ-DZ for help-guix@gnu.org; Tue, 21 Mar 2023 11:08:18 -0400 Received: by mail-ed1-x52c.google.com with SMTP id cn12so15309120edb.4 for ; Tue, 21 Mar 2023 08:08:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679411294; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=5RDehNjemzcnSVtYGFjoQqqwPcRH0smTt5SRqVlcgjU=; b=fzGYu2yM/Rwkobc0N+ROPGC5AGx/93VeZkHkRRCL28m73U1IAgFGfiXSiubS8LBLFB qTP1uHyyNnNZrz0UsiWy7Wtzs3TZymN60pWzQwwRAAzfnZa7ihrQDGG5M4cspZxLoFYA YD5WdIV+MaFbpvpGtxdRpxDOTyRuyzF6SIrYNcPV4jnkqXx8BVbx+iF4D/w2XYRkCxeV thoUCvo6pxEuBEhvCY8Xz5KhEFKDDAMY0ANXlvonfo095/nppMzwNifUAw8UYHkfOF3d waw4W5Qn3v6IPhaf+mT2eXoTpS7ZQOgPejI+3VNTBP80ResXUW1HWetoJRCvgJnvLagh 4Hiw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679411294; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=5RDehNjemzcnSVtYGFjoQqqwPcRH0smTt5SRqVlcgjU=; b=Zj5M+w7aFIE6RR+rYgQ3yRZOJpZRVQVA1OK+wMsq5Nh4WKoREtwNzL1d3uScEAqntD 6rDGP6lD/T6u0B7R7b1bs2lsCy+qXevSaqCN+q299qv2pYHk03+/qgMYQK6irRh02UzX AwYjbY6OWFMJ5ypiwsuI5iUI1wzNrnXa+ZQg9nWvp3xCyQFIa6tvJgq+U4Ar0I+JtDIG xVZT4mUES8jwhVE6IhOWO6Y+zHgQz6A7nko0KY2mjpjn7s/TgVuFNFqX2sYQDwPWKCj0 tUq2vPABNcWcxbFaftTiucle3G69jtIryFNtfWe1/H5xigBC/PEb54XRE5I3K/OD2KAh 8uzg== X-Gm-Message-State: AO0yUKWjq3DSbIHyIbj1bSW0vqWc9DgImeoq57D8yQ1+gomXyACKaN2m 2987MNdqtzX/Gox+yG+JOw2pSX7+S40mmFThn5b+I7sQ1Y4= X-Google-Smtp-Source: AK7set9qQMjj2WUomNINwLgcigLORK23qn23GeSEWgT/wAsQVSM2UVu2Qj2nPoi3bQPCL5T4Lh9uFfiYj4IUfYi6Lvw= X-Received: by 2002:a17:906:2609:b0:933:3fba:b978 with SMTP id h9-20020a170906260900b009333fbab978mr1483747ejc.13.1679411293892; Tue, 21 Mar 2023 08:08:13 -0700 (PDT) MIME-Version: 1.0 From: Vladilen Kozin Date: Tue, 21 Mar 2023 15:08:02 +0000 Message-ID: Subject: no /dev/net/tun aka modprobe tun failed when inside container To: help-guix@gnu.org Received-SPF: pass client-ip=2a00:1450:4864:20::52c; envelope-from=vladilen.kozin@gmail.com; helo=mail-ed1-x52c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: help-guix@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: X-Migadu-Queue-Id: F3F2E13A0D X-Spam-Score: -2.45 X-Migadu-Spam-Score: -2.45 X-Migadu-Scanner: scn0.migadu.com List-Help: List-Subscribe: , Errors-To: help-guix-bounces+larch=yhetil.org@gnu.org Sender: help-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-TUID: mTGn/rgiRUIN Hello. I defined a shepherd service with the intention of starting it as part of my system. Testing and debugging it was kinda, well, not straightforward. Since it is meant to be instantiated as part of the entire operating system, I did all the foo-service, foo-service-type =E2=87=92 derivation = =E2=87=92 shepherd service dance, then to test it lowered to store via `shepherd-service-file` that generates final service definition which I then fed to `sudo herd load root ...`. And that actually worked, though I find the process less than straightforward. Is this really how people define system services? So, it seems to start fine, when I load it into my running desktop environment via `sudo herd load root ...`, but then I attempted to define an OS, which would instantiate it on system startup, and run with: sudo guix system -K -L /home/vlad/Code/fullmeta-guix/channel container os.scm --network Container runs fine. We attach and check `herd status` and notice our service is disabled, cause it failed too many times. Checking /var/log/messages shows it complaining that it is unable to create TUN and no /dev/net/tun device exist. Indeed, it doesn't appear inside container but present on the host. Message is along the lines of: > is CONFIG_TUN enabled in your kernel? `modprobe tun` failed with: > wgengine.NewUserspaceEngine(tun "foo0") error: tstun.New("foo0"): CreateTUN("foo0") failed; /dev/net/tun does not exist Service specifies `(requirement '(networking))`. What have I missed? Do I need to load some kernel modules explicitly? This runs inside a container, so I would've expected it to share my host kernel, which has everything seeing how service started fine on the host. Maybe I am meant to `--expose=3D/dev/net/tun` and somehow share necessary kernel modules, but I dunno how to find the equivalent of `/lib/modules`. Quick look in the sources suggests there's `linux-kernel-module-build` system, which I suspect handles installing modules, but which module I need here and how to pass it to kernel, I've no clue. E.g. via `(kernel-loadable-modules (list some-wg-module))` in the os definition, but then why does my host system not require it. Could anyone help me out, please. Thank you --=20 Best regards Vlad Kozin