bug#61627: Cannot start a container built with `guix system container --network'.

all messages for Guix-related lists mirrored at yhetil.org
 help / color / mirror / code / Atom feed

From: Pierre Langlois <pierre.langlois@gmx.com>
To: 61627@debbugs.gnu.org
Subject: bug#61627: Cannot start a container built with `guix system container --network'.
Date: Sun, 19 Feb 2023 15:29:20 +0000	[thread overview]
Message-ID: <873571u0vx.fsf@gmx.com> (raw)
In-Reply-To: <87a619u22x.fsf@gmx.com>

[-- Attachment #1: Type: text/plain, Size: 4961 bytes --]


Pierre Langlois <pierre.langlois@gmx.com> writes:

> [[PGP Signed Part:Undecided]]
> Hi Guix!
>
> There seems to be a bug with the --network flag to `guix system
> container', if we try to use docker-image.tmpl as an example we get the
> following failure:
>
> $ sudo `guix system container -v3 --network gnu/system/examples/docker-image.tmpl`
> Password:
> system container is running as PID 17630
> WARNING: (guile-user): imported module (guix build utils) overrides core binding `delete'
> Run 'sudo guix container exec 17630 /run/current-system/profile/bin/bash --login'
> or run 'sudo nsenter -a -t 17630' to get a shell into it.
>
> WARNING: (guile-user): imported module (guix build utils) overrides core binding `delete'
> making '/gnu/store/2w0c609is7iilv6r2l1vrchb9qsbfgkp-system' the current system...
> WARNING: (guile-user): imported module (guix build utils) overrides core binding `delete'
> setting up setuid programs in '/run/setuid-programs'...
> populating /etc from /gnu/store/ywsdjyq161a2clhvz6kx5m4ppz5ziqp1-etc...
> Backtrace:
>           11 (primitive-load "/gnu/store/5wdqg0jpiw1zd9pn13wmzy3f85g…")
> In gnu/build/linux-container.scm:
>     300:8 10 (call-with-temporary-directory #<procedure 7fa5741fdd70…>)
>    397:16  9 (_ "/tmp/guix-directory.KgjoQ6")
>      62:6  8 (call-with-clean-exit #<procedure 7fa57420fd40 at gnu/b…>)
> In unknown file:
>            7 (primitive-load "/gnu/store/2w0c609is7iilv6r2l1vrchb9qs…")
> In ice-9/eval.scm:
>     619:8  6 (_ #f)
> In unknown file:
>            5 (primitive-load "/gnu/store/xfd58fw9x65n7wr5kw2gnciszkl…")
> In srfi/srfi-1.scm:
>     634:9  4 (for-each #<procedure primitive-load (_)> _)
> In unknown file:
>            3 (primitive-load "/gnu/store/3gwb0jydx90f61a6kizawsjdi6h…")
> In srfi/srfi-1.scm:
>     634:9  2 (for-each #<procedure 7fa57410e0e0 at gnu/build/activa…> …)
> In gnu/build/activation.scm:
>    268:20  1 (_ "hosts")
> In unknown file:
>            0 (copy-file "/etc/static/hosts" "/etc/hosts")
>
> ERROR: In procedure copy-file:
> In procedure copy-file: Read-only file system
>
>
> Doing a git bisect, the problem started with this commit it seems:
> 802ea1f3a43e5fb8d0b8bd2882954d8a6e49cde6
>
> system: Deprecate hosts-file.
>
> * gnu/system.scm (operating-system-hosts-file): Deprecate procedure.
> (warn-hosts-file-field-deprecation): New procedure, helper for
> deprecated variable.
> (operating-system)[hosts-file]: Use helper to warn deprecated field.
> (local-host-aliases): Mark as deprecated.
> (local-host-entries): New procedure.
> (operating-system-default-essential-services,
> hurd-default-essential-services): Use hosts-service-type.  Use
> '%operating-system-hosts-file' and 'local-host-entries'.
> (default-/etc/hosts): Remove procedure.
> (operating-system-etc-service): Remove hosts file.
> * doc/guix.texi (operating-system Reference)
> (Networking Services) (Virtualization Services): Rewrite documentation
> entries to use hosts-service-type.

Digging into the container script code, I think the reason is that when
sharing the network, it's supposed to remove any network-related
services from the containerized operating system. And it's not aware of
the new hosts-service-type. The following diff seems to fix the issue:

--8<---------------cut here---------------start------------->8---
diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm
index c2fd55d48e..9190d013bc 100644
--- a/gnu/system/linux-container.scm
+++ b/gnu/system/linux-container.scm
@@ -49,9 +49,12 @@ (define* (container-essential-services os #:key shared-network?)
   (define base
     (remove (lambda (service)
               (memq (service-kind service)
-                    (list (service-kind %linux-bare-metal-service)
-                          firmware-service-type
-                          system-service-type)))
+                    (cons* (service-kind %linux-bare-metal-service)
+                           firmware-service-type
+                           system-service-type
+                           (if shared-network?
+                               (list hosts-service-type)
+                               '()))))
             (operating-system-default-essential-services os)))

   (cons (service system-service-type
--8<---------------cut here---------------end--------------->8---

I wonder if this is a full fix though, I see that we also remove network
related configuration files, using `%network-configuration-files', and I
wonder if "/etc/hosts" is still supposed to be there?

--8<---------------cut here---------------start------------->8---
(define %network-configuration-files
  ;; List of essential network configuration files.
  '("/etc/resolv.conf"
    "/etc/nsswitch.conf"
    "/etc/services"
    "/etc/hosts"))
--8<---------------cut here---------------end--------------->8---

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 519 bytes --]

next prev parent reply	other threads:[~2023-02-19 15:33 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-19 14:58 bug#61627: Cannot start a container built with `guix system container --network' Pierre Langlois
2023-02-19 15:29 ` Pierre Langlois [this message]
2023-03-20 17:46   ` Bruno Victal
2023-03-21 12:53     ` Arun Isaac
2023-03-23 12:50       ` Bruno Victal
2023-03-25 16:10         ` Arun Isaac
2023-03-26 13:14           ` Pierre Langlois
2023-03-26 13:41             ` Pierre Langlois
2023-03-26 22:20               ` Arun Isaac
2023-02-26 20:54 ` Nicolò Balzarotti
2023-03-19 19:26 ` Arun Isaac

find likely ancestor, descendant, or conflicting patches for this message:
dfblob:c2fd55d48 dfblob:9190d013b
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=873571u0vx.fsf@gmx.com \
    --to=pierre.langlois@gmx.com \
    --cc=61627@debbugs.gnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this external index

	https://git.savannah.gnu.org/cgit/guix.git

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.