From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id P4smAjtB8mOoCAEAbAwnHQ (envelope-from ) for ; Sun, 19 Feb 2023 16:33:15 +0100 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id EOFeADtB8mN/LwAAG6o9tA (envelope-from ) for ; Sun, 19 Feb 2023 16:33:15 +0100 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A84E0C3C5 for ; Sun, 19 Feb 2023 16:33:14 +0100 (CET) Authentication-Results: aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmx.com (policy=none) ARC-Seal: i=1; s=key1; d=yhetil.org; t=1676820794; a=rsa-sha256; cv=none; b=We+wFHxh+xRA4yZ8FGVhwTYUgXQDEmyXYIqYrHmzSVwv39ytl2PVb/dqwC5MP54lT2a746 G1K+4cUeF5iMMb/PU8SzXMaIaH4vya1n/Ir3wosHAOKAgycmEyNKliluXYq9eYUyzLBCoZ AzgyHvILOEdm5zNTyZ+Wt2LB2uAJCfsZBaXL7P7Qx3nvkrt2uk0TN/XT8GQ8zynrRlfPjJ HlReRTGHu+iO8LvZdSITCSckn0BT2BGVez79vgCMZAYcoouSkap6hNdlSKi9nA0AbPKpI9 9KXrAAYzodnYh9JAJnNAmjGlZpOIYDOHTuN7cys0GVbit8wxhX46ll9GYHQ/aw== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of "bug-guix-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="bug-guix-bounces+larch=yhetil.org@gnu.org"; dmarc=fail reason="SPF not aligned (relaxed), No valid DKIM" header.from=gmx.com (policy=none) ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1676820794; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post; bh=l3gjqD1zvmP2S5+0fdOjaFDzNnWgb4TwTcCoxZC75jk=; b=FSx9etJx3pAst6vWZZJROI3kM+fCl2mqX/zCMq+USkXfcwaPEdcEc/ErpAOjUXnjo48C2R sz3PnZ8PRuDBq6A1HlmchFA2+622Bb1dHwp/dEaGJPLAbG9qHNrqbZXBSvQjXLS4qva1ws TxOLqjkMHM62wT/OBuDMNXhCmClIidnXsKG9bEXI/Nzie5HruxcQVsy6af1b94uapT7Caw +3iLFrdFg6dqM0GlIgbxpBdp59m56fi6QnQaR3XbObSU0Gxv5Tlzd3Xdx6iifppe/E7mj/ LQZE45kxEmOUK0LcIkmrjdHgM54x8z9nPdAJmrovT5Z60W2d49BmoMxbSdzXvQ== Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pTlgV-0000Y0-FJ; Sun, 19 Feb 2023 10:33:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pTlgU-0000Xs-9p for bug-guix@gnu.org; Sun, 19 Feb 2023 10:33:02 -0500 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pTlgU-0006cX-1B for bug-guix@gnu.org; Sun, 19 Feb 2023 10:33:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1pTlgT-0002p1-NM for bug-guix@gnu.org; Sun, 19 Feb 2023 10:33:01 -0500 X-Loop: help-debbugs@gnu.org Subject: bug#61627: Cannot start a container built with `guix system container --network'. Resent-From: Pierre Langlois Original-Sender: "Debbugs-submit" Resent-CC: bug-guix@gnu.org Resent-Date: Sun, 19 Feb 2023 15:33:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 61627 X-GNU-PR-Package: guix X-GNU-PR-Keywords: To: 61627@debbugs.gnu.org Received: via spool by 61627-submit@debbugs.gnu.org id=B61627.167682075010784 (code B ref 61627); Sun, 19 Feb 2023 15:33:01 +0000 Received: (at 61627) by debbugs.gnu.org; 19 Feb 2023 15:32:30 +0000 Received: from localhost ([127.0.0.1]:49500 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pTlfy-0002nr-7y for submit@debbugs.gnu.org; Sun, 19 Feb 2023 10:32:30 -0500 Received: from mout.gmx.net ([212.227.17.20]:46469) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1pTlfw-0002nU-QZ for 61627@debbugs.gnu.org; Sun, 19 Feb 2023 10:32:29 -0500 Received: from labiere ([82.69.64.142]) by mail.gmx.net (mrgmx104 [212.227.17.174]) with ESMTPSA (Nemesis) id 1MdefJ-1ouyxD2XT7-00Zk9M for <61627@debbugs.gnu.org>; Sun, 19 Feb 2023 16:32:22 +0100 References: <87a619u22x.fsf@gmx.com> User-agent: mu4e 1.8.13; emacs 28.2 From: Pierre Langlois Date: Sun, 19 Feb 2023 15:29:20 +0000 In-reply-to: <87a619u22x.fsf@gmx.com> Message-ID: <873571u0vx.fsf@gmx.com> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Provags-ID: V03:K1:bQ0V7QtWmZbNNtyvgmpjF3d53XjlVWbbF2FPqOJFR1k3NS6qkwL EvNqhMqVR8VRy45GGTktLxG45dHbyE2SuZsU5QgEtH6f1WLkSRsmyqBiZEKxf5vjAl3h2mG pKWJgyxRloHbuZM3QSgQ0mwgMksbUudg2qKjiwOHH+7bG2OpxR0140WPfZ5xk/e1pRxUr5x jv7RvZhyWQO7CbBEZXxhw== UI-OutboundReport: notjunk:1;M01:P0:CkSD+mHIBCQ=;zQCLiWF+gsd7sdehKTls3q0CHm+ ez1OAx/QBCDDAsliBTF+BT5R+gFB7ozELuUCP17HTlRf97QsaqJPgl1Epf3ymKv+AB44f+LHH l97Lghv6e91HwmEX6JojGVOqfpqNS9TF0GIQHMsqKId0QDGq4DAi9PK3HaeLS8JTbMY8cggux 5OpbkkJ4vJdeTKc+zpXHquergiUCFWvpPuFzZdR02gVl5Roay8CIVVw8uOyO5aTo6UDjaNv5B 4zG9gT/kV99JTrCNj7mEnFCXLMm1+sGd+qmIAqUI3ZxAt+qOklvorz7qB3uf7X0tphMaCc5NS hCKU55gosQPtDTsbaAwtvhcANtl4xiqNc1lZE8CFTGlIMdOeZIcETFxMHohDEMv5anZwuGGkb xWDE39QMBh5aCbY8t49KhfIXJ6tZixjRD/BLz5P1ySabAS/MVppqvVB4fbINll23V+lYHaliz nLK9FuaaGjCgDsEsEV4rUrn2vtfPUcWyUXlW0Shm5c0hCE0rDs0jArPM1yTLM067w2adObt/O ZcfrO8vxll1L0zqJuOuxSP0JzMFxfmguXQ/Wfc7RfeSFuU8p+rqQ0AVCNdW3zibZIC5V8T6Aj O+qG5kQrvuaNyvOIEIctKQVTH2z2TruHxsZPelA21hbFumAf2cN10CCO5iSxWbrs0DfjZGLka 69zOx3LeJp1CRnbLRtFKMcGm1tYRc0DvaTLSAcTgBr3AOx2lq9vIzGVrNmITMJ9frb2/345wH oIHPFg+6jWmBW9rwTMolOrRS3Tcs0zPeUw4BgpOkRowzfJugKVLytqH417g0KduQkybqXQcL0 tw4kUIS+S1FM/pZ3oaw0oiPeUAQtZamP84Fswvgsj/Ja59p3QCxwDZmZKnUboPSwlQsHOueUX 4kGQyIhmipRppV17ShrXOSIrxtk2w8h0lEyOq6WtxRU2a9dh6PjI9zWdejLjrhbTpy0S5Acr+ KGUvnLuTRK829xiZmUxuLzBsauo= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-guix@gnu.org List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: X-Migadu-Queue-Id: A84E0C3C5 X-Spam-Score: -6.04 X-Migadu-Spam-Score: -6.04 X-Migadu-Scanner: scn0.migadu.com List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+larch=yhetil.org@gnu.org Sender: bug-guix-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US X-TUID: tmqRiMvebL0S --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Pierre Langlois writes: > [[PGP Signed Part:Undecided]] > Hi Guix! > > There seems to be a bug with the --network flag to `guix system > container', if we try to use docker-image.tmpl as an example we get the > following failure: > > $ sudo `guix system container -v3 --network gnu/system/examples/docker-im= age.tmpl` > Password: > system container is running as PID 17630 > WARNING: (guile-user): imported module (guix build utils) overrides core = binding `delete' > Run 'sudo guix container exec 17630 /run/current-system/profile/bin/bash = --login' > or run 'sudo nsenter -a -t 17630' to get a shell into it. > > WARNING: (guile-user): imported module (guix build utils) overrides core = binding `delete' > making '/gnu/store/2w0c609is7iilv6r2l1vrchb9qsbfgkp-system' the current s= ystem... > WARNING: (guile-user): imported module (guix build utils) overrides core = binding `delete' > setting up setuid programs in '/run/setuid-programs'... > populating /etc from /gnu/store/ywsdjyq161a2clhvz6kx5m4ppz5ziqp1-etc... > Backtrace: > 11 (primitive-load "/gnu/store/5wdqg0jpiw1zd9pn13wmzy3f85g=E2= =80=A6") > In gnu/build/linux-container.scm: > 300:8 10 (call-with-temporary-directory #) > 397:16 9 (_ "/tmp/guix-directory.KgjoQ6") > 62:6 8 (call-with-clean-exit #) > In unknown file: > 7 (primitive-load "/gnu/store/2w0c609is7iilv6r2l1vrchb9qs=E2= =80=A6") > In ice-9/eval.scm: > 619:8 6 (_ #f) > In unknown file: > 5 (primitive-load "/gnu/store/xfd58fw9x65n7wr5kw2gnciszkl=E2= =80=A6") > In srfi/srfi-1.scm: > 634:9 4 (for-each # _) > In unknown file: > 3 (primitive-load "/gnu/store/3gwb0jydx90f61a6kizawsjdi6h=E2= =80=A6") > In srfi/srfi-1.scm: > 634:9 2 (for-each # =E2=80=A6) > In gnu/build/activation.scm: > 268:20 1 (_ "hosts") > In unknown file: > 0 (copy-file "/etc/static/hosts" "/etc/hosts") > > ERROR: In procedure copy-file: > In procedure copy-file: Read-only file system > > > Doing a git bisect, the problem started with this commit it seems: > 802ea1f3a43e5fb8d0b8bd2882954d8a6e49cde6 > > system: Deprecate hosts-file. > > * gnu/system.scm (operating-system-hosts-file): Deprecate procedure. > (warn-hosts-file-field-deprecation): New procedure, helper for > deprecated variable. > (operating-system)[hosts-file]: Use helper to warn deprecated field. > (local-host-aliases): Mark as deprecated. > (local-host-entries): New procedure. > (operating-system-default-essential-services, > hurd-default-essential-services): Use hosts-service-type. Use > '%operating-system-hosts-file' and 'local-host-entries'. > (default-/etc/hosts): Remove procedure. > (operating-system-etc-service): Remove hosts file. > * doc/guix.texi (operating-system Reference) > (Networking Services) (Virtualization Services): Rewrite documentation > entries to use hosts-service-type. Digging into the container script code, I think the reason is that when sharing the network, it's supposed to remove any network-related services from the containerized operating system. And it's not aware of the new hosts-service-type. The following diff seems to fix the issue: =2D-8<---------------cut here---------------start------------->8--- diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm index c2fd55d48e..9190d013bc 100644 =2D-- a/gnu/system/linux-container.scm +++ b/gnu/system/linux-container.scm @@ -49,9 +49,12 @@ (define* (container-essential-services os #:key shared-n= etwork?) (define base (remove (lambda (service) (memq (service-kind service) =2D (list (service-kind %linux-bare-metal-service) =2D firmware-service-type =2D system-service-type))) + (cons* (service-kind %linux-bare-metal-service) + firmware-service-type + system-service-type + (if shared-network? + (list hosts-service-type) + '())))) (operating-system-default-essential-services os))) (cons (service system-service-type =2D-8<---------------cut here---------------end--------------->8--- I wonder if this is a full fix though, I see that we also remove network related configuration files, using `%network-configuration-files', and I wonder if "/etc/hosts" is still supposed to be there? =2D-8<---------------cut here---------------start------------->8--- (define %network-configuration-files ;; List of essential network configuration files. '("/etc/resolv.conf" "/etc/nsswitch.conf" "/etc/services" "/etc/hosts")) =2D-8<---------------cut here---------------end--------------->8--- --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQFMBAEBCgA2FiEEctU9gYy29KFyWDdMqPyeRH9PfVQFAmPyQQIYHHBpZXJyZS5s YW5nbG9pc0BnbXguY29tAAoJEKj8nkR/T31Uo5UH/ArQUZvVp9UYvirgW/5jVtWn tvZEtS9Tc3sVM61Po98voyTqGHHi7bga8ECgbpa0rtApST1g0TRsqAQthgDTlgHr P9sQplXpSOMXKfFFK1uj60wqJq2L3zXt4Qm210CETV6PprABUdgvyCLD59Bj+ccv p5sf74aJx85ujTx3gmI97Sas3MwW6Aw3GO4P1zN8PKWI6fnMCo+ZjBLz1elzbSuz tja+xqqNIjMpCdumnlLcCViODH23t0Mt3zy5NWppKxVQNTGyle8bH+yMI3r7kCFz NRmc5FbULFeAr8unTQEr4/Q/F40K7NawsO32i0dj/YhtGCSKWLjVe29VKwZ0/vg= =uOjq -----END PGP SIGNATURE----- --=-=-=--