From mboxrd@z Thu Jan 1 00:00:00 1970 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: Re: 33/33: daemon: Workaround issues for the Hurd. Date: Thu, 12 Mar 2020 13:59:55 +0100 Message-ID: <8736advid0.fsf@gnu.org> References: <20200310075832.7126.86402@vcs0.savannah.gnu.org> <20200310075853.45FCC21252@vcs0.savannah.gnu.org> <87v9ncwpg4.fsf@gnu.org> <87k13s2wwl.fsf@gnu.org> <87h7yvgd3h.fsf@gnu.org> <87o8t2qcso.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:47083) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jCNRO-0005DA-Qc for guix-devel@gnu.org; Thu, 12 Mar 2020 09:00:00 -0400 In-Reply-To: <87o8t2qcso.fsf@gnu.org> (Jan Nieuwenhuizen's message of "Thu, 12 Mar 2020 07:59:03 +0100") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane-mx.org@gnu.org Sender: "Guix-devel" To: Jan Nieuwenhuizen Cc: guix-devel@gnu.org, 40006@debbugs.gnu.org Hi! Jan Nieuwenhuizen skribis: > Ludovic Court=C3=A8s writes: > > Hello! > >> Jan Nieuwenhuizen skribis: >> >>>>> +#if !__GNU__ >>>>> int status =3D pid.wait(true); >>>>> if (status !=3D 0) >>>>> throw Error(format("cannot kill processes for uid `%1%': %2%= ") % uid % statusToString(status)); >>>>> +#endif >>>> >>>> Do you know what the rationale was? It looks like it could leave >>>> zombies behind us. >>> >>> No, maybe Manolis knows? What I do know is why I used the patch: before >>> applying this patch I could only build up to binutils-boot0. >>> binutils-boot0 would always fail like so >>> >>> ./pre-inst-env guix build -e '(@@ (gnu packages commencement) binut= ils-boot0)' --no-offload >>> XXX fails: Workaround for nix daemon >>> phase `compress-documentation' succeeded after 0.4 seconds >>> error: cannot kill processes for uid `999': Operation not permitted >>> guix build: error: cannot kill processes for uid `999': failed with exi= t code 1 >> >> But is the build process actually running as UID 999? If you pass >> =E2=80=98--disable-chroot=E2=80=99, then I think build users are not use= d at all, right? > > It seems that they are; I'm running Oh, OK. [=E2=80=A6] >> Other options: >> >> 1. Implement clone(2) with CLONE_NEW* in libc on GNU/Hurd. >> >> 2. Add a =E2=80=9Csandbox=E2=80=9D abstraction in the daemon, with OS-= specific >> implementations of the abstraction (the Nix daemon did that at some >> point, with the goal of supporting proprietary macOS etc.) >> >> For GNU/Linux, it=E2=80=99d use chroot(2)+clone(NEWNS) etc. as root. >> >> On GNU/Hurd, it could spawn the process in a sub-Hurd, i.e., with >> its own proc server, root file system server, and without a pfinet >> server running. >> >> Option #2 can be fun to implement and probably easier and less >> controversial than Option #1. However, it does mean adding more code of >> the C++ code base, which is sad. > > I'm assuming that 1.is what Manolis wanted to support with his > libhurdutil? In fact, I forward ported (minimal effort) the patch > > https://gitlab.com/janneke/hurd/-/commit/856e86f2105417363b85b4d7c4d3= 141f9e81fb56 > > but haven't tried linking against this yet. That would be a nice first > step. 2. sounds fun, but it would need more getting familiar with the > Hurd for me :-) You never know.. I suppose the commit you link to could have been used by libc to implement #1? Oh, actually, IIRC, Manolis was working on implementing mount(2) and umount(2) in libc (which would also be needed), and probably the settrans utilities were part of that effort. Thanks, Ludo=E2=80=99.