From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id uy4IEhcQY2Ko7QAAbAwnHQ (envelope-from ) for ; Fri, 22 Apr 2022 22:29:11 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id MNz3DxcQY2KmPgEAG6o9tA (envelope-from ) for ; Fri, 22 Apr 2022 22:29:11 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id D55DC3C1C1 for ; Fri, 22 Apr 2022 22:29:10 +0200 (CEST) Received: from localhost ([::1]:35484 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nhztu-0004dh-2N for larch@yhetil.org; Fri, 22 Apr 2022 16:29:10 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:59474) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nhztl-0004dY-V5 for guix-patches@gnu.org; Fri, 22 Apr 2022 16:29:01 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:60861) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nhztl-0005Hu-Ma for guix-patches@gnu.org; Fri, 22 Apr 2022 16:29:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nhztl-00029X-JJ for guix-patches@gnu.org; Fri, 22 Apr 2022 16:29:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 04/12] Add (guix least-authority). Resent-From: Thiago Jung Bauermann Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 22 Apr 2022 20:29:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 54997@debbugs.gnu.org Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.16506593218237 (code B ref 54997); Fri, 22 Apr 2022 20:29:01 +0000 Received: (at 54997) by debbugs.gnu.org; 22 Apr 2022 20:28:41 +0000 Received: from localhost ([127.0.0.1]:54758 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nhztQ-00028n-Te for submit@debbugs.gnu.org; Fri, 22 Apr 2022 16:28:41 -0400 Received: from mx.kolabnow.com ([212.103.80.154]:13964) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nhztK-00028I-RZ for 54997@debbugs.gnu.org; Fri, 22 Apr 2022 16:28:40 -0400 Received: from localhost (unknown [127.0.0.1]) by mx.kolabnow.com (Postfix) with ESMTP id C77529D7; Fri, 22 Apr 2022 22:28:28 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=kolabnow.com; h= content-transfer-encoding:content-type:content-type:mime-version :message-id:in-reply-to:date:date:subject:subject:from:from :references:received:received:received; s=dkim20160331; t= 1650659308; x=1652473709; bh=LQfO0iFRaB3BBLLv6TkObZcBKC2CdURo1Ij VJSw+TDo=; b=Hcfz08DYoj27d/dB42NIez5QzCBoogfDL+DyU+hd2RfDIEdAeW+ Rd/shMhlKBzd8pJ9FbyTxteCE82OPDbwa37Y0mAfcJTsyxzKVDPH+76WXR/n2Pgx UZ5a/aEpqFiXnoQj4rxRBUqHUxHePL3GwS/nng3IiRJc/itC7hT7iTns+EkrMFPP OFWzVWUpNcdOF5yjuYzv4kGRvWVnXg8kpr37H+59nj0mOEG592DXoLqQuxrCJfQ2 fBDJwup1vwh1fhG6CTLMKypp8bxlA4LYIv4t8rELtnTfh1ClVNXK7sPaElr3sQ0w X6/7ilbYksxcntgk1HlfUrd5Ribk6UW8TEGZu9vaNRfKhkW6UWI9r2zxTEFa6cvd wkYZWC3n/LWIyJcTsmCSqq9LBJkVNN+BhIEBGbF6ynol/MoWpUi6AROCep2CJjDm GC9GDDeDO7rXHem56kGcdoYIpHP/jSQSZyOSbzB3AJmVHa3teC/liOcOVExBINwG 6EHVqO0Qjxid0qII5WDhpDcFaoLFBd2BCmW4XeN0gG5FkwLSmvPfwvwFjoRSHr7n hOQGdw44FAU+dDq72bGk9HgRorkUtoy5X1GksRj4GTCM99XnhvOLF9trUNf8vI6M 83FZmKm/kCFzK38ALmojzAnopCmDfHdQFUlIjWZf1r+9lp321isaKf+0= X-Virus-Scanned: amavisd-new at mykolab.com Received: from mx.kolabnow.com ([127.0.0.1]) by localhost (ext-mx-out001.mykolab.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z7Iqh3jRVOZq; Fri, 22 Apr 2022 22:28:28 +0200 (CEST) Received: from int-mx003.mykolab.com (unknown [10.9.13.3]) by mx.kolabnow.com (Postfix) with ESMTPS id 9E75763E; Fri, 22 Apr 2022 22:28:27 +0200 (CEST) Received: from ext-subm003.mykolab.com (unknown [10.9.6.3]) by int-mx003.mykolab.com (Postfix) with ESMTPS id 08ACB37D1; Fri, 22 Apr 2022 22:28:26 +0200 (CEST) References: <20220417210453.27884-1-ludo@gnu.org> <20220417210453.27884-4-ludo@gnu.org> Date: Fri, 22 Apr 2022 17:10:19 -0300 In-reply-to: <20220417210453.27884-4-ludo@gnu.org> Message-ID: <87h76klv6j.fsf@kolabnow.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" Reply-to: Thiago Jung Bauermann X-ACL-Warn: , Thiago Jung Bauermann via Guix-patches From: Thiago Jung Bauermann via Guix-patches via X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1650659351; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=LQfO0iFRaB3BBLLv6TkObZcBKC2CdURo1IjVJSw+TDo=; b=A+DTDzAXyGP5pN61TnIzNJ8nUTFkaBpObP6OefWAcZBpFvdpmS4jNDD8zcEDuHwwmIkg4F fJ/RkxUobhOFGfQ7HJcb1w3sCJ9GQZX6sCpRf6Z/y5Tt1lLtWry8u1dKKkerAF2doFkmMz XA4XzROSb1xg04XmKLQoz5q+/NmQXMKIEI0LPxigK+L3eGW8icFZjms4qeI75vFincmUFm P+2g0WkrbwWlxmuqHcUjYwWKuF/XCFiwcb/JPFTTA8VOG2Z5nl4YUdJ1eSIdJ6BRT6gM6I VMYdfMFvPmqQRhk6jC2lXs8KQ0ZVpbHvaN8cM03FtcWn/a5V+XirhIu4+fq2Ig== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1650659351; a=rsa-sha256; cv=none; b=QoYdcoQXFk5k6c2bdgdI32fD9XjyvmQfOsPCUV13qJOFH8lvny977a1JADteNgq5YhRYnq yZ9jyaoMhRrCS4CPkBFWNEK1l7bJaMlhR6Rnk+WMf32NxtQZjGyuAaeWJs4CD9uBI63Kdi n72F5JcqWn4FzFPJpPH5bUtoHIBaM4EImTgGlEkeCLCVooaY0/sz4Jln9vVwzFlmB60V5V SxDe285AJ5Dlxoo8LR7sed4icdi8V8bZFAaPSqS3hp15MP4pDbFHYwnwdwwT6lW+0hsEkz 38m1WgNzL0i0p4/5Yi7FqpKLsvgP1Jf2uwpnB9iN0ILcAT319GCsbKR7nHFdZA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=kolabnow.com header.s=dkim20160331 header.b=Hcfz08DY; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.52 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=kolabnow.com header.s=dkim20160331 header.b=Hcfz08DY; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: D55DC3C1C1 X-Spam-Score: -3.52 X-Migadu-Scanner: scn1.migadu.com X-TUID: W/VV2YzFkgwV Hello, Ludovic Court=C3=A8s writes: > + (reify-exit-status > + (call-with-container mounts > + (lambda () > + (chdir #$directory) > + (environ variables) > + (apply execl #$program #$program (cdr (command-line)))) I'm a bit concerned about running arbitrary commands as PID 1 of process namespaces. A process running as PID 1 (even in a child namespace) is a special case and is treated differently by the Linux kernel than any other process, so it needs to be a program that has been designed to work in that situation. There are two differences from regular processes: 1. PID 1 inherits orphan processes and needs to wait() on them when they quit, in order to avoid accumulating zombie processes in the system. 2. Unlike regular processes, PID 1 doesn't have default signal handlers. Both of these aspects are described in more detail here: https://github.com/krallin/tini/issues/8#issuecomment-146135930 So to avoid an accumulation of zombie processes and other signal-related problems, I suggest adding a =E2=80=9C(init-program ,tini)=E2=80=9D paramet= er to =E2=80=98least-authority-wrapper=E2=80=99 and executing =E2=80=98program=E2= =80=99 as a subprocess of =E2=80=98tini=E2=80=99 or whatever was passed as the #:init-program (perhap= s #f could mean running =E2=80=98program=E2=80=99 directly as PID 1). I mention this because I'm currently dealing with a problem that has exactly this root cause: I'm working on updating the public-inbox package to the latest version, and the testsuite is failing because it tests that lei's daemon process is correctly terminated. But that doesn't work because =E2=80=9Cguix build=E2=80=9D doesn't use a proper init= program as PID 1 and thus the daemon process goes to zombie state and the testsuite thinks that it didn't go away. I'm hoping to send a patch to fix that issue. --=20 Thanks Thiago