From mboxrd@z Thu Jan 1 00:00:00 1970 From: Alex Vong Subject: bug#21410: Environment containers Date: Wed, 28 Oct 2015 21:10:11 +0800 Message-ID: References: <87y4epsnjs.fsf@T420.taylan> <87r3kgwpb8.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary=047d7bd76b0414e536052329ea52 Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:55734) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZrQVP-0007DX-UR for bug-guix@gnu.org; Wed, 28 Oct 2015 09:11:12 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZrQVL-0002hV-Kz for bug-guix@gnu.org; Wed, 28 Oct 2015 09:11:07 -0400 Received: from debbugs.gnu.org ([208.118.235.43]:50882) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZrQVL-0002gx-HB for bug-guix@gnu.org; Wed, 28 Oct 2015 09:11:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.80) (envelope-from ) id 1ZrQVK-0000R1-Co for bug-guix@gnu.org; Wed, 28 Oct 2015 09:11:02 -0400 Sender: "Debbugs-submit" Resent-Message-ID: In-Reply-To: <87r3kgwpb8.fsf@gnu.org> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: guix-devel , 21410@debbugs.gnu.org --047d7bd76b0414e536052329ea52 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hi everyone, On 27/10/2015, Ludovic Court=C3=A8s wrote: > Alex Vong skribis: > >> On 26/10/2015, Thompson, David wrote: >>> On Mon, Oct 26, 2015 at 10:37 AM, Taylan Ulrich Bay=C4=B1rl=C4=B1/Kamme= r >>> wrote: >>> >>>> Also, for Debian 8 users and maybe others, this might help: >>>> >>>> sudo sysctl -w kernel.unprivileged_userns_clone=3D1 >>> >>> Yes, user namespaces are a must-have for this to work. I will prepare >>> patches that mention this in the manual and add a test to 'guix >>> environment' that can detect if user namespaces are unavailable and >>> display a more helpful error message. >>> >> I think the patch could be considered a fix for >> as well. How do >> you think? > > Do you still experience the test failures mentioned in that report? If > not, could you email 21410@debbugs.gnu.org, specifying which commit > works for you? > Yes, there are 4 tests still failing with the latest master branch without unprivileged container. But there is a new problem, tests/guix-environment-container.sh fails even when running the tests as root. The test log is in the attachment. I am running Debian 8, could anyone verify this? I would also like to try it on Debian unstable, but currently my PC cannot boot, I am using my old laptop. > I suspect 0e3cc31 helped. > > Thanks, > Ludo=E2=80=99. > Cheers, Alex --047d7bd76b0414e536052329ea52 Content-Type: text/x-log; charset=US-ASCII; name="guix-environment-container.log" Content-Disposition: attachment; filename="guix-environment-container.log" Content-Transfer-Encoding: base64 X-Attachment-Id: file0 KyBzZXQgLWUKKyBndWl4IGVudmlyb25tZW50IC0tdmVyc2lvbgp3YXJuaW5nOiBkYWVtb24gaXMg cnVubmluZyBhcyByb290LCBzbyB1c2luZyBgLS1idWlsZC11c2Vycy1ncm91cCcgaXMgaGlnaGx5 IHJlY29tbWVuZGVkCmd1aXggZW52aXJvbm1lbnQgKEdOVSBHdWl4KSAwLjkuMApDb3B5cmlnaHQg KEMpIDIwMTUgdGhlIEd1aXggYXV0aG9ycwpMaWNlbnNlIEdQTHYzKzogR05VIEdQTCB2ZXJzaW9u IDMgb3IgbGF0ZXIgPGh0dHA6Ly9nbnUub3JnL2xpY2Vuc2VzL2dwbC5odG1sPgpUaGlzIGlzIGZy ZWUgc29mdHdhcmU6IHlvdSBhcmUgZnJlZSB0byBjaGFuZ2UgYW5kIHJlZGlzdHJpYnV0ZSBpdC4K VGhlcmUgaXMgTk8gV0FSUkFOVFksIHRvIHRoZSBleHRlbnQgcGVybWl0dGVkIGJ5IGxhdy4KKyB0 bXBkaXI9dC1ndWl4LWVudmlyb25tZW50LTk2MTMKKyB0cmFwICdybSAtciAiJHRtcGRpciInIEVY SVQKKyBta2RpciB0LWd1aXgtZW52aXJvbm1lbnQtOTYxMworIGd1aXggZW52aXJvbm1lbnQgLS1j b250YWluZXIgLS1hZC1ob2MgLS1ib290c3RyYXAgZ3VpbGUtYm9vdHN0cmFwIC0tIGd1aWxlIC1j ICcoZXhpdCA0MiknCmFjY2VwdGVkIGNvbm5lY3Rpb24gZnJvbSBwaWQgOTYyMSwgdXNlciByb290 ICh0cnVzdGVkKQorIHRlc3QgNDIgPSA0MgorIG1vdW50X3Rlc3RfY29kZT0nCih1c2UtbW9kdWxl cyAoaWNlLTkgcmRlbGltKQogICAgICAgICAgICAgKGljZS05IG1hdGNoKQogICAgICAgICAgICAg KHNyZmkgc3JmaS0xKSkKCihkZWZpbmUgbWFwcGluZ3MKICAoZmlsdGVyLW1hcCAobGFtYmRhIChs aW5lKQogICAgICAgICAgICAgICAgKG1hdGNoIChzdHJpbmctc3BsaXQgbGluZSAjXHNwYWNlKQog ICAgICAgICAgICAgICAgICA7OyBFbXB0eSBsaW5lLgogICAgICAgICAgICAgICAgICAoKCIiKSAj ZikKICAgICAgICAgICAgICAgICAgOzsgSWdub3JlIHRoZXNlIHR5cGVzIG9mIGZpbGUgc3lzdGVt cy4KICAgICAgICAgICAgICAgICAgKChfIF8gKG9yICJ0bXBmcyIgInByb2MiICJzeXNmcyIgImRl dnRtcGZzIgogICAgICAgICAgICAgICAgICAgICAgICAgICAgImRldnB0cyIgImNncm91cCIgIm1x dWV1ZSIpIF8gXyBfKQogICAgICAgICAgICAgICAgICAgI2YpCiAgICAgICAgICAgICAgICAgICgo XyBtb3VudCBfIF8gXyBfKQogICAgICAgICAgICAgICAgICAgbW91bnQpKSkKICAgICAgICAgICAg ICAoc3RyaW5nLXNwbGl0IChjYWxsLXdpdGgtaW5wdXQtZmlsZSAiL3Byb2MvbW91bnRzIiByZWFk LXN0cmluZykKICAgICAgICAgICAgICAgICAgICAgICAgICAgICNcbmV3bGluZSkpKQoKKGZvci1l YWNoIChsYW1iZGEgKG1vdW50KQogICAgICAgICAgICAoZGlzcGxheSBtb3VudCkKICAgICAgICAg ICAgKG5ld2xpbmUpKQogICAgICAgICAgbWFwcGluZ3MpJworIGd1aXggZW52aXJvbm1lbnQgLS1j b250YWluZXIgLS1hZC1ob2MgLS1ib290c3RyYXAgZ3VpbGUtYm9vdHN0cmFwIC0tIGd1aWxlIC1j ICcKKHVzZS1tb2R1bGVzIChpY2UtOSByZGVsaW0pCiAgICAgICAgICAgICAoaWNlLTkgbWF0Y2gp CiAgICAgICAgICAgICAoc3JmaSBzcmZpLTEpKQoKKGRlZmluZSBtYXBwaW5ncwogIChmaWx0ZXIt bWFwIChsYW1iZGEgKGxpbmUpCiAgICAgICAgICAgICAgICAobWF0Y2ggKHN0cmluZy1zcGxpdCBs aW5lICNcc3BhY2UpCiAgICAgICAgICAgICAgICAgIDs7IEVtcHR5IGxpbmUuCiAgICAgICAgICAg ICAgICAgICgoIiIpICNmKQogICAgICAgICAgICAgICAgICA7OyBJZ25vcmUgdGhlc2UgdHlwZXMg b2YgZmlsZSBzeXN0ZW1zLgogICAgICAgICAgICAgICAgICAoKF8gXyAob3IgInRtcGZzIiAicHJv YyIgInN5c2ZzIiAiZGV2dG1wZnMiCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAiZGV2cHRz IiAiY2dyb3VwIiAibXF1ZXVlIikgXyBfIF8pCiAgICAgICAgICAgICAgICAgICAjZikKICAgICAg ICAgICAgICAgICAgKChfIG1vdW50IF8gXyBfIF8pCiAgICAgICAgICAgICAgICAgICBtb3VudCkp KQogICAgICAgICAgICAgIChzdHJpbmctc3BsaXQgKGNhbGwtd2l0aC1pbnB1dC1maWxlICIvcHJv Yy9tb3VudHMiIHJlYWQtc3RyaW5nKQogICAgICAgICAgICAgICAgICAgICAgICAgICAgI1xuZXds aW5lKSkpCgooZm9yLWVhY2ggKGxhbWJkYSAobW91bnQpCiAgICAgICAgICAgIChkaXNwbGF5IG1v dW50KQogICAgICAgICAgICAobmV3bGluZSkpCiAgICAgICAgICBtYXBwaW5ncyknCmFjY2VwdGVk IGNvbm5lY3Rpb24gZnJvbSBwaWQgOTYyNywgdXNlciByb290ICh0cnVzdGVkKQorKyB3YyAtbAor IHRlc3QgNCAtZXEgMworIHJtIC1yIHQtZ3VpeC1lbnZpcm9ubWVudC05NjEzCg== --047d7bd76b0414e536052329ea52--