From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Thompson, David" <dthompson2@worcester.edu>
Subject: Re: Environment containers
Date: Wed, 28 Oct 2015 12:08:01 -0400
Message-ID: <CAJ=RwfaxrzGwtSmukse7BRmcRc2uWPfOJ86AbkBQsB40VbXfpg@mail.gmail.com>
References: <CAJ=RwfbK67QX1tyrd7O_O=EVkxrO9GU3u8k6etMint4ucO8u5A@mail.gmail.com>
	<87y4epsnjs.fsf@T420.taylan>
	<CAJ=RwfakM8CMTyRH-SWoJVnO+__jq2oE_2gy41129Kde2y=u8w@mail.gmail.com>
	<CADrxHD8-pRRgR549eWQG4fNm7Lky=kTT0wSbrbGBgtgRhUZg9Q@mail.gmail.com>
	<87r3kgwpb8.fsf@gnu.org>
	<CADrxHD8hs0UC0Jeqq4BXNMdGAX=Q_bbrw7k31KJkYxjuYO8PSg@mail.gmail.com>
	<87mvv3832q.fsf@gnu.org>
	<CADrxHD-hTbYkOMHzPRmYKjd7HQNmtzgivGkAz0AKAk4w--e2cg@mail.gmail.com>
	<CAJ=RwfZg+ytagyGM73FbT25Btagvxb+eAZn74-0pyx=OqGqkJA@mail.gmail.com>
	<87fv0v6l6v.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:58778)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1ZrTGd-0006Ei-Nv
	for guix-devel@gnu.org; Wed, 28 Oct 2015 12:08:09 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1ZrTGc-0005nO-LR
	for guix-devel@gnu.org; Wed, 28 Oct 2015 12:08:03 -0400
Received: from mail-yk0-x22f.google.com ([2607:f8b0:4002:c07::22f]:34549)
	by eggs.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dthompson2@worcester.edu>) id 1ZrTGc-0005n7-E5
	for guix-devel@gnu.org; Wed, 28 Oct 2015 12:08:02 -0400
Received: by ykdr3 with SMTP id r3so12795721ykd.1
	for <guix-devel@gnu.org>; Wed, 28 Oct 2015 09:08:02 -0700 (PDT)
In-Reply-To: <87fv0v6l6v.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
Cc: guix-devel <guix-devel@gnu.org>, 21410@debbugs.gnu.org

On Wed, Oct 28, 2015 at 11:56 AM, Ludovic Court=C3=A8s <ludo@gnu.org> wrote=
:
> "Thompson, David" <dthompson2@worcester.edu> skribis:
>
>> On Wed, Oct 28, 2015 at 11:14 AM, Alex Vong <alexvong1995@gmail.com> wro=
te:
>>> On 28/10/2015, Ludovic Court=C3=A8s <ludo@gnu.org> wrote:
>>>> Alex Vong <alexvong1995@gmail.com> skribis:
>>>>
>>>>> On 27/10/2015, Ludovic Court=C3=A8s <ludo@gnu.org> wrote:
>>>>
>>>> [...]
>>>>
>>>>>> Do you still experience the test failures mentioned in that report? =
 If
>>>>>> not, could you email 21410@debbugs.gnu.org, specifying which commit
>>>>>> works for you?
>>>>>>
>>>>> Yes, there are 4 tests still failing with the latest master branch
>>>>> without unprivileged container.
>>>>
>>>> Which tests?  Does tests/container.scm pass?
>>>>
>>> It doesn't pass if I run as unprivileged user. It passes if I run as
>>> root. I will be mailing the test logs on another mail.
>>
>> This is because Debian doesn't let unprivileged users create user
>> namespaces without explicitly overriding some configuration.
>
> How could we determine whether this restriction is in place?  That would
> allow us to skip the test on these systems.

I think it is /proc/sys/kernel/unprivileged_userns_clone, but I don't
know what the contents are exactly.  0 when off, 1 when on?  Can
someone on Debian confirm?

If we can get the test suite passing, I'd like to extract these user
namespace presence tests to a procedure that 'guix environment' can
use to give the user an informative error message in these cases.

- Dave