From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Thompson, David" Subject: Re: [PATCH] environment: container: Do not remount network files as read-only. Date: Sun, 27 Mar 2016 20:32:00 -0400 Message-ID: References: <87wpozldb5.fsf@gnu.org> <87r3exyt97.fsf@gnu.org> <87poufyfyd.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:51216) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1akL6A-0000yR-Qd for guix-devel@gnu.org; Sun, 27 Mar 2016 20:32:03 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1akL69-0007Oz-NO for guix-devel@gnu.org; Sun, 27 Mar 2016 20:32:02 -0400 Received: from mail-qk0-x233.google.com ([2607:f8b0:400d:c09::233]:35431) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1akL69-0007OZ-HK for guix-devel@gnu.org; Sun, 27 Mar 2016 20:32:01 -0400 Received: by mail-qk0-x233.google.com with SMTP id o6so91953810qkc.2 for ; Sun, 27 Mar 2016 17:32:01 -0700 (PDT) In-Reply-To: <87poufyfyd.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Cc: guix-devel On Sun, Mar 27, 2016 at 1:43 PM, Ludovic Court=C3=A8s wrote: > I cannot reproduce the problem with this minimum test case (the two > =E2=80=98mount=E2=80=99 call succeed): > > --8<---------------cut here---------------start------------->8--- > (use-modules (guix build syscalls) > (gnu build linux-container)) > > (chdir "/tmp") > (false-if-exception (delete-file "foo")) > (false-if-exception (umount "bar")) > (false-if-exception (delete-file "bar")) > > (symlink "/etc/resolv.conf" "foo") > (close-port (open-output-file "bar")) > (mount "/tmp/foo" "/tmp/bar" "none" (logior MS_BIND MS_RDONLY)) > (mount "/tmp/foo" "/tmp/bar" "none" (logior MS_BIND MS_RDONLY MS_REMOUNT)= ) > --8<---------------cut here---------------end--------------->8--- > > Maybe we should try to throw in =E2=80=98call-with-container=E2=80=99 som= ewhere in there > to be closer to the actual problem, dunno. > > It=E2=80=99s a bit frustrating that we don=E2=80=99t understand the situa= tion. If you > wish, I think it=E2=80=99s fine to commit this patch, but please make sur= e to > mention that the problem occurs when /etc/resolv.conf is a symlink, and > add a link to this discussion. I found the culprit! This problem occurs with *any* file remounted read-only from a tmpfs. In Ubuntu, /etc/resolv.conf is a symlink to /run/resolvconf/resolv.conf, and /run is a tmpfs. I did this to confirm the issue with another file on GuixSD: echo foobar > /run/user/foo guix environment --container --expose=3D/run/user/foo --ad-hoc coreutils Where /run/user is a tmpfs. It should fail with an exit status of 1. I don't know why tmpfs is an issue, nor do I know how work around it. I've been searching around for answers but haven't found any leads yet. Any thoughts? > (FWIW I=E2=80=99m planning to push have the release ready on Monday night= .) Maybe we'll have to punt on this for the release, but I really hope it can be fixed in time! This is the last thing I need to make networked containers "just work" on Ubuntu-based distros. - Dave