GNU bug report logs -
#31977
clone tests fail on CentOS 7
Previous Next
To reply to this bug, email your comments to 31977 AT debbugs.gnu.org.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
bug-guix <at> gnu.org
:
bug#31977
; Package
guix
.
(Tue, 26 Jun 2018 14:18:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Paul Garlick <pgarlick <at> tourbillion-technology.com>
:
New bug report received and forwarded. Copy sent to
bug-guix <at> gnu.org
.
(Tue, 26 Jun 2018 14:18:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
Hi Guix,
Running 'make check' in the guix source tree on a CentOS 7 system
results in 15 FAILS:
tests/containers.log: 9 FAILS
tests/syscalls.log: 3 FAILS
tests/guix-environment-container.log: 1 FAIL
tests/guix-pack.log: 1 FAIL
tests/pack.log: 1 FAIL
Referring to bug#24108, the cause may be that the clone-related tests
are being executed instead of being skipped.
The output of 'uname -srv' is:
Linux 3.10.0-862.3.3.el7.x86_64 #1 SMP Fri Jun 15 04:15:27 UTC 2018
Files:
a) '/proc/self/ns/user' exists
b) '/proc/sys/kernel/unprivileged_userns_clone' does not exist.
On CentOS 7 I believe user namespaces are supported but disabled by
default. The output of 'cat /proc/sys/user/max_user_namespaces' is
'0'.
Perhaps the 'perform-container-tests?' logic should include an extra
check for the default, disabled case to ensure that the tests are
skipped.
Attached are the log files, except 'guix-pack.log' (~100MB) and
'pack.log' (~7MB).
Best regards,
Paul.
[containers.log (text/x-log, attachment)]
[guix-environment-container.log (text/x-log, attachment)]
[syscalls.log (text/x-log, attachment)]
Information forwarded
to
bug-guix <at> gnu.org
:
bug#31977
; Package
guix
.
(Tue, 01 Dec 2020 18:14:02 GMT)
Full text and
rfc822 format available.
Message #8 received at 31977 <at> debbugs.gnu.org (full text, mbox):
Hi Paul,
This old bug #31977 is about an issue on your CentOS 7 machine. Is it
still relevant?
<http://issues.guix.gnu.org/issue/31977>
On Tue, 26 Jun 2018 at 15:16, Paul Garlick <pgarlick <at> tourbillion-technology.com> wrote:
> Running 'make check' in the guix source tree on a CentOS 7 system
> results in 15 FAILS:
>
> tests/containers.log: 9 FAILS
> tests/syscalls.log: 3 FAILS
> tests/guix-environment-container.log: 1 FAIL
> tests/guix-pack.log: 1 FAIL
> tests/pack.log: 1 FAIL
>
> Referring to bug#24108, the cause may be that the clone-related tests
> are being executed instead of being skipped.
Note that bug#24108 had been closed couple of months ago:
--8<---------------cut here---------------start------------->8---
From: Ludovic Courtès <ludo <at> gnu.org>
Subject: control message for bug #24108
To: control <at> debbugs.gnu.org, 24108 <at> debbugs.gnu.org
Date: Thu, 09 Jul 2020 15:58:27 +0200 (20 weeks, 5 days, 4 hours ago)
tags 24108 notabug
close 24108
quit
--8<---------------cut here---------------end--------------->8---
> The output of 'uname -srv' is:
>
> Linux 3.10.0-862.3.3.el7.x86_64 #1 SMP Fri Jun 15 04:15:27 UTC 2018
>
> Files:
> a) '/proc/self/ns/user' exists
> b) '/proc/sys/kernel/unprivileged_userns_clone' does not exist.
>
> On CentOS 7 I believe user namespaces are supported but disabled by
> default. The output of 'cat /proc/sys/user/max_user_namespaces' is
> '0'.
>
> Perhaps the 'perform-container-tests?' logic should include an extra
> check for the default, disabled case to ensure that the tests are
> skipped.
>
> Attached are the log files, except 'guix-pack.log' (~100MB) and
> 'pack.log' (~7MB).
>
> Best regards,
>
> Paul.
Feel free to close it or report more information about the current
status.
Thanks,
simon
Information forwarded
to
bug-guix <at> gnu.org
:
bug#31977
; Package
guix
.
(Wed, 02 Dec 2020 18:09:01 GMT)
Full text and
rfc822 format available.
Message #11 received at 31977 <at> debbugs.gnu.org (full text, mbox):
Hi Simon,
On Tue, 2020-12-01 at 19:12 +0100, zimoun wrote:
> This old bug #31977 is about an issue on your CentOS 7 machine. Is
> it still relevant?
Yes, this bug still exists.
However, I have just tested a fix:
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -44,7 +44,7 @@
(let ((userns-file "/proc/sys/kernel/unprivileged_userns_clone"))
(if (file-exists? userns-file)
(eqv? #\1 (call-with-input-file userns-file read-char))
- #t)))
+ #f)))
(define (setgroups-supported?)
"Return #t if the setgroups proc file, introduced in Linux-libre
3.19,
This ensures that tests are skipped if user namespaces are not enabled
for unprivileged users.
Best regards,
Paul.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#31977
; Package
guix
.
(Thu, 03 Dec 2020 16:35:02 GMT)
Full text and
rfc822 format available.
Message #14 received at 31977 <at> debbugs.gnu.org (full text, mbox):
Hi Simon,
I have pushed the fix as 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e.
Best regards,
Paul.
bug closed, send any further explanations to
31977 <at> debbugs.gnu.org and Paul Garlick <pgarlick <at> tourbillion-technology.com>
Request was from
Paul Garlick <pgarlick <at> tourbillion-technology.com>
to
control <at> debbugs.gnu.org
.
(Thu, 03 Dec 2020 16:42:02 GMT)
Full text and
rfc822 format available.
Did not alter fixed versions and reopened.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org
.
(Mon, 07 Dec 2020 00:53:01 GMT)
Full text and
rfc822 format available.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#31977
; Package
guix
.
(Mon, 07 Dec 2020 01:04:02 GMT)
Full text and
rfc822 format available.
Message #21 received at 31977 <at> debbugs.gnu.org (full text, mbox):
Hi Paul,
On Thu, 03 Dec 2020 at 16:34, Paul Garlick <pgarlick <at> tourbillion-technology.com> wrote:
> I have pushed the fix as 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e.
Apparently people are complaining [1,2]. Well, I do not understand what it
breaks but Marius reverted the commit (see #45066) so I am reopening the
issue.
<http://issues.guix.gnu.org/issue/45066>
All the best,
simon
1: <https://yhetil.org/guix/e5c86d238ca5174b745b8ea6cb0cb6ad6b20aa5e.camel <at> yasuaki.com>
2:
<https://yhetil.org/guix/PSXP216MB02147543A84779F3F6A8509EA0CF0 <at> PSXP216MB0214.KORP216.PROD.OUTLOOK.COM>
Information forwarded
to
bug-guix <at> gnu.org
:
bug#31977
; Package
guix
.
(Sat, 19 Dec 2020 09:37:01 GMT)
Full text and
rfc822 format available.
Message #24 received at 31977 <at> debbugs.gnu.org (full text, mbox):
Hi Paul,
Since the fix 8bc5ca5160db3d82bd5b6b2b7ed80c96f42bd33e breaks
linux-libre kernel on Guix System, because of [1], quote:
Well, it is expected. And now all is clear. Explanations starting
there:
<http://logs.guix.gnu.org/guix/2020-12-07.log#211011>
Quickly said, the initial code was assuming Debian-like kernel patches
as Vagrant reported and this is not in the linux-libre source code with
a wrong Guix error message.
One bug is still there. :-)
1: <https://yhetil.org/guix/86zh2p4921.fsf <at> gmail.com>
If I understand well your message:
Files:
a) '/proc/self/ns/user' exists
b) '/proc/sys/kernel/unprivileged_userns_clone' does not exist.
from your initial report, it is the same problem as linux-libre:
somehow, the assumption of '/proc/sys/kernel/unprivileged_userns_clone'
is Debian-like and not shared.
So, it could be nice to have a good story for that. :-)
All the best,
simon
Information forwarded
to
bug-guix <at> gnu.org
:
bug#31977
; Package
guix
.
(Mon, 21 Dec 2020 15:30:01 GMT)
Full text and
rfc822 format available.
Message #27 received at 31977 <at> debbugs.gnu.org (full text, mbox):
Hi Simon,
> If I understand well your message:
>
> Files:
> a) '/proc/self/ns/user' exists
> b) '/proc/sys/kernel/unprivileged_userns_clone' does not exist.
Yes, this is the case on CentOS.
So testing for the existence of the unprivileged_userns_clone file is
an insufficent test for unprivileged user namespaces. We have learnt
that trying to create the file as a dummy file does not work, since the
/proc/sys/kernel directory is read-only even for root.
So the current 'unprivileged-user-namespace-supported?' function in
gnu/build/linux-container.scm really only works for Debian-derived
systems. Other systems, that co not create the
unprivileged_userns_clone file, differ in their default configurations.
CentOS, for example, disables the feature. However, Guix System
enables it.
It has been suggested that the feature itself should be tested, instead
of relying on the /proc filesystem. This could well be a better idea
and I gather from the thread that this idea is being worked on. I can
test on CentOS when a new patch is available.
Best regards,
Paul.
Information forwarded
to
bug-guix <at> gnu.org
:
bug#31977
; Package
guix
.
(Sat, 08 Oct 2022 15:17:04 GMT)
Full text and
rfc822 format available.
Message #30 received at 31977 <at> debbugs.gnu.org (full text, mbox):
Hi Paul,
It is about this old bug#31977 [1]. Well, I have lost the status about
this and since I am using Debian with unprivileged_userns_clone, I am
not annoyed enough. ;-)
1: <http://issues.guix.gnu.org/issue/31977>
On Mon, 21 Dec 2020 at 15:29, Paul Garlick <pgarlick <at> tourbillion-technology.com> wrote:
> It has been suggested that the feature itself should be tested, instead
> of relying on the /proc filesystem. This could well be a better idea
> and I gather from the thread that this idea is being worked on. I can
> test on CentOS when a new patch is available.
Is it still an issue for you?
Cheers,
simon
Information forwarded
to
bug-guix <at> gnu.org
:
bug#31977
; Package
guix
.
(Thu, 03 Nov 2022 10:05:01 GMT)
Full text and
rfc822 format available.
Message #33 received at 31977 <at> debbugs.gnu.org (full text, mbox):
Hi Paul,
On Sat, 08 Oct 2022 at 16:30, zimoun <zimon.toutoune <at> gmail.com> wrote:
> On Mon, 21 Dec 2020 at 15:29, Paul Garlick <pgarlick <at> tourbillion-technology.com> wrote:
> It is about this old bug#31977 [1]. Well, I have lost the status about
> this and since I am using Debian with unprivileged_userns_clone, I am
> not annoyed enough. ;-)
>
> 1: <http://issues.guix.gnu.org/issue/31977>
>
>
>
>> It has been suggested that the feature itself should be tested, instead
>> of relying on the /proc filesystem. This could well be a better idea
>> and I gather from the thread that this idea is being worked on. I can
>> test on CentOS when a new patch is available.
>
> Is it still an issue for you?
Friendly ping. :-)
Cheers,
simon
This bug report was last modified 1 year and 147 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.