bug#44261: closed (running a daemon with userns in relocateble pack breaks)

[GNU bug Tracking System]

Your message dated Sat, 31 Oct 2020 23:19:49 +0100
with message-id <87blgirqbe.fsf@gnu.org>
and subject line Re: bug#44261: running a daemon with userns in relocateble 
pack breaks
has caused the debbugs.gnu.org bug report #44261,
regarding running a daemon with userns in relocateble pack breaks
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs@gnu.org.)


-- 
44261: http://debbugs.gnu.org/cgi/bugreport.cgi?bug=44261
GNU Bug Tracking System
Contact help-debbugs@gnu.org with problems

--- Begin Message --- Subject: running a daemon with userns in relocateble pack breaks Date: Tue, 27 Oct 2020 20:49:19 +0100 User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)

Hi!

As mentioned on IRC, running a daemon from a guix relocatable pack on a
foreign distro using the user namespace feature is troublesome: it looks
as if the daemon "loses" (its view of) the file-system once the parent
process that creates the daemon exits.

I'm attatching a package description for a test package "vork".  It
builds a program "test" that forks the program "daemon".

The daemon program reads a character from /dev/urandom, prints it,
and sleeps for a second; 10 times.

The "test" parent program exits after 5 seconds.  When the parent
program exits, the daemon crashes.

To reproduce, put "vork.scm" in a fresh directory and do something like:

--8<---------------cut here---------------start------------->8---
fakeroot tar xf $(GUIX_PACKAGE_PATH=. guix pack --relocatable\
  --symlink=/gnu/bin=bin guile shepherd vork --no-offload)
guix gc -D $(guix build -f vork.scm)
touch /tmp/daemon.log
tail -f /tmp/daemon.log &
GUILE_LOAD_COMPILED_PATH=$PWD/$(ls -1d gnu/store/*profile)/lib/guile/3.0/ccache\
:$PWD/$(ls -1d gnu/store/*profile)/lib/guile/3.0/site-ccache gnu/bin/test
--8<---------------cut here---------------end--------------->8---

this gives something like

--8<---------------cut here---------------start------------->8---
.daemon-start
daemon: 10 ?
.daemon: 9 ?
.daemon: 8 T
.daemon: 7 ^O
.daemon: 6 O

exit
20:42:38 janneke@dundal:~/src/guix/master/vork [env]
$ 20:42:38 janneke@dundal:~/src/guix/master/vork [env]
$ Backtrace:
Exception thrown while printing backtrace:
In procedure public-lookup: Module named (system repl debug) does not exist
--8<---------------cut here---------------end--------------->8---

Greetings,
Janneke

vork.scm
Description: Binary data

-- 
Jan Nieuwenhuizen <janneke@gnu.org> | GNU LilyPond http://lilypond.org
Freelance IT http://JoyofSource.com | Avatar® http://AvatarAcademy.com

--- End Message ---

> --- Begin Message ---
>
>
>
> Subject: 
>
> Re: bug#44261: running a daemon with userns in relocateble pack breaks
>
>
>
>
> Date: 
>
> Sat, 31 Oct 2020 23:19:49 +0100
>
>
>
>
> User-agent: 
>
> Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
>
>
>
>
> Hi,
>
> Jan Nieuwenhuizen <janneke@gnu.org> skribis:
>
> > Ludovic Courtès writes:
>
> [...]
>
> >> The attached patch adds a test loosely based on yours and a fix for
> >> that.  The fix (for the “userns” engine) is to make NEW_ROOT a tmpfs,
> >> such that upon completion, all we need to do is to unmount it and remove
> >> it; it lives on as the root file system of child processes.
> >>
> >> In the “fakechroot” case, we have to leave NEW_ROOT behind, which is not
> >> great but acceptable (it’s user-owned, #o700, and it’s under /tmp).  The
> >> test only checks the “userns” engine.
> >
> > Yes, I think this is acceptable.
> >
> >> If you confirm that it works for you and looks reasonable, we can apply
> >> it.
> >
> > Yes, this works.  The test and also my reproducer now work fine.
>
> Thanks for checking, I pushed the fix as
> bfe82fe2f6e9f34c0774fe2114cdc7e937ba8bd2.
>
> Ludo’.
>
>
> --- End Message ---