#47106 Bubblewrap hates Guix containers 😞

Message #20 received at 47106@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47106) by debbugs.gnu.org; 13 Mar 2021 17:07:25 +0000
From debbugs-submit-bounces@debbugs.gnu.org Sat Mar 13 12:07:25 2021
Received: from localhost ([127.0.0.1]:60599 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lL7jY-0002aK-QB
	for submit@debbugs.gnu.org; Sat, 13 Mar 2021 12:07:25 -0500
Received: from imta-36.everyone.net ([216.200.145.36]:38396
 helo=imta-38.everyone.net)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <bokr@oz.net>) id 1lL7jW-0002aB-GU
 for 47106@debbugs.gnu.org; Sat, 13 Mar 2021 12:07:23 -0500
Received: from pps.filterd (omta002.sj2.proofpoint.com [127.0.0.1])
 by imta-38.everyone.net (8.16.0.43/8.16.0.43) with SMTP id 12DH2u6x023173;
 Sat, 13 Mar 2021 09:07:21 -0800
X-Eon-Originating-Account: ghZWNUNKa9UxsgdRue6yNm7cAUbYpj1vhKAcdIrq82A
X-Eon-Dm: m0116953.ppops.net
Received: by m0116953.mta.everyone.net (EON-AUTHRELAY2 - 5a81c7fd)
 id m0116953.603eb1da.e9dde; Sat, 13 Mar 2021 09:07:18 -0800
X-Eon-Sig: AQMHrIJgTPFGCoIIYQIAAAAD,7f400721e11077ea3c60ccac62cac415
X-Eip: ze_byNXqiGUsfe3aOGxYYkbOO4EJm3tfCLKmgNRDkos
Date: Sat, 13 Mar 2021 18:07:04 +0100
From: Bengt Richter <bokr@bokr.com>
To: Leo Prikler <leo.prikler@student.tugraz.at>
Subject: Re: bug#47106: Bubblewrap hates Guix containers 😞
Message-ID: <20210313170704.GA3712@LionPure>
References: <fbb3401a61ae78f092b33b7a36428f8520a7a6bd.camel@student.tugraz.at>
 <87r1kjpbvx.fsf@gnu.org>
 <2922127e61435e64f95d3d398ef6932a02336188.camel@student.tugraz.at>
 <20210313122718.GA11708@LionPure>
 <fa11fb1fb6dfb6e2c048d4fe8dec005e3b2b114a.camel@student.tugraz.at>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <fa11fb1fb6dfb6e2c048d4fe8dec005e3b2b114a.camel@student.tugraz.at>
User-Agent: Mutt/1.10.1 (2018-07-13)
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761
 definitions=2021-03-13_06:2021-03-12,
 2021-03-13 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0
 lowpriorityscore=0 adultscore=0
 malwarescore=0 clxscore=1034 bulkscore=0 mlxlogscore=999 suspectscore=0
 priorityscore=1501 spamscore=0 mlxscore=0 phishscore=0 impostorscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000
 definitions=main-2103130133
X-Spam-Score: 0.3 (/)
X-Debbugs-Envelope-To: 47106
Cc: 47106@debbugs.gnu.org, Ludovic Courtès <ludo@gnu.org>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Reply-To: Bengt Richter <bokr@bokr.com>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.7 (/)

Hi again,

On +2021-03-13 15:43:15 +0100, Leo Prikler wrote:
> Am Samstag, den 13.03.2021, 13:27 +0100 schrieb Bengt Richter:
> > Hi,
> > 
> > On +2021-03-13 12:07:51 +0100, Leo Prikler wrote:
> > > Hi!
> > > Am Samstag, den 13.03.2021, 11:48 +0100 schrieb Ludovic Courtès:
> > > > Hi!
> > > > 
> > > > Leo Prikler <leo.prikler@student.tugraz.at> skribis:
> > > > 
> > > > > both Epiphany and Eolie (post fixing #47097; will submit patch
> > > > > shortly)
> > > > > fail inside Guix containers with the suggested
> > > > > incantation.  After
> > > > > getting the environment to no longer complain about $DISPLAY by
> > > > > adding
> > > > > `--preserve="XAUTHORITY" --expose=$XAUTHORITY', it repeatedly
> > > > > outputsn
> > > > > lines like
> > > > > bwrap: Can't find source path /sys/class: No such file or
> > > > > directory
> > > > > before closing the process altogether.
> > > > 
> > > > What is ‘bwrap’ looking for?  /sys is mounted inside ‘guix
> > > > environment -C’,
> > > > but perhaps it needs something special?
> > > > 
> > > > I suggest running these things (or ‘bwrap’ directly) in ‘strace
> > > > -f -o
> > > > log’ inside the container to see.
> > > It seems to be 
> > > > openat(AT_FDCWD, "/sys/class/dmi/id/chassis_type", O_RDONLY) = -1
> > > > ENOENT (No such file or directory)
> > > > openat(AT_FDCWD, "/sys/firmware/acpi/pm_profile", O_RDONLY) = -1
> > > > ENOENT (No such file or directory)
> > > 
> > > I haven't repeated that for all warnings of similar kind, but if I
> > > add
> > > `--expose=/sys/block --expose=/sys/class --expose=/sys/bus --
> > > expose=/sys/dev --expose=/sys/devices` to the invocation, I instead
> > > get
> > > a warning, that the WebKitWebProcess can't open $DISPLAY.  I'm not
> > > sure
> > > how to resolve that one, given that I already had to sneak DISPLAY
> > > and
> > > XAUTHORITY into the container, but it's a start.
> > > 
> > > Regards,
> > > Leo
> > > 
> > Does $DISPLAY mean ":0" and does the Wayland server answer that with
> > its XWayland X-interface?
> In my setup $DISPLAY=:1, but obviously the exact value depends on other
> circumstances (i.e. if there's already an open session belonging to
> another user it'd be :2, :3, ...).  I'm not sure how X vs. Wayland
> plays out here, but I'm still using Gnome on X, so that should
> hopefully not be an issue here.
> 
> > I am wonderering how that is resolved inside a container.
> Well, for X you'd usually preserve DISPLAY and XAUTHORITY and also
> expose $XAUTHORITY or something along those lines.  Not sure how you
> Wayland folk do that.
>

I am not a Wayland developer, if that's what you mean by "Wayland folk" :)
But I have been experimenting with writing my own text and graphics widget,
poking 32-bit pixels into buffers for display by the Wayland compositor,
so I've learned a little :) I am using the linux kernel's sun12x22 bitmap
font to do text at a low level.

Idk much about containers yet, but I imagine using lowlevel stuff to
make images for a trivial web server running in a container could be interesting.

> Regards,
> Leo
> 

I am curious what the commands below would show inside your container.
"pidparents" [1] is a little script I find handy, which would have to be
accessible in your container of course. Idk how you put local bash scripts
in your container. I assume it's possible :)

I did these commands in a debian gnome terminal window, where pidparents[1]
showed (timetagged later, since I just went back to do that) this context:
--8<---------------cut here---------------start------------->8---
[17:29 ~/bs]$ pidparents
pidparents      pts/1     5800 S+   /usr/bin/bash /home/bokr/bin/pidparents
bash            pts/1     5711 Ss   /bin/bash
tilix           ?         2007 Sl   /usr/bin/tilix --gapplication-service
systemd         ?         1308 Ss   /lib/systemd/systemd --user
systemd         ?            1 Ss   /sbin/init splash
--8<---------------cut here---------------end--------------->8---

;;;; First I just look for processes with X11 or way in their names, 
;;;; then I use pidparents to see how they are started.

[17:18 ~/bs]$ ps af|egrep -i 'x11|way'
 5741 pts/1    S+     0:00  \_ grep -E -i x11|way
 1329 tty2     Ssl+   0:00 /usr/lib/gdm3/gdm-wayland-session /usr/bin/gnome-session
 1433 tty2     Sl+    0:13      |   \_ /usr/bin/Xwayland :0 -rootless -terminate -accessx -core -listen 4 -listen 5 -displayfd 6
 1468 tty2     Sl     0:00 /usr/lib/ibus/ibus-x11 --kill-daemon

[17:21 ~/bs]$ pidparents 1329
gdm-wayland-ses tty2      1329 Ssl+ /usr/lib/gdm3/gdm-wayland-session /usr/bin/gnome-session
gdm-session-wor ?         1304 Sl   gdm-session-worker [pam/gdm-password]
gdm3            ?          711 Ssl  /usr/sbin/gdm3
systemd         ?            1 Ss   /sbin/init splash

;;;; this one might be the most interesting in your container
;;;; can you SSH into it to do these things?
[17:22 ~/bs]$ pidparents 1433
Xwayland        tty2      1433 Sl+  /usr/bin/Xwayland :0 -rootless -terminate -accessx -core -listen 4 -listen 5 -displayfd 6
gnome-shell     tty2      1408 Rl+  /usr/bin/gnome-shell
gnome-session-b tty2      1333 Sl+  /usr/lib/gnome-session/gnome-session-binary
gdm-wayland-ses tty2      1329 Ssl+ /usr/lib/gdm3/gdm-wayland-session /usr/bin/gnome-session
gdm-session-wor ?         1304 Sl   gdm-session-worker [pam/gdm-password]
gdm3            ?          711 Ssl  /usr/sbin/gdm3
systemd         ?            1 Ss   /sbin/init splash

;;;; not really sure what this one does
[17:22 ~/bs]$ pidparents 1468
ibus-x11        tty2      1468 Sl   /usr/lib/ibus/ibus-x11 --kill-daemon
systemd         ?            1 Ss   /sbin/init splash

;;;; [1] here is pidparents -- pretty short, so you could manually
;;;; enter it if necessary :)

[17:22 ~/bs]$ cat $(which pidparents)|gxsnip 
--8<---------------cut here---------------start------------->8---
#!/usr/bin/bash
# ~/bin/pidparents

pid=${1:-$$}	#this process if no pid specified as $1

while [ $(($pid)) -gt 0 ]; do    
      ps h -p $pid -o comm,tt,pid,stat,args
      pid=$(ps -q $pid -o ppid=)
done

--8<---------------cut here---------------end--------------->8---
[17:24 ~/bs]$ 

Hopefully this would reveal a little more about what $DISPLAY means in your container.

WDYT?

-- 
Regards,
Bengt Richter

Send a report that this bug log contains spam.