GNU bug report logs

#47106 Bubblewrap hates Guix containers 😞

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Full log

Message #35 received at 47106@debbugs.gnu.org (full text, mbox, reply):

Received: (at 47106) by debbugs.gnu.org; 14 Mar 2021 20:44:04 +0000
From debbugs-submit-bounces@debbugs.gnu.org Sun Mar 14 16:44:04 2021
Received: from localhost ([127.0.0.1]:34289 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1lLXam-0001hH-DA
	for submit@debbugs.gnu.org; Sun, 14 Mar 2021 16:44:04 -0400
Received: from mailrelay.tugraz.at ([129.27.2.202]:24962)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <leo.prikler@student.tugraz.at>) id 1lLXak-0001gi-9l
 for 47106@debbugs.gnu.org; Sun, 14 Mar 2021 16:44:03 -0400
Received: from nijino.local (217-149-164-20.nat.highway.telekom.at
 [217.149.164.20])
 by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4DzBNZ6J3fz3xm8;
 Sun, 14 Mar 2021 21:43:58 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at;
 s=mailrelay; t=1615754639;
 bh=gT5Fr9o0EmxTYR0v3N9bfvjnpU39C3GqoiPRU0nX6Ho=;
 h=Subject:From:To:Cc:Date:In-Reply-To:References;
 b=DzaMRcBUjEEWJ01FuDG6ojuVGAfXTm8YPsK+ZH1EvoHDjgDhPEDDnjsLooc1K6KnP
 vZYKjcipoCMfRQqybVEOn7uEO9oyOkjKDTo87ulNqvlUOMxkqcQTletkv+/SrhV01W
 nxkkCoeUoEXSJ+RruoQLbKetvnlumoAEzITR7VT0=
Message-ID: <6c6b39f495962ec906255cac212b66962d549eab.camel@student.tugraz.at>
Subject: Re: bug#47106: Bubblewrap hates Guix containers
 😞
From: Leo Prikler <leo.prikler@student.tugraz.at>
To: Ludovic Courtès <ludo@gnu.org>
Date: Sun, 14 Mar 2021 21:43:57 +0100
In-Reply-To: <87sg4xlbn0.fsf@gnu.org>
References: <fbb3401a61ae78f092b33b7a36428f8520a7a6bd.camel@student.tugraz.at>
 <87r1kjpbvx.fsf@gnu.org>
 <2922127e61435e64f95d3d398ef6932a02336188.camel@student.tugraz.at>
 <20210313122718.GA11708@LionPure>
 <fa11fb1fb6dfb6e2c048d4fe8dec005e3b2b114a.camel@student.tugraz.at>
 <20210313170704.GA3712@LionPure>
 <a4efcc5c7928de5d89596500803dee510d85b7c0.camel@student.tugraz.at>
 <20210314174539.GA10548@LionPure>
 <d0638eba7e63c71edd4267c1675e0ea7f5b7b4ae.camel@student.tugraz.at>
 <87sg4xlbn0.fsf@gnu.org>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.34.2 
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-TUG-Backscatter-control: bt4lQm5Tva3SBgCuw0EnZw
X-Spam-Scanner: SpamAssassin 3.003001 
X-Spam-Score-relay: -1.9
X-Scanned-By: MIMEDefang 2.74 on 129.27.10.116
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 47106
Cc: 47106@debbugs.gnu.org, Bengt Richter <bokr@bokr.com>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -3.3 (---)

Am Sonntag, den 14.03.2021, 21:32 +0100 schrieb Ludovic Courtès:
> Hi Leo,
> 
> Leo Prikler <leo.prikler@student.tugraz.at> skribis:
> 
> > Nah, it's a rather ad-hoc definition grown from what should be an
> > Eolie
> > container from the cookbook (also refer to #47097).
> > 
> >     guix environment --preserve='^DISPLAY$' --preserve=XAUTHORITY \
> >      --preserve=TERM \
> >      --expose=$XAUTHORITY \
> >      --expose=/etc/machine-id \
> >      --expose=/etc/ssl/certs/ \
> >      --expose=/sys/block --expose=/sys/class --expose=/sys/bus \
> >      --expose=/sys/dev --expose=/sys/devices \
> >      --ad-hoc epiphany nss-certs dbus procps coreutils psmisc
> > screen
> 
> I’m not sure I follow; does it work when you do this?
It does work insofar as I don't get any warnings about resources
missing from /sys, but the bubblewrapped WebKit processes don't have
access to $DISPLAY even though epiphany itself has.  While they don't
crash the browser itself and just infinitely respawn, that's still far
from usable.

> /sys is already mounted inside ‘guix environment -C’ containers so I
> don’t see what difference it would make.
I think I've been told this several times, but I don't believe it.  Not
adding all these expose=/sys lines triggers the "warnings" in the
original post.  (Okay, perhaps one of /sys/dev and /sys/devices is
superfluous, I would need to check.)

> But wait, the example above lacks ‘-C’; a mistake?
Indeed, -CN should also be given, but I hastily edited the command line
inside the email to make it appear more beautiful than it actually is,
thereby deleting it.  I'm sorry.  The preserves and exposes should be
the same list as I'm actually using however.

Regards,
Leo

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Sun Dec 22 08:55:39 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.