GNU bug report logs

#64014 'guix pack -R' breaks bubblewrap

PackageSource(s)Maintainer(s)
guix PTS Buildd Popcon
Reply or subscribe to this bug. View this bug as an mbox, status mbox, or maintainer mbox

Report forwarded to bug-guix@gnu.org:
bug#64014; Package guix. (Mon, 12 Jun 2023 13:00:02 GMT) (full text, mbox, link).

Acknowledgement sent to André A. Gomes <andremegafone@gmail.com>:
New bug report received and forwarded. Copy sent to bug-guix@gnu.org. (Mon, 12 Jun 2023 13:00:02 GMT) (full text, mbox, link).

Message #5 received at submit@debbugs.gnu.org (full text, mbox, reply):

From: André A. Gomes <andremegafone@gmail.com>
To: bug-guix@gnu.org
Subject: guix pack regression
Date: Mon, 12 Jun 2023 15:59:25 +0300
Hello Guix,

I've produced a guix pack with the same command that I've always used
(which includes passing the -RR flag), but I now get the following
message:

--8<---------------cut here---------------start------------->8---
bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.
--8<---------------cut here---------------end--------------->8---

Any ideas?  Thanks.


Guix version:

--8<---------------cut here---------------start------------->8---
  guix f36b8a9
    repository URL: https://git.savannah.gnu.org/git/guix.git
    branch: master
    commit: f36b8a9763087d2b9d3705595fbc34b054297ab8
--8<---------------cut here---------------end--------------->8---

-- 
André A. Gomes
"You cannot even find the ruins..."

Information forwarded to bug-guix@gnu.org:
bug#64014; Package guix. (Thu, 15 Jun 2023 16:00:02 GMT) (full text, mbox, link).

Message #8 received at 64014@debbugs.gnu.org (full text, mbox, reply):

From: Ludovic Courtès <ludo@gnu.org>
To: André A. Gomes <andremegafone@gmail.com>
Cc: 64014@debbugs.gnu.org
Subject: Re: bug#64014: guix pack regression
Date: Thu, 15 Jun 2023 17:57:19 +0200
Hi,

André A. Gomes <andremegafone@gmail.com> skribis:

> I've produced a guix pack with the same command that I've always used
> (which includes passing the -RR flag), but I now get the following
> message:
>
> bwrap: No permissions to creating new namespace, likely because the kernel does not allow non-privileged user namespaces. On e.g. debian this can be enabled with 'sysctl kernel.unprivileged_userns_clone=1'.

This message is apparently from bubblewrap, not from Guix.

I suppose you might get this is you do ‘guix pack -R bubblewrap’ and
then try to run ‘bwrap’ from that pack: the ‘bwrap’ executable already
runs in a separate user namespace and might be unable to create one (?).

HTH,
Ludo’.

Information forwarded to bug-guix@gnu.org:
bug#64014; Package guix. (Thu, 15 Jun 2023 16:12:02 GMT) (full text, mbox, link).

Message #11 received at 64014@debbugs.gnu.org (full text, mbox, reply):

From: André A. Gomes <andremegafone@gmail.com>
To: Ludovic Courtès <ludo@gnu.org>
Cc: 64014@debbugs.gnu.org
Subject: Re: bug#64014: guix pack regression
Date: Thu, 15 Jun 2023 19:10:55 +0300
Ludovic Courtès <ludo@gnu.org> writes:

> I suppose you might get this is you do ‘guix pack -R bubblewrap’ and
> then try to run ‘bwrap’ from that pack: the ‘bwrap’ executable already
> runs in a separate user namespace and might be unable to create one (?).

Hi Ludovic,

Thanks for the answer.  You've helped me to figure it out.  The guix
pack I've created has webkitgtk in it, which in turn uses bubblewrap.

However, I didn't have this issue in the past.  It could be that
webkitgtk changed something in their logic perhaps.  I'd have to look
deeper.

Another strategy would be to try to reproduce your recipe in an older
Guix version to see what happens (guix pack -R bubblewrap followed by
bwrap).


-- 
André A. Gomes
"You cannot even find the ruins..."

Information forwarded to bug-guix@gnu.org:
bug#64014; Package guix. (Sat, 17 Jun 2023 14:09:01 GMT) (full text, mbox, link).

Message #14 received at 64014@debbugs.gnu.org (full text, mbox, reply):

From: Ludovic Courtès <ludo@gnu.org>
To: André A. Gomes <andremegafone@gmail.com>
Cc: 64014@debbugs.gnu.org
Subject: Re: bug#64014: guix pack regression
Date: Sat, 17 Jun 2023 16:08:24 +0200
Hi,

André A. Gomes <andremegafone@gmail.com> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:
>
>> I suppose you might get this is you do ‘guix pack -R bubblewrap’ and
>> then try to run ‘bwrap’ from that pack: the ‘bwrap’ executable already
>> runs in a separate user namespace and might be unable to create one (?).

[...]

> Another strategy would be to try to reproduce your recipe in an older
> Guix version to see what happens (guix pack -R bubblewrap followed by
> bwrap).

Yes, that’d be great.  If you still have that older pack that didn’t
have the problem, you could also run it under ‘strace -f -o
/tmp/log.strace’ to see what happens before the failure.

Thanks,
Ludo’.

Added tag(s) moreinfo. Request was from Ludovic Courtès <ludo@gnu.org> to control@debbugs.gnu.org. (Sat, 17 Jun 2023 14:09:02 GMT) (full text, mbox, link).

Changed bug title to ''guix pack -R' breaks bubblewrap' from 'guix pack regression ' Request was from Ludovic Courtès <ludo@gnu.org> to control@debbugs.gnu.org. (Sat, 17 Jun 2023 14:10:01 GMT) (full text, mbox, link).

Information forwarded to bug-guix@gnu.org:
bug#64014; Package guix. (Fri, 30 Jun 2023 14:57:02 GMT) (full text, mbox, link).

Message #21 received at 64014@debbugs.gnu.org (full text, mbox, reply):

From: André A. Gomes <andremegafone@gmail.com>
To: Ludovic Courtès <ludo@gnu.org>
Cc: 64014@debbugs.gnu.org
Subject: Re: bug#64014: guix pack regression
Date: Fri, 30 Jun 2023 17:56:18 +0300
Ludovic Courtès <ludo@gnu.org> writes:

> Yes, that’d be great.  If you still have that older pack that didn’t
> have the problem, you could also run it under ‘strace -f -o
> /tmp/log.strace’ to see what happens before the failure.

Ludovic, I didn't reach any meaningful conclusion.  Please close this
issue.  Thanks.


-- 
André A. Gomes
"You cannot even find the ruins..."

Reply sent to Ludovic Courtès <ludo@gnu.org>:
You have taken responsibility. (Mon, 10 Jul 2023 21:31:01 GMT) (full text, mbox, link).

Notification sent to André A. Gomes <andremegafone@gmail.com>:
bug acknowledged by developer. (Mon, 10 Jul 2023 21:31:02 GMT) (full text, mbox, link).

Message #26 received at 64014-done@debbugs.gnu.org (full text, mbox, reply):

From: Ludovic Courtès <ludo@gnu.org>
To: André A. Gomes <andremegafone@gmail.com>
Cc: 64014-done@debbugs.gnu.org
Subject: Re: bug#64014: guix pack regression
Date: Mon, 10 Jul 2023 23:30:07 +0200
André A. Gomes <andremegafone@gmail.com> skribis:

> Ludovic Courtès <ludo@gnu.org> writes:
>
>> Yes, that’d be great.  If you still have that older pack that didn’t
>> have the problem, you could also run it under ‘strace -f -o
>> /tmp/log.strace’ to see what happens before the failure.
>
> Ludovic, I didn't reach any meaningful conclusion.  Please close this
> issue.  Thanks.

Done!

bug archived. Request was from Debbugs Internal Request <help-debbugs@gnu.org> to internal_control@debbugs.gnu.org. (Tue, 08 Aug 2023 11:24:05 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

debbugs.gnu.org maintainers <help-debbugs@gnu.org>. Last modified: Fri Oct 25 19:22:46 2024; Machine Name: wallace-server

GNU bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.