|
From: | Drew C |
Subject: | Re: [PATCH] environment: container: Do not remount network files as read-only. |
Date: | Sat, 26 Mar 2016 09:29:50 -0700 |
On Fri, Mar 18, 2016 at 4:51 PM, Ludovic Courtès <address@hidden> wrote:
> "Thompson, David" <address@hidden> skribis:
>
>> I noticed that 'guix environment --container --network' didn't work on
>> an Ubuntu machine I was on, and the culprit was remounting things like
>> /etc/resolv.conf read-only after the initial bind mount.
>
> [...]
>
>> (file-system-mapping
>> (source file)
>> (target file)
>> - (writable? #f))))
>> + ;; An unpriviliged user might not
>> + ;; be able to remount
>> + ;; /etc/resolv.conf as read-only,
>> + ;; so we say that it is writable
>> + ;; here, even though in practice
>> + ;; it is not.
>> + (writable? #t))))
>> %network-configuration-files)
>
> Not sure I understand: why would bind-mounting /etc/resolv.conf
> read-only fail?
I haven't figured out the exact reason yet, but here's a strace
snippet as proof:
[pid 11334] mount("/etc/resolv.conf",
"/tmp/guix-directory.Rc4nc6//etc/resolv.conf", 0x23da000,
MS_RDONLY|MS_BIND, NULL) = 0
[pid 11334] mount("/etc/resolv.conf",
"/tmp/guix-directory.Rc4nc6//etc/resolv.conf", 0x23e4080,
MS_RDONLY|MS_REMOUNT|MS_BIND, NULL) = -1 EPERM (Operation not
permitted)
Another Ubuntu user was able to reproduce this as well. I find it
kind of silly to mount these files read-only because an unprivileged
user couldn't write to them anyway. WDYT?
- Dave
[Prev in Thread] | Current Thread | [Next in Thread] |