-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
cannot use nix --store
runtime which is selected by default
#98
Comments
Thanks for the detailed report. I'm not sure at the moment why the nix local store doesn't work but bubblewrap does. Anyways, v012 should fix the issue with nix-portable not falling back to bwrap automatically. Can you confirm that it works now? |
Still no luck 😿 same error I updated nix-portable, nuked ~/.nix-portable and tried:
Removing last_auto_runtime for a completer log
|
Worth noting in np_debug_v012.log:
I am not sure why the second call to unshare is failed. I am not familiar with unshare-y things.
This command can success. I am not sure if this helps.
|
Which version of which distro are you running? Maybe I can add a test for it to the CI pipeline. |
Arch Linux. Up-to-dated (with an old kernel for ZFS). However, this is a little embarrassing to say... Actually, I am new to nix. Due to my oversatisfaction to bundling applications with nix-portable as single executable, I just installed Nix (multiple users install)! With the real $ uname -a
Linux mipha 6.7.8-arch1-1 #1 SMP PREEMPT_DYNAMIC Sun, 03 Mar 2024 00:30:36 +0000 x86_64 GNU/Linux
$ sudo zfs unmount rpool/nix
$ mount | grep /nix
$ ls -alh /nix
total 10K
drwxr-xr-x 2 root root 2 Apr 16 02:10 .
drwxr-xr-x 18 root root 24 Apr 16 02:10 ..
$ NP_RUNTIME=nix NP_DEBUG=2 strace ./nix-portable-x86_64 nix run nixpkgs#hello 2>&1 | egrep unshare\|error:\|Hello
unshare(CLONE_NEWNS|CLONE_NEWUSER) = 0
unshare(CLONE_NEWNS|CLONE_NEWUSER) = -1 EPERM (Operation not permitted)
unshare(CLONE_NEWNS) = -1 EPERM (Operation not permitted)
write(2, "error: setting up a private moun"..., 69error: setting up a private mount namespace: Operation not permitted
$ sudo zfs mount rpool/nix
$ mount | grep /nix
rpool/nix on /nix type zfs (rw,relatime,xattr,posixacl,casesensitive)
$ ls -alh /nix
total 1.1M
drwxr-xr-x 4 root root 4 Apr 16 02:11 .
drwxr-xr-x 18 root root 24 Apr 16 02:10 ..
drwxrwxr-t 461 root nixbld 4.2K Apr 16 02:27 store
drwxr-xr-x 4 root root 4 Apr 16 02:14 var
$ NP_RUNTIME=nix NP_DEBUG=2 strace ./nix-portable-x86_64 nix run nixpkgs#hello 2>&1 | egrep unshare\|error:\|Hello
unshare(CLONE_NEWNS|CLONE_NEWUSER) = 0
unshare(CLONE_NEWNS|CLONE_NEWUSER) = 0
write(1, "Hello, world!\n", 14Hello, world! |
Reproducible with ArchLinux Netboot Release 2024.04.01. Here's the rough session transcript: # uname -a
Linux archiso 6.8.2-arch2-1 #1 SMP PREEMPT_DYNAMIC Thu, 28 Mar 2024 17:06:35 +0000 x86_64 GNU/Linux
# mount -o remount,size=50% /run/archiso/cowspace
# pacman -Sy wget strace
# useradd user
# mkdir /home/user
# chown -R user:user /home/user
# sudo -uuser -Hs
$ wget https://github.com/DavHau/nix-portable/releases/download/v012/nix-portable-x86_64
$ chmod +x nix-portable-x86_64
$ ./nix-portable-x86_64 nix run nixpkgs\#hello # let it download and fail
$ NP_RUNTIME=nix NP_DEBUG=2 strace ./nix-portable-x86_64 nix run nixpkgs\#hello 2>&1 | grep -E unshare\|error:\|Hello
unshare(CLONE_NEWNS|CLONE_NEWUSER) = 0
unshare(CLONE_NEWNS|CLONE_NEWUSER) = -1 EPERM (Operation not permitted)
unshare(CLONE_NEWNS) = -1 EPERM (Operation not permitted)
write(2, "error: setting up a private moun"..., 69error: setting up a private mount namespace: Operation not permitted
$ NP_RUNTIME=bwrap ./nix-portable-x86_64 nix run nixpkgs\#hello
Hello, world! |
Maybe you should try adding test for Producible on Debian GNU/Linux 11 (bullseye)orzfly@media-sorter:~$ NP_RUNTIME=bwrap ./nix-portable nix-shell -p hello --run hello
Hello, world!
orzfly@media-sorter:~$ NP_RUNTIME=bwrap ./nix-portable nix run nixpkgs#hello
Hello, world!
orzfly@media-sorter:~$ NP_RUNTIME=nix ./nix-portable nix-shell -p hello --run hello
Hello, world!
orzfly@media-sorter:~$ NP_RUNTIME=nix ./nix-portable nix run nixpkgs#hello
error: setting up a private mount namespace: Operation not permitted
orzfly@media-sorter:~$ uname -a
Linux media-sorter 6.1.0-10-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.37-1 (2023-07-03) x86_64 GNU/Linux
orzfly@media-sorter:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Debian
Description: Debian GNU/Linux 11 (bullseye)
Release: 11
Codename: bullseye
|
Reproducible on Debian GNU/Linux 12 (bookworm) as well, using v012.
|
Considering NixOS/nix#6853 is present and probably will be around for some time as well. Maybe we should just switch to bwrap runtime as default in |
Using nix-portable v011
By the way, bwrap runs fine.
Diagnostics
np_debug.log
strace.log
The text was updated successfully, but these errors were encountered: