From patchwork Tue Jan 14 17:03:47 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
X-Patchwork-Id: 37059
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org>
X-Original-To: patchwork@mira.cbaines.net
Delivered-To: patchwork@mira.cbaines.net
Received: by mira.cbaines.net (Postfix, from userid 113)
	id DBFE327BBE9; Tue, 14 Jan 2025 17:05:26 +0000 (GMT)
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net
X-Spam-Level: 
X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,
	RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,
	SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no
	version=3.4.6
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	by mira.cbaines.net (Postfix) with ESMTPS id 01A9127BBE2
	for <patchwork@mira.cbaines.net>; Tue, 14 Jan 2025 17:05:25 +0000 (GMT)
Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-patches-bounces@gnu.org>)
	id 1tXkLi-0008I0-8k; Tue, 14 Jan 2025 12:05:06 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tXkLg-0008Fu-GC
 for guix-patches@gnu.org; Tue, 14 Jan 2025 12:05:04 -0500
Received: from debbugs.gnu.org ([2001:470:142:5::43])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1tXkLg-0003AO-5u
 for guix-patches@gnu.org; Tue, 14 Jan 2025 12:05:04 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=debbugs.gnu.org; s=debbugs-gnu-org;
 h=MIME-Version:Date:From:To:Subject;
 bh=Ne9EHrUpLBrhvfuoV6i9tzEyAVgYi2Kb9rGYJcvkOMY=;
 b=FuArfp0gt+v4J/FpJ4FJ3UBlT4fHhStr95ryWr/t19zH/T8AxEWrfP/qLe+eshlolc/HGm++pgRUKQJbtpRzo6oYGFtaR6klhqbcAPV2s6hJmEb3vdbyuFlXyqyqKghgpCB5JythD3aWZJpe5okevUOC+Eor9JGqpEz67Xrvm+CmNo5o0OdHCvr0smOATAffUPx+6c1JqJ0qLu26ICgO7sEye8NUUA8eCYRnG1CVw8ztXzAQ+H8DoUmVnLMc8PWcsSMvO0Zwm3MKptmRFTul6MAzzeVWpnS6rA7V27jI3LzKBNrAIK3NyuA7xY7Eg6hz1xx/g/0z/1FPqvouHU/e0g==;
Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tXkLf-0003Bv-Lo
 for guix-patches@gnu.org; Tue, 14 Jan 2025 12:05:03 -0500
X-Loop: help-debbugs@gnu.org
Subject: [bug#75560] [PATCH] linux-container: Ignore EPERM when attempting to
 mount /sys.
Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: guix-patches@gnu.org
Resent-Date: Tue, 14 Jan 2025 17:05:03 +0000
Resent-Message-ID: <handler.75560.B.173687425212142@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: report 75560
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 75560@debbugs.gnu.org
Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
X-Debbugs-Original-To: guix-patches@gnu.org
Received: via spool by submit@debbugs.gnu.org id=B.173687425212142
 (code B ref -1); Tue, 14 Jan 2025 17:05:03 +0000
Received: (at submit) by debbugs.gnu.org; 14 Jan 2025 17:04:12 +0000
Received: from localhost ([127.0.0.1]:55497 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1tXkKq-00039m-4w
 for submit@debbugs.gnu.org; Tue, 14 Jan 2025 12:04:12 -0500
Received: from lists.gnu.org ([2001:470:142::17]:33590)
 by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.84_2) (envelope-from <ludo@gnu.org>) id 1tXkKo-00039L-30
 for submit@debbugs.gnu.org; Tue, 14 Jan 2025 12:04:11 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1tXkKg-0006Ux-Q5
 for guix-patches@gnu.org; Tue, 14 Jan 2025 12:04:02 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ludo@gnu.org>)
 id 1tXkKd-0002qI-Tq; Tue, 14 Jan 2025 12:04:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
 s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
 references; bh=Ne9EHrUpLBrhvfuoV6i9tzEyAVgYi2Kb9rGYJcvkOMY=; b=sEPv9Zm9cYc/qO
 ojxhMsYl0Vnz8swM4RfUL7DVrrLsTHxtFy+hyKr3wOTSh/2xeeY74iiOYGtIg5+WuBKPBm79A7/lj
 BVlYpFjw7HS7log7jY2t/YpEQS0dqOvYxw+anlzdvH/5Iu6vt838Oy5WK4+rKnzMg25uEHEUMGW3G
 DBu08uN56uTUj03vwPvjnf91j59aalDx9pphHu50pyCyeDOkFcIzn879yXfSaZVJCH1zWnOW/aOn4
 1Z0TfNYrBdPLDOKVHmGWC4Q+12IGgRsBD+pWQXj+lrqRGFFgXCFD6k3jtqpYCCx730aOLldmQSE1m
 LqR2/w/Sv5K0o0bQa0MQ==;
From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>
Date: Tue, 14 Jan 2025 18:03:47 +0100
Message-ID: 
 <4cd56cb818ac45cc8d169aa460cc2b5e4801fddc.1736874209.git.ludo@gnu.org>
X-Mailer: git-send-email 2.47.1
MIME-Version: 1.0
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-BeenThere: guix-patches@gnu.org
List-Id: <guix-patches.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-patches>
List-Post: <mailto:guix-patches@gnu.org>
List-Help: <mailto:guix-patches-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>,
 <mailto:guix-patches-request@gnu.org?subject=subscribe>
Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org
X-getmail-retrieved-from-mailbox: Patches

Fixes <https://issues.guix.gnu.org/61690>.

Until now, this would work:

  guix shell --no-cwd -CWP  -- guix shell -C coreutils -- ls -R /home

… but this would not:

  $ guix shell --no-cwd -CWPN  -- guix shell -C coreutils -- ls -R /home
  guix shell: error: mount: mount "none" on "/tmp/guix-directory.Wnc2OI/sys": Operation not permitted

This is annoying and hardly understandable.  Since we already disable
/sys mounts when sharing the global network namespace is asked (as in
‘guix shell -CN‘), for the very same reason, we can just as well disable
/sys mounts anytime it fails with EPERM.

* gnu/build/linux-container.scm (mount-file-systems): Silently ignore
EPERM when attempting to mount /sys.

Change-Id: If85b1d703ab58a98ea9873f4f8fed71a06b7aa63
---
 gnu/build/linux-container.scm | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)


base-commit: d804997897d2a531e0e3186e64df798a7e2e0d1a

diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index dee6885400..5c303da8c8 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -109,8 +109,14 @@ (define* (mount-file-systems root mounts #:key mount-/sys? mount-/proc?)
   ;; A sysfs mount requires the user to have the CAP_SYS_ADMIN capability in
   ;; the current network namespace.
   (when mount-/sys?
-    (mount* "none" (scope "/sys") "sysfs"
-            (logior MS_NOEXEC MS_NOSUID MS_NODEV MS_RDONLY)))
+    (catch 'system-error
+      (lambda ()
+        (mount* "none" (scope "/sys") "sysfs"
+                (logior MS_NOEXEC MS_NOSUID MS_NODEV MS_RDONLY)))
+      (lambda args
+        ;; EPERM means that CAP_SYS_ADMIN is missing.  Ignore.
+        (unless (= EPERM (system-error-errno args))
+          (apply throw args)))))
 
   (mount* "none" (scope "/dev") "tmpfs"
           (logior MS_NOEXEC MS_STRICTATIME)