Dylan Jeffers <sapient...@openmailbox.org> skribis:
> On Sat, 30 Jul 2016 15:07:25 +0200
> l...@gnu.org (Ludovic Courtès) wrote:
[...]
>> > test-name: clone
>> > location: /home/sapientech/Dev/guix/guix_wip/tests/syscalls.scm:109
>> > source:
>> > + (test-assert
>> > + "clone"
>> > + (match (clone (logior CLONE_NEWUSER SIGCHLD))
>> > + (0 (primitive-exit 42))
>> > + (pid (and (not (equal?
>> > + (readlink (user-namespace pid))
>> > + (readlink (user-namespace (getpid)))))
>> > + (match (waitpid pid)
>> > + ((_ . status) (= 42 (status:exit-val
>> > status)))))))) actual-value: #f
>> > actual-error:
>> > + (system-error
>> > + "clone"
>> > + "~d: ~A"
>> > + (268435473 "Operation not permitted")
>> > + (1))
>> > result: FAIL
>>
>> What does “uname -srv” report on this machine? It seems this kernel
>> does not support namespaces.
>>
>> Thanks,
>> Ludo’.
>
> Hi Ludo,
>
> Thanks for getting back so quick.
> Output of uname -srv: Linux 4.6.4-gnu-201607192040-1-grsec #1 SMP
> PREEMPT Wed Jul 20 15:37:34 UYT 2016
These tests are skipped when user namespaces are not supported, as per
this condition:
(define perform-container-tests?
(and (user-namespace-supported?)
(unprivileged-user-namespace-supported?)))
… which is true iff (1) /proc/self/ns/user exists, and (2)
/proc/sys/kernel/unprivileged_userns_clone does not exist, or it exists
and contains “1”.
Do these files exist on this system?
Maybe we should just ignore EPERM from (clone CLONE_NEWUSER) but it’s
annoying to annotate every single test that uses it.
>From a user viewpoint, this test failure simply mean that you cannot use
the ‘--container’ option ‘guix environment’ on your system.
Thanks,
Ludo’.
