bug#46292: ‘guix environment -C’ fails with Linux 4.19 (Debian)

Mon, 22 Feb 2021 02:58:08 -0800 

On 22/02/21 at 10:46 +0100, Ludovic Courtès wrote:
> Hi Lucas,
> 
> Lucas Nussbaum <lucas.nussb...@inria.fr> skribis:
> 
> > On 18/02/21 at 12:38 +0100, Ludovic Courtès wrote:
> 
> [...]
> 
> >> I tried grabbing mount options from there and reapplying them to the
> >> MS_REMOUNT call (patch below).  However, that still doesn’t work:
> >> 
> >> --8<---------------cut here---------------start------------->8---
> >> 14273 
> >> mount("/gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16", 
> >> "/tmp/guix-directory.Plgkgt//gnu/store/mmhimfwmmidf09jw1plw3aw1g1zn2nkh-bash-static-5.0.16",
> >>  0x236a4b0, MS_RDONLY|MS_REMOUNT|MS_BIND, "rw,nosuid,nodev,relatime") = -1 
> >> EPERM (Operation not permitted)
> >> --8<---------------cut here---------------end--------------->8---
> >
> > That's strange: it worked in my manual tests.
> 
> I investigated some more and can’t get it to work.  Do you happen to
> have a working invocation or C snippet?

Here is an example:

root@grisou-48:/tmp# mkdir t m

without nosuid:

root@grisou-48:/tmp# unshare -mrf
mesg: cannot open /dev/pts/0: Permission denied
root@grisou-48:/tmp# mount --bind t m
root@grisou-48:/tmp# mount --bind -r -o remount ./t ./m
root@grisou-48:/tmp# logout

now remount with nosuid:

root@grisou-48:/tmp# mount -o remount,nosuid /tmp
root@grisou-48:/tmp# mount |grep /tmp
/dev/sda5 on /tmp type ext4 (rw,nosuid,relatime)

and try again:

root@grisou-48:/tmp# unshare -mrf
mesg: cannot open /dev/pts/0: Permission denied
root@grisou-48:/tmp# mount --bind t m
root@grisou-48:/tmp# mount |grep /tmp
/dev/sda5 on /tmp type ext4 (rw,nosuid,relatime)
/dev/sda5 on /tmp/m type ext4 (rw,nosuid,relatime)
root@grisou-48:/tmp# mount --bind -r -o remount ./t ./m
mount: /tmp/m: permission denied.

^ that's expected
but it works when specifying nosuid:

root@grisou-48:/tmp# mount --bind -r -o remount,nosuid ./t ./m
root@grisou-48:/tmp# 

>From strace:
mount("/tmp/t", "/tmp/m", 0x55e75bf38cb0, 
MS_RDONLY|MS_NOSUID|MS_REMOUNT|MS_BIND, NULL) = 0

MS_NOSUID is missing from mountflags in your invocation. Apparently data
can be NULL.
-- 
Lucas Nussbaum   <lucas.nussb...@inria.fr>   +33 3 54 95 86 19
Responsable du programme plateformes d'expérimentation
DDO-SDT - Direction Générale Déléguée à l'Innovation - Inria

Reply via email to