On 29/10/2015, Thompson, David <dthomps...@worcester.edu> wrote: > On Wed, Oct 28, 2015 at 11:56 AM, Ludovic Courtès <l...@gnu.org> wrote: >> "Thompson, David" <dthomps...@worcester.edu> skribis: >> >>> On Wed, Oct 28, 2015 at 11:14 AM, Alex Vong <alexvong1...@gmail.com> >>> wrote: >>>> On 28/10/2015, Ludovic Courtès <l...@gnu.org> wrote: >>>>> Alex Vong <alexvong1...@gmail.com> skribis: >>>>> >>>>>> On 27/10/2015, Ludovic Courtès <l...@gnu.org> wrote: >>>>> >>>>> [...] >>>>> >>>>>>> Do you still experience the test failures mentioned in that report? >>>>>>> If >>>>>>> not, could you email 21...@debbugs.gnu.org, specifying which commit >>>>>>> works for you? >>>>>>> >>>>>> Yes, there are 4 tests still failing with the latest master branch >>>>>> without unprivileged container. >>>>> >>>>> Which tests? Does tests/container.scm pass? >>>>> >>>> It doesn't pass if I run as unprivileged user. It passes if I run as >>>> root. I will be mailing the test logs on another mail. >>> >>> This is because Debian doesn't let unprivileged users create user >>> namespaces without explicitly overriding some configuration. >> >> How could we determine whether this restriction is in place? That would >> allow us to skip the test on these systems. > > I think it is /proc/sys/kernel/unprivileged_userns_clone, but I don't > know what the contents are exactly. 0 when off, 1 when on? Can > someone on Debian confirm? > Yes, I think that's the case. Before I run `$ sysctl -w kernel.unprivileged_userns_clone=1', `$ cat /proc/sys/kernel/unprivileged_userns_clone' returns 0. After I run `$ sysctl -w kernel.unprivileged_userns_clone=1', `$ cat /proc/sys/kernel/unprivileged_userns_clone' returns 1.
> If we can get the test suite passing, I'd like to extract these user > namespace presence tests to a procedure that 'guix environment' can > use to give the user an informative error message in these cases. > > - Dave >
