Hello!
Stefan Reichör <ste...@xsteve.at> skribis:
> Here is the part that triggers the problem as I assume (I can send the
> full log as well when it is needed):
>
> [pid 31032] open("/proc/self/mountinfo", O_RDONLY) = 17
> [pid 31032] read(17, "2860 2854 0:102 / / rw,noatime m"..., 4096) = 4076
> [pid 31032] read(17, "", 4096) = 0
> [pid 31032] close(17) = 0
> [pid 31032] mount(NULL, "/", NULL, MS_PRIVATE, NULL) = -1 EACCES (Permission
> denied)
> [pid 31032] futex(0x7f827449c190, FUTEX_WAKE_PRIVATE, 2147483647) = 0
> [pid 31032] write(2, "while setting up the build envir"..., 97) = 97
> [pid 31032] exit_group(1) = ?
> [pid 31028] close(16) = 0
>
> The entry for "/" in /proc/self/mountinfo is:
> 3966 3548 0:102 / / rw,noatime master:129 - zfs
> satazpool/data/subvol-618-disk-1 rw,xattr,posixacl
The corresponding code in nix/libstore/build.cc is this:
--8<---------------cut here---------------start------------->8---
/* Make all filesystems private. This is necessary
because subtrees may have been mounted as "shared"
(MS_SHARED). (Systemd does this, for instance.) Even
though we have a private mount namespace, mounting
filesystems on top of a shared subtree still propagates
outside of the namespace. Making a subtree private is
local to the namespace, though, so setting MS_PRIVATE
does not affect the outside world. */
Strings mounts =
tokenizeString<Strings>(readFile("/proc/self/mountinfo", true), "\n");
foreach (Strings::iterator, i, mounts) {
vector<string> fields = tokenizeString<vector<string> >(*i, "
");
string fs = decodeOctalEscaped(fields.at(4));
if (mount(0, fs.c_str(), 0, MS_PRIVATE, 0) == -1)
throw SysError(format("unable to make filesystem `%1%'
private") % fs);
}
--8<---------------cut here---------------end--------------->8---
So “fs.c_str()” evaluates to “/”, as expected.
Now maybe zfs-on-linux doesn’t implement MS_PRIVATE or has specific
constraints (is it on FUSE?). Perhaps you should check with the
zfs-on-linux people what they think of it.
Thanks,
Ludo’.
