[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#24108: guix make tests failure
From: |
Ludovic Courtès |
Subject: |
bug#24108: guix make tests failure |
Date: |
Sun, 31 Jul 2016 12:53:26 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Hello,
Dylan Jeffers <address@hidden> skribis:
[...]
> > > These tests are skipped when user namespaces are not supported, as
> > > per this condition:
> > >
> > > (define perform-container-tests?
> > > (and (user-namespace-supported?)
> > > (unprivileged-user-namespace-supported?)))
> > >
> > > … which is true iff (1) /proc/self/ns/user exists, and (2)
> > > /proc/sys/kernel/unprivileged_userns_clone does not exist, or it
> > > exists and contains “1”.
> > >
> > > Do these files exist on this system?
>>
>> (1) /proc/self/ns/user exists, and
>> (2) /proc/sys/kernel/unpriviledged_userns_clone D.N.E
They do not exist now with the new ‘test-suite.log’ that you posted, but
they did exist before (with the Grsec kernel), otherwise the user
namespaces tests would have been skipped.
>> Ideas on the best approach to allow the build to succeed?
>>
>> I also have had issues with qemu, so it makes sense that vm/container
>> stuff both have issues. I have a feeling its due to the
>> grsec kernel.
>> https://wiki.archlinux.org/index.php/Grsecurity_Patchset talks a
>> bit about userspace/namespace hardening + issues with xen and
>> virtbox. Going to reboot with an lts kernel and try again. Will post
>> update...
>>
>> Best,
>> Dylan
>>
>> Best,
>> Dylan
>
> After changing kernel, and stopping paxd.service, build still
> failed :(
[...]
> test-name: clone
> location: /home/sapientech/Dev/guix/guix_wip/tests/syscalls.scm:109
> source:
> + (test-assert
> + "clone"
> + (match (clone (logior CLONE_NEWUSER SIGCHLD))
> + (0 (primitive-exit 42))
> + (pid (and (not (equal?
> + (readlink (user-namespace pid))
> + (readlink (user-namespace (getpid)))))
> + (match (waitpid pid)
> + ((_ . status) (= 42 (status:exit-val
> status))))))))
> result: SKIP
This and other container-related tests are now properly skipped.
> test-name: home-page: host not found
> location: /home/sapientech/Dev/guix/guix_wip/tests/lint.scm:393
> source:
> + (test-assert
> + "home-page: host not found"
> + (->bool
> + (string-contains
> + (with-warnings
> + (let ((pkg (package
> + (inherit (dummy-package "x"))
> + (home-page "http://does-not-exist"))))
> + (check-home-page pkg)))
> + "domain not found")))
> actual-value: #f
> result: FAIL
This and the remaining failures are due to DNS hijacking, so nothing we
can do about it. You’d have to use a well-behaved DNS server (e.g.,
“echo nameserver 8.8.8.8 > /etc/resolv.conf” to use Google’s name
server) to work around that.
Thanks,
Ludo’.