guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Environment containers

From: Thompson, David
Subject: Re: Environment containers
Date: Wed, 28 Oct 2015 12:08:01 -0400 
On Wed, Oct 28, 2015 at 11:56 AM, Ludovic Courtès <address@hidden> wrote:
> "Thompson, David" <address@hidden> skribis:
>
>> On Wed, Oct 28, 2015 at 11:14 AM, Alex Vong <address@hidden> wrote:
>>> On 28/10/2015, Ludovic Courtès <address@hidden> wrote:
>>>> Alex Vong <address@hidden> skribis:
>>>>
>>>>> On 27/10/2015, Ludovic Courtès <address@hidden> wrote:
>>>>
>>>> [...]
>>>>
>>>>>> Do you still experience the test failures mentioned in that report?  If
>>>>>> not, could you email address@hidden, specifying which commit
>>>>>> works for you?
>>>>>>
>>>>> Yes, there are 4 tests still failing with the latest master branch
>>>>> without unprivileged container.
>>>>
>>>> Which tests?  Does tests/container.scm pass?
>>>>
>>> It doesn't pass if I run as unprivileged user. It passes if I run as
>>> root. I will be mailing the test logs on another mail.
>>
>> This is because Debian doesn't let unprivileged users create user
>> namespaces without explicitly overriding some configuration.
>
> How could we determine whether this restriction is in place?  That would
> allow us to skip the test on these systems.

I think it is /proc/sys/kernel/unprivileged_userns_clone, but I don't
know what the contents are exactly.  0 when off, 1 when on?  Can
someone on Debian confirm?

If we can get the test suite passing, I'd like to extract these user
namespace presence tests to a procedure that 'guix environment' can
use to give the user an informative error message in these cases.

- Dave
reply via email to
[Prev in Thread] Current Thread [Next in Thread]