bug#47106: Bubblewrap hates Guix containers 😞

[Bengt Richter]

Hi again,

On +2021-03-13 15:43:15 +0100, Leo Prikler wrote:
> Am Samstag, den 13.03.2021, 13:27 +0100 schrieb Bengt Richter:
> > Hi,
> > 
> > On +2021-03-13 12:07:51 +0100, Leo Prikler wrote:
> > > Hi!
> > > Am Samstag, den 13.03.2021, 11:48 +0100 schrieb Ludovic Courtès:
> > > > Hi!
> > > > 
> > > > Leo Prikler <leo.prikler@student.tugraz.at> skribis:
> > > > 
> > > > > both Epiphany and Eolie (post fixing #47097; will submit patch
> > > > > shortly)
> > > > > fail inside Guix containers with the suggested
> > > > > incantation.  After
> > > > > getting the environment to no longer complain about $DISPLAY by
> > > > > adding
> > > > > `--preserve="XAUTHORITY" --expose=$XAUTHORITY', it repeatedly
> > > > > outputsn
> > > > > lines like
> > > > > bwrap: Can't find source path /sys/class: No such file or
> > > > > directory
> > > > > before closing the process altogether.
> > > > 
> > > > What is ‘bwrap’ looking for?  /sys is mounted inside ‘guix
> > > > environment -C’,
> > > > but perhaps it needs something special?
> > > > 
> > > > I suggest running these things (or ‘bwrap’ directly) in ‘strace
> > > > -f -o
> > > > log’ inside the container to see.
> > > It seems to be 
> > > > openat(AT_FDCWD, "/sys/class/dmi/id/chassis_type", O_RDONLY) = -1
> > > > ENOENT (No such file or directory)
> > > > openat(AT_FDCWD, "/sys/firmware/acpi/pm_profile", O_RDONLY) = -1
> > > > ENOENT (No such file or directory)
> > > 
> > > I haven't repeated that for all warnings of similar kind, but if I
> > > add
> > > `--expose=/sys/block --expose=/sys/class --expose=/sys/bus --
> > > expose=/sys/dev --expose=/sys/devices` to the invocation, I instead
> > > get
> > > a warning, that the WebKitWebProcess can't open $DISPLAY.  I'm not
> > > sure
> > > how to resolve that one, given that I already had to sneak DISPLAY
> > > and
> > > XAUTHORITY into the container, but it's a start.
> > > 
> > > Regards,
> > > Leo
> > > 
> > Does $DISPLAY mean ":0" and does the Wayland server answer that with
> > its XWayland X-interface?
> In my setup $DISPLAY=:1, but obviously the exact value depends on other
> circumstances (i.e. if there's already an open session belonging to
> another user it'd be :2, :3, ...).  I'm not sure how X vs. Wayland
> plays out here, but I'm still using Gnome on X, so that should
> hopefully not be an issue here.
> 
> > I am wonderering how that is resolved inside a container.
> Well, for X you'd usually preserve DISPLAY and XAUTHORITY and also
> expose $XAUTHORITY or something along those lines.  Not sure how you
> Wayland folk do that.
>

I am not a Wayland developer, if that's what you mean by "Wayland folk" :)
But I have been experimenting with writing my own text and graphics widget,
poking 32-bit pixels into buffers for display by the Wayland compositor,
so I've learned a little :) I am using the linux kernel's sun12x22 bitmap
font to do text at a low level.

Idk much about containers yet, but I imagine using lowlevel stuff to
make images for a trivial web server running in a container could be 
interesting.

> Regards,
> Leo
> 

I am curious what the commands below would show inside your container.
"pidparents" [1] is a little script I find handy, which would have to be
accessible in your container of course. Idk how you put local bash scripts
in your container. I assume it's possible :)

I did these commands in a debian gnome terminal window, where pidparents[1]
showed (timetagged later, since I just went back to do that) this context:
--8<---------------cut here---------------start------------->8---
[17:29 ~/bs]$ pidparents
pidparents      pts/1     5800 S+   /usr/bin/bash /home/bokr/bin/pidparents
bash            pts/1     5711 Ss   /bin/bash
tilix           ?         2007 Sl   /usr/bin/tilix --gapplication-service
systemd         ?         1308 Ss   /lib/systemd/systemd --user
systemd         ?            1 Ss   /sbin/init splash
--8<---------------cut here---------------end--------------->8---

;;;; First I just look for processes with X11 or way in their names, 
;;;; then I use pidparents to see how they are started.

[17:18 ~/bs]$ ps af|egrep -i 'x11|way'
 5741 pts/1    S+     0:00  \_ grep -E -i x11|way
 1329 tty2     Ssl+   0:00 /usr/lib/gdm3/gdm-wayland-session 
/usr/bin/gnome-session
 1433 tty2     Sl+    0:13      |   \_ /usr/bin/Xwayland :0 -rootless 
-terminate -accessx -core -listen 4 -listen 5 -displayfd 6
 1468 tty2     Sl     0:00 /usr/lib/ibus/ibus-x11 --kill-daemon

[17:21 ~/bs]$ pidparents 1329
gdm-wayland-ses tty2      1329 Ssl+ /usr/lib/gdm3/gdm-wayland-session 
/usr/bin/gnome-session
gdm-session-wor ?         1304 Sl   gdm-session-worker [pam/gdm-password]
gdm3            ?          711 Ssl  /usr/sbin/gdm3
systemd         ?            1 Ss   /sbin/init splash

;;;; this one might be the most interesting in your container
;;;; can you SSH into it to do these things?
[17:22 ~/bs]$ pidparents 1433
Xwayland        tty2      1433 Sl+  /usr/bin/Xwayland :0 -rootless -terminate 
-accessx -core -listen 4 -listen 5 -displayfd 6
gnome-shell     tty2      1408 Rl+  /usr/bin/gnome-shell
gnome-session-b tty2      1333 Sl+  /usr/lib/gnome-session/gnome-session-binary
gdm-wayland-ses tty2      1329 Ssl+ /usr/lib/gdm3/gdm-wayland-session 
/usr/bin/gnome-session
gdm-session-wor ?         1304 Sl   gdm-session-worker [pam/gdm-password]
gdm3            ?          711 Ssl  /usr/sbin/gdm3
systemd         ?            1 Ss   /sbin/init splash

;;;; not really sure what this one does
[17:22 ~/bs]$ pidparents 1468
ibus-x11        tty2      1468 Sl   /usr/lib/ibus/ibus-x11 --kill-daemon
systemd         ?            1 Ss   /sbin/init splash

;;;; [1] here is pidparents -- pretty short, so you could manually
;;;; enter it if necessary :)

[17:22 ~/bs]$ cat $(which pidparents)|gxsnip 
--8<---------------cut here---------------start------------->8---
#!/usr/bin/bash
# ~/bin/pidparents

pid=${1:-$$}    #this process if no pid specified as $1

while [ $(($pid)) -gt 0 ]; do    
      ps h -p $pid -o comm,tt,pid,stat,args
      pid=$(ps -q $pid -o ppid=)
done

--8<---------------cut here---------------end--------------->8---
[17:24 ~/bs]$ 

Hopefully this would reveal a little more about what $DISPLAY means in your 
container.

WDYT?

-- 
Regards,
Bengt Richter