bug#61627: Cannot start a container built with `guix system container --

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#61627: Cannot start a container built with `guix system container --

From:	Pierre Langlois
Subject:	bug#61627: Cannot start a container built with `guix system container --network'.
Date:	Sun, 19 Feb 2023 15:29:20 +0000
User-agent:	mu4e 1.8.13; emacs 28.2

Pierre Langlois <pierre.langlois@gmx.com> writes:

> [[PGP Signed Part:Undecided]]
> Hi Guix!
>
> There seems to be a bug with the --network flag to `guix system
> container', if we try to use docker-image.tmpl as an example we get the
> following failure:
>
> $ sudo `guix system container -v3 --network 
> gnu/system/examples/docker-image.tmpl`
> Password:
> system container is running as PID 17630
> WARNING: (guile-user): imported module (guix build utils) overrides core 
> binding `delete'
> Run 'sudo guix container exec 17630 /run/current-system/profile/bin/bash 
> --login'
> or run 'sudo nsenter -a -t 17630' to get a shell into it.
>
> WARNING: (guile-user): imported module (guix build utils) overrides core 
> binding `delete'
> making '/gnu/store/2w0c609is7iilv6r2l1vrchb9qsbfgkp-system' the current 
> system...
> WARNING: (guile-user): imported module (guix build utils) overrides core 
> binding `delete'
> setting up setuid programs in '/run/setuid-programs'...
> populating /etc from /gnu/store/ywsdjyq161a2clhvz6kx5m4ppz5ziqp1-etc...
> Backtrace:
>           11 (primitive-load "/gnu/store/5wdqg0jpiw1zd9pn13wmzy3f85g…")
> In gnu/build/linux-container.scm:
>     300:8 10 (call-with-temporary-directory #<procedure 7fa5741fdd70…>)
>    397:16  9 (_ "/tmp/guix-directory.KgjoQ6")
>      62:6  8 (call-with-clean-exit #<procedure 7fa57420fd40 at gnu/b…>)
> In unknown file:
>            7 (primitive-load "/gnu/store/2w0c609is7iilv6r2l1vrchb9qs…")
> In ice-9/eval.scm:
>     619:8  6 (_ #f)
> In unknown file:
>            5 (primitive-load "/gnu/store/xfd58fw9x65n7wr5kw2gnciszkl…")
> In srfi/srfi-1.scm:
>     634:9  4 (for-each #<procedure primitive-load (_)> _)
> In unknown file:
>            3 (primitive-load "/gnu/store/3gwb0jydx90f61a6kizawsjdi6h…")
> In srfi/srfi-1.scm:
>     634:9  2 (for-each #<procedure 7fa57410e0e0 at gnu/build/activa…> …)
> In gnu/build/activation.scm:
>    268:20  1 (_ "hosts")
> In unknown file:
>            0 (copy-file "/etc/static/hosts" "/etc/hosts")
>
> ERROR: In procedure copy-file:
> In procedure copy-file: Read-only file system
>
>
> Doing a git bisect, the problem started with this commit it seems:
> 802ea1f3a43e5fb8d0b8bd2882954d8a6e49cde6
>
> system: Deprecate hosts-file.
>
> * gnu/system.scm (operating-system-hosts-file): Deprecate procedure.
> (warn-hosts-file-field-deprecation): New procedure, helper for
> deprecated variable.
> (operating-system)[hosts-file]: Use helper to warn deprecated field.
> (local-host-aliases): Mark as deprecated.
> (local-host-entries): New procedure.
> (operating-system-default-essential-services,
> hurd-default-essential-services): Use hosts-service-type.  Use
> '%operating-system-hosts-file' and 'local-host-entries'.
> (default-/etc/hosts): Remove procedure.
> (operating-system-etc-service): Remove hosts file.
> * doc/guix.texi (operating-system Reference)
> (Networking Services) (Virtualization Services): Rewrite documentation
> entries to use hosts-service-type.

Digging into the container script code, I think the reason is that when
sharing the network, it's supposed to remove any network-related
services from the containerized operating system. And it's not aware of
the new hosts-service-type. The following diff seems to fix the issue:

--8<---------------cut here---------------start------------->8---
diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm
index c2fd55d48e..9190d013bc 100644
--- a/gnu/system/linux-container.scm
+++ b/gnu/system/linux-container.scm
@@ -49,9 +49,12 @@ (define* (container-essential-services os #:key 
shared-network?)
   (define base
     (remove (lambda (service)
               (memq (service-kind service)
-                    (list (service-kind %linux-bare-metal-service)
-                          firmware-service-type
-                          system-service-type)))
+                    (cons* (service-kind %linux-bare-metal-service)
+                           firmware-service-type
+                           system-service-type
+                           (if shared-network?
+                               (list hosts-service-type)
+                               '()))))
             (operating-system-default-essential-services os)))

   (cons (service system-service-type
--8<---------------cut here---------------end--------------->8---

I wonder if this is a full fix though, I see that we also remove network
related configuration files, using `%network-configuration-files', and I
wonder if "/etc/hosts" is still supposed to be there?

--8<---------------cut here---------------start------------->8---
(define %network-configuration-files
  ;; List of essential network configuration files.
  '("/etc/resolv.conf"
    "/etc/nsswitch.conf"
    "/etc/services"
    "/etc/hosts"))
--8<---------------cut here---------------end--------------->8---

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

bug#61627: Cannot start a container built with `guix system container --network'., Pierre Langlois, 2023/02/19
- bug#61627: Cannot start a container built with `guix system container --network'., Pierre Langlois <=
- bug#61627: Cannot start a container built with `guix system container --network'., Nicolò Balzarotti, 2023/02/27

Prev by Date: bug#61628: Graphical installer: network check not working if date is wrong
Next by Date: bug#32026: [PATCH v3 04/11] gnu: icecat: Make language packs reproducible.
Previous by thread: bug#61627: Cannot start a container built with `guix system container --network'.
Next by thread: bug#61627: Cannot start a container built with `guix system container --network'.
Index(es):
- Date
- Thread