(address . guix-patches@gnu.org)(name . Ludovic Courtès)(address . ludo@gnu.org)
4cd56cb818ac45cc8d169aa460cc2b5e4801fddc.1736874209.git.ludo@gnu.org
Until now, this would work:
guix shell --no-cwd -CWP -- guix shell -C coreutils -- ls -R /home
… but this would not:
$ guix shell --no-cwd -CWPN -- guix shell -C coreutils -- ls -R /home
guix shell: error: mount: mount "none" on "/tmp/guix-directory.Wnc2OI/sys": Operation not permitted
This is annoying and hardly understandable. Since we already disable
/sys mounts when sharing the global network namespace is asked (as in
‘guix shell -CN‘), for the very same reason, we can just as well disable
/sys mounts anytime it fails with EPERM.
* gnu/build/linux-container.scm (mount-file-systems): Silently ignore
EPERM when attempting to mount /sys.
Change-Id: If85b1d703ab58a98ea9873f4f8fed71a06b7aa63
---
gnu/build/linux-container.scm | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
Toggle diff (25 lines)
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index dee6885400..5c303da8c8 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -109,8 +109,14 @@ (define* (mount-file-systems root mounts #:key mount-/sys? mount-/proc?)
;; A sysfs mount requires the user to have the CAP_SYS_ADMIN capability in
;; the current network namespace.
(when mount-/sys?
- (mount* "none" (scope "/sys") "sysfs"
- (logior MS_NOEXEC MS_NOSUID MS_NODEV MS_RDONLY)))
+ (catch 'system-error
+ (lambda ()
+ (mount* "none" (scope "/sys") "sysfs"
+ (logior MS_NOEXEC MS_NOSUID MS_NODEV MS_RDONLY)))
+ (lambda args
+ ;; EPERM means that CAP_SYS_ADMIN is missing. Ignore.
+ (unless (= EPERM (system-error-errno args))
+ (apply throw args)))))
(mount* "none" (scope "/dev") "tmpfs"
(logior MS_NOEXEC MS_STRICTATIME)
base-commit: d804997897d2a531e0e3186e64df798a7e2e0d1a
--
2.47.1