Does not pass tests

[tobiasBora]

Hello,

First, thank you for these great tools. I installed nix on my debian system, and I got some troubles when I try to compile the nix sources.

Step to reproduce
Install the binary distribution of nix on debian sid:

$ bash <(curl https://nixos.org/nix/install)

Then load the environment using the command that is prompted at the end, and run the following commands:

nix-env -i git
mkdir /tmp/compile_nix_git
cd /tmp/compile_nix_git
git clone https://github.com/NixOS/nix
cd nix
nix-build release.nix -A build.x86_64-linux

Then, after some times, it fails to build, because it fails to pass two tests: tests/linux-sandbox.sh and test/build-remote.sh, with the same error:

error: cloning builder process: Operation not permitted

Do you know how to solve this problem ?

Thank you !

NB: Here is the last part of the output of the script, and you can find here most of the output of the script.

running test tests/placeholders.sh... [PASS]
running test tests/nix-shell.sh... [PASS]
running test tests/linux-sandbox.sh... [FAIL]
    + clearStore
    + echo 'clearing store...'
    clearing store...
    + chmod -R +w /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store
    + rm -rf /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store
    + mkdir /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store
    + rm -rf /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/var/nix
    + mkdir /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/var/nix
    + nix-store --init
    + clearProfiles
    + profiles=/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/var/nix/profiles
    + rm -rf /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/var/nix/profiles
    ++ uname
    + [[ Linux != Linux ]]
    + [[ ! /nix/store/h404wfcz8rzzlq8vr4z7plcijwzfci72-bash-4.4-p12/bin/bash =~ /nix/store ]]
    + chmod -R u+w /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store0
    chmod: cannot access '/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store0': No such file or directory
    + true
    + rm -rf /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store0
    + export NIX_STORE_DIR=/my/store
    + NIX_STORE_DIR=/my/store
    + export 'NIX_REMOTE=local?root=/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store0'
    + NIX_REMOTE='local?root=/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store0'
    ++ nix-build dependencies.nix --no-out-link --option sandbox-paths /nix/store
    these derivations will be built:
      /my/store/jg37xazcx2r631lf42qbawgb91dwrg99-dependencies-input-2.drv
      /my/store/pzasi0nync7la5rz3sjddrlflpwfsl8g-dependencies-input-1.drv
      /my/store/892g44imcdgz0ijvd8r9gax3h3jmfcvz-dependencies.drv
    building path(s) '/my/store/1zp5618gfawjdnhv3idhfsg5vwq4274v-dependencies-input-1'
    error: cloning builder process: Operation not permitted
    error: unable to start build process
    + outPath=
running test tests/build-remote.sh... [FAIL]
    + clearStore
    + echo 'clearing store...'
    clearing store...
    + chmod -R +w /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store
    + rm -rf /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store
    + mkdir /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store
    + rm -rf /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/var/nix
    + mkdir /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/var/nix
    + nix-store --init
    + clearProfiles
    + profiles=/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/var/nix/profiles
    + rm -rf /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/var/nix/profiles
    ++ uname
    + [[ Linux != Linux ]]
    + [[ ! /nix/store/h404wfcz8rzzlq8vr4z7plcijwzfci72-bash-4.4-p12/bin/bash =~ /nix/store ]]
    + chmod -R u+w /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store0
    + chmod -R u+w /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store1
    chmod: cannot access '/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store1': No such file or directory
    + true
    + rm -rf /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store0 /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store1
    + export NIX_CONF_DIR=/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/etc2
    + NIX_CONF_DIR=/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/etc2
    + mkdir -p /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/etc2
    + echo '
    sandbox-paths = /nix/store
    sandbox-build-dir = /build-tmp
    '
    ++ nix-build build-hook.nix --no-out-link -j0 --option builders 'local?root=/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store0; local?root=/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store1 - - 1 1 foo'
    these derivations will be built:
      /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store/8m7qvd39iy8i81ai041kjbslq7vxpcfv-build-hook-input-2.drv
      /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store/lynjvq2mq96163h8vxfqdyxyhr84i41h-build-hook-input-1.drv
      /tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store/92kzd7wak16kz8l54jjvvgr99s77y8qg-build-hook.drv
    warning: unknown setting 'log-fd'
    warning: unknown setting 'max-connections'
    building '/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store/lynjvq2mq96163h8vxfqdyxyhr84i41h-build-hook-input-1.drv'...
    warning: unknown setting 'log-fd'
    warning: unknown setting 'max-connections'
    building '/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store/8m7qvd39iy8i81ai041kjbslq7vxpcfv-build-hook-input-2.drv'...
    copying 1 paths...
    copying path '/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store/jzkfb7c4fk8444irrw5xa8cpa8pqjgd9-dependencies.builder1.sh'...
    building '/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store/lynjvq2mq96163h8vxfqdyxyhr84i41h-build-hook-input-1.drv' on 'local?root=/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store1'
    building path(s) '/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store/crznwi5x1pzzm4ahqh40nf7vripiglbd-build-hook-input-1'
    error: cloning builder process: Operation not permitted
    error: build of '/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store/lynjvq2mq96163h8vxfqdyxyhr84i41h-build-hook-input-1.drv' on 'local?root=/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store1' failed: unable to start build process
    copying 1 paths...
    cannot build derivation '/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store/92kzd7wak16kz8l54jjvvgr99s77y8qg-build-hook.drv': 1 dependencies couldn't be built
    error: build of '/tmp/nix-build-nix-1.12pre1234_abcdef.drv-0/nix-test/store/92kzd7wak16kz8l54jjvvgr99s77y8qg-build-hook.drv' failed
    + outPath=
running test tests/nar-index.sh... [PASS]
2 out of 42 tests failed 
make: *** [mk/tests.mk:12: installcheck] Error 1
build time elapsed:  0m0.104s 0m0.091s 9m14.999s 0m26.938s
builder for ‘/nix/store/fswqs9k2nl2826w0r9n23xvnhdfnmcdj-nix-1.12pre1234_abcdef.drv’ failed with exit code 2
error: build of ‘/nix/store/fswqs9k2nl2826w0r9n23xvnhdfnmcdj-nix-1.12pre1234_abcdef.drv’ failed

[edolstra]

Are you building in some sort of chroot or user namespace by any chance? According to the clone manpage, that might cause EPERM.

What's the Linux kernel version?

[tobiasBora]

At the very beginning, I was using proot indeed, but after that I tried with my debian, without any chroot/namespace (it's not even enabled on debian), and I have the same error in both cases. I'm running kernel 4.12.0-2-amd64.

[dezgeg]

Sounds like the same thing as #1521

[edolstra]

@dezgeg Actually that issue is about EINVAL, this is EPERM.

[dezgeg]

I think Debian carries a custom patch to make user namespaces runtime configurable, that might return -EPERM: https://superuser.com/questions/1094597/enable-user-namespaces-in-debian-kernel

[knedlsepp]

Experiencing problems with those two tests as well. The actual error messages are a little different however. The system is SLES12 with 4.4.74-92.29-default. I used nix-user-chroot to bootstrap nix to a custom prefix using an overlay, but the final build of nix is running outside of this chroot.
Here is the overlay that I use

   nixUnstable = (super.nixUnstable.override {
     storeDir = "/lustre/perm/vhmod/jkemet/nix/store";
     stateDir = "/lustre/perm/vhmod/jkemet/nix/var";
   }).overrideAttrs (oldAttrs: {
     doInstallCheck = false;
   });

Without a doInstallCheck = false; override I get both failures:

running test tests/linux-sandbox.sh... [FAIL]
    + clearStore
    + echo 'clearing store...'
    clearing store...
    + chmod -R +w /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store
    + rm -rf /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store
    + mkdir /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store
    + rm -rf /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/var/nix
    + mkdir /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/var/nix
    + nix-store --init
    + clearProfiles
    + profiles=/tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/var/nix/profiles
    + rm -rf /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/var/nix/profiles
    ++ uname
    + [[ Linux != Linux ]]
    + [[ ! /lustre/perm/vhmod/jkemet/nix/store/nyhn12jwlfnr9445s0jkn6hi46xhrx4z-bash-4.4-p12/bin/bash =~ /nix/store ]]
    + chmod -R u+w /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store0
    chmod: cannot access '/tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store0': No such file or directory
    + true
    + rm -rf /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store0
    + export NIX_STORE_DIR=/my/store
    + NIX_STORE_DIR=/my/store
    + export NIX_REMOTE=/tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store0
    + NIX_REMOTE=/tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store0
    ++ nix-build dependencies.nix --no-out-link --option sandbox-paths /nix/store
    these derivations will be built:
      /my/store/igsrkgrribaa5zi6d0l7zvv9d7g08f6q-dependencies-input-1.drv
      /my/store/ly5sm6r9drdljxl5j3i49s13q77iwlms-dependencies-input-2.drv
      /my/store/5akg4yf365fvspqiqbnwzqkkj9n9m3bv-dependencies.drv
    error: while setting up the build environment: getting attributes of path '/nix/store': No such file or directory
    + outPath=
running test tests/build-remote.sh... [FAIL]
    + clearStore
    + echo 'clearing store...'
    clearing store...
    + chmod -R +w /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store
    + rm -rf /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store
    + mkdir /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store
    + rm -rf /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/var/nix
    + mkdir /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/var/nix
    + nix-store --init
    + clearProfiles
    + profiles=/tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/var/nix/profiles
    + rm -rf /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/var/nix/profiles
    ++ uname
    + [[ Linux != Linux ]]
    + [[ ! /lustre/perm/vhmod/jkemet/nix/store/nyhn12jwlfnr9445s0jkn6hi46xhrx4z-bash-4.4-p12/bin/bash =~ /nix/store ]]
    + chmod -R u+w /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store0
    + chmod -R u+w /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store1
    chmod: cannot access '/tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store1': No such file or directory
    + true
    + rm -rf /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store0 /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store1
    + nix build -f build-hook.nix -o /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/result --max-jobs 0 --sandbox-paths /nix/store --sandbox-build-dir /build-tmp --builders '/tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store0; /tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store1 - - 1 1 foo'
    error: build of '/tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store/vnp303maghmim7w3wbg0fr1jjvgkcfbx-build-hook-input-1.drv' on '/tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store1' failed: while setting up the build environment: getting attributes of path '/nix/store': No such file or directory
    cannot build derivation '/tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store/clcrxivzp4hfkb7z5bnr9qyl0gklrzxk-build-hook.drv': 1 dependencies couldn't be built
    error: build of '/tmp/nix-build-nix-1.12pre5732_fd10f6f2.drv-0/nix-test/store/clcrxivzp4hfkb7z5bnr9qyl0gklrzxk-build-hook.drv' failed

[tobiasBora]

@dezgeg And it's not possible to disable these tests for debian users ? Or maybe it's possible to manually disable tests ?

[jcumming]

I get the same thing. When nix runs without CAP_SYS_ADMIN, then it can't use namespaces. From clone(2) manpage:

      EPERM  CLONE_NEWCGROUP, CLONE_NEWIPC, CLONE_NEWNET, CLONE_NEWNS, CLONE_NEWPID, or CLONE_NEWUTS was specified by  an  unprivileged  process
          (process without CAP_SYS_ADMIN).

straceing the test yields:

[pid  1222] clone(child_stack=0x7ffff7f9bff0, flags=CLONE_PARENT|CLONE_NEWNS|0x7c000000|SIGCHLD) = -1 EPERM (Operation not permitted)

I think the right thing to do is disable useChroot if nix doesn't have CAP_SYS_ADMIN, but a brief google didn't show me how to do that without pulling in libcap as a new dependency, but just on linux.