[Nix#9705] Nix fails to remount the store with all the required flags #72
Labels
No labels
Area/build-packaging
Area/cli
Area/evaluator
Area/fetching
Area/flakes
Area/language
Area/profiles
Area/protocol
Area/releng
Area/remote-builds
Area/repl
Area/store
bug
crash 💥
Cross Compilation
devx
docs
Downstream Dependents
E/easy
E/hard
E/help wanted
E/reproducible
E/requires rearchitecture
imported
Needs Langver
OS/Linux
OS/macOS
performance
regression
release-blocker
RFD
stability
Status
blocked
Status
invalid
Status
postponed
Status
wontfix
testing
testing/flakey
ux
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference: lix-project/lix#72
Loading…
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Upstream-Issue: NixOS/nix#9705
Normally
/nix/store
is bind-mounted as read-only. That's to avoid accidental changes to the Nix store even by root.nix
/nix-daemon
though try to remount the nix-store to read-write in its own namespace, but the implementation is simplistic[1] and will fail in different scenarios.[1]
https://github.com/NixOS/nix/blob/master/src/libstore/local-store.cc#L581-L582
I'm running nixos as a
systemd-nspawn
container, where the whole nixos filesystem lives on the host system (in/var/lib/machines/nixos
), and the container is then run with it as a root filesystem ("booting"/sbin/init
which execs/nix/store/d842nhr0ckaw7ijlf54q9dnm37dnn00p-nixos-system-nix-container-24.05.20240102.bd645e8/init
).In that case, the root and the nix-store are mounted with some additional flags compared to "normal" nixos (nodev and idmapped):
The problem is nix(nix-daemon) fails to remount the store to read-write:
The most simple hack to solve the issue was to add the MS_NODEV flag in the remount call:
after this change, nix/nix-daemon successfully can remount the /nix/store.
Now a more robust solution would probably be to first introspect all the mount flags and then only flip the read-only flag - other
mount
cli tools seem to do that (busybox or util-linux mount for ex).I can try to pursue that fix, if it's acceptable.