MicroOS Desktop: tukit/t-u and flatpaks not starting "on the host"
Hello,
since a recent update (I'm on 20211111 right now), if I try to start a
flatpak, and tukit is "doing something", I get the following:
bwrap: Can't bind mount /oldroot/tmp on /newroot/tmp: Unable to mount source on destination: Operation not permitted
error: Failed to sync with dbus proxy
And the app does not start.
After some investigations, this seems to me to be related to some
issues with /tmp (with the dbus line being a red-herring).
This is easily reproducible by doing the following:
$ sudo tukit --continue execute /bin/bash
And then, in another terminal:
$ flatpak run org.mozilla.firefox
If I do (with the tukit session still open):
$ mount |grep tmp
devtmpfs on /dev type devtmpfs (rw,nosuid,size=3035576k,nr_inodes=758894,mode=755,inode64)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,size=3047112k,nr_inodes=761778,inode64)
tmpfs on /run type tmpfs (rw,nosuid,nodev,size=1218848k,nr_inodes=819200,mode=755,inode64)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,size=3047112k,nr_inodes=409600,inode64)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=609400k,nr_inodes=152350,mode=700,uid=1000,gid=100,inode64)
/dev/vda2 on /tmp/transactional-update-tNCyHK type btrfs (rw,relatime,space_cache,subvolid=326,subvol=/@/.snapshots/10/snapshot)
devtmpfs on /tmp/transactional-update-tNCyHK/dev type devtmpfs (rw,nosuid,size=3035576k,nr_inodes=758894,mode=755,inode64)
tmpfs on /tmp/transactional-update-tNCyHK/dev/shm type tmpfs (rw,nosuid,nodev,size=3047112k,nr_inodes=761778,inode64)
devpts on /tmp/transactional-update-tNCyHK/dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
mqueue on /tmp/transactional-update-tNCyHK/dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
hugetlbfs on /tmp/transactional-update-tNCyHK/dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
/dev/vda2 on /tmp/transactional-update-tNCyHK/var/log type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-tNCyHK/opt type btrfs (rw,relatime,space_cache,subvolid=262,subvol=/@/opt)
/dev/vda2 on /tmp/transactional-update-tNCyHK/var/lib/zypp type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-tNCyHK/var/lib/ca-certificates type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-tNCyHK/var/lib/alternatives type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-tNCyHK/var/lib/selinux type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
overlay on /tmp/transactional-update-tNCyHK/etc type overlay (rw,relatime,lowerdir=/etc,upperdir=/var/lib/overlay/10/etc,workdir=/var/lib/overlay/10/work-etc,x-systemd.requires-mounts-for=/var)
/dev/vda2 on /tmp/transactional-update-tNCyHK/var/cache type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
tmpfs on /tmp/transactional-update-tNCyHK/tmp type tmpfs (rw,relatime,inode64)
tmpfs on /tmp/transactional-update-tNCyHK/run type tmpfs (rw,relatime,inode64)
tmpfs on /tmp/transactional-update-tNCyHK/var/tmp type tmpfs (rw,relatime,inode64)
/dev/vda2 on /tmp/transactional-update-tNCyHK/boot/grub2/x86_64-efi type btrfs (rw,relatime,space_cache,subvolid=265,subvol=/@/boot/grub2/x86_64-efi)
/dev/vda2 on /tmp/transactional-update-tNCyHK/boot/grub2/i386-pc type btrfs (rw,relatime,space_cache,subvolid=266,subvol=/@/boot/grub2/i386-pc)
proc on /tmp/transactional-update-tNCyHK/proc type proc (rw,nosuid,nodev,noexec,relatime)
systemd-1 on /tmp/transactional-update-tNCyHK/proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=14699)
sysfs on /tmp/transactional-update-tNCyHK/sys type sysfs (rw,nosuid,nodev,noexec,relatime)
securityfs on /tmp/transactional-update-tNCyHK/sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
cgroup2 on /tmp/transactional-update-tNCyHK/sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /tmp/transactional-update-tNCyHK/sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
none on /tmp/transactional-update-tNCyHK/sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
debugfs on /tmp/transactional-update-tNCyHK/sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
tracefs on /tmp/transactional-update-tNCyHK/sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
configfs on /tmp/transactional-update-tNCyHK/sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /tmp/transactional-update-tNCyHK/sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
/dev/vda2 on /tmp/transactional-update-tNCyHK/root type btrfs (rw,relatime,space_cache,subvolid=261,subvol=/@/root)
/dev/vda2 on /tmp/transactional-update-tNCyHK/boot/writable type btrfs (rw,relatime,space_cache,subvolid=264,subvol=/@/boot/writable)
/dev/vda2 on /tmp/transactional-update-tNCyHK/.snapshots type btrfs (rw,relatime,space_cache,subvolid=267,subvol=/@/.snapshots)
OTOH, if I close the tukit session:
$ mount |grep tmp
devtmpfs on /dev type devtmpfs (rw,nosuid,size=3035576k,nr_inodes=758894,mode=755,inode64)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,size=3047112k,nr_inodes=761778,inode64)
tmpfs on /run type tmpfs (rw,nosuid,nodev,size=1218848k,nr_inodes=819200,mode=755,inode64)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,size=3047112k,nr_inodes=409600,inode64)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=609400k,nr_inodes=152350,mode=700,uid=1000,gid=100,inode64)
I.e., a lot fewer stuff. :-P
Not that this happens not only when a transactional-update or tukit
shell is open, but even if some other components, like PackageKit using
libtukit, even just to refresh the repositories... Which in fact
happens at boot, and that in turns cause that flatpaks don't start for
a while. :-O
I'm up for more/different tests, if that could help.
Thanks and Regards
--
Dario Faggioli, Ph.D
http://about.me/dario.faggioli
Virtualization Software Engineer
SUSE Labs, SUSE https://www.suse.com/
-------------------------------------------------------------------
<
On Mon, 2021-11-15 at 16:10 +0000, Dario Faggioli wrote:
Hello,
since a recent update (I'm on 20211111 right now), if I try to start a flatpak, and tukit is "doing something", I get the following:
bwrap: Can't bind mount /oldroot/tmp on /newroot/tmp: Unable to mount source on destination: Operation not permitted error: Failed to sync with dbus proxy
Ok, not sure if it helps, but FWIW, this does not happen in 20211025.
There, the lines in `mount` that have to do with 'tmp' (with a t-u
shell open) are the following:
devtmpfs on /dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64)
tmpfs on /run type tmpfs (rw,nosuid,nodev,size=1218844k,nr_inodes=819200,mode=755,inode64)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=409600,inode64)
tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=609400k,nr_inodes=152350,mode=700,uid=1000,gid=100,inode64)
devtmpfs on /.snapshots/11/snapshot/dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64)
tmpfs on /.snapshots/11/snapshot/dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64)
/dev/vda2 on /tmp/transactional-update-WroRYj type btrfs (rw,relatime,space_cache,subvolid=328,subvol=/@/.snapshots/11/snapshot)
devtmpfs on /tmp/transactional-update-WroRYj/dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64)
tmpfs on /tmp/transactional-update-WroRYj/dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64)
devpts on /tmp/transactional-update-WroRYj/dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
hugetlbfs on /tmp/transactional-update-WroRYj/dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /tmp/transactional-update-WroRYj/dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
/dev/vda2 on /tmp/transactional-update-WroRYj/var/log type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-WroRYj/var/cache type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-WroRYj/var/lib/zypp type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-WroRYj/var/lib/ca-certificates type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-WroRYj/var/lib/alternatives type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-WroRYj/var/lib/selinux type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
overlay on /tmp/transactional-update-WroRYj/etc type overlay (rw,relatime,lowerdir=/etc,upperdir=/var/lib/overlay/11/etc,workdir=/var/lib/overlay/11/work-etc)
/dev/vda2 on /tmp/transactional-update-WroRYj/boot/grub2/x86_64-efi type btrfs (rw,relatime,space_cache,subvolid=265,subvol=/@/boot/grub2/x86_64-efi)
/dev/vda2 on /tmp/transactional-update-WroRYj/boot/grub2/i386-pc type btrfs (rw,relatime,space_cache,subvolid=266,subvol=/@/boot/grub2/i386-pc)
proc on /tmp/transactional-update-WroRYj/proc type proc (rw,nosuid,nodev,noexec,relatime)
systemd-1 on /tmp/transactional-update-WroRYj/proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1468)
sysfs on /tmp/transactional-update-WroRYj/sys type sysfs (rw,nosuid,nodev,noexec,relatime)
securityfs on /tmp/transactional-update-WroRYj/sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
cgroup2 on /tmp/transactional-update-WroRYj/sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /tmp/transactional-update-WroRYj/sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
none on /tmp/transactional-update-WroRYj/sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
debugfs on /tmp/transactional-update-WroRYj/sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
tracefs on /tmp/transactional-update-WroRYj/sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
configfs on /tmp/transactional-update-WroRYj/sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /tmp/transactional-update-WroRYj/sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
/dev/vda2 on /tmp/transactional-update-WroRYj/root type btrfs (rw,relatime,space_cache,subvolid=261,subvol=/@/root)
/dev/vda2 on /tmp/transactional-update-WroRYj/boot/writable type btrfs (rw,relatime,space_cache,subvolid=264,subvol=/@/boot/writable)
/dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots type btrfs (rw,relatime,space_cache,subvolid=267,subvol=/@/.snapshots)
devtmpfs on /.snapshots/12/snapshot/dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64)
tmpfs on /.snapshots/12/snapshot/dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64)
devtmpfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64)
tmpfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64)
devpts on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
hugetlbfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
devtmpfs on /.snapshots/11/snapshot/.snapshots/12/snapshot/dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64)
tmpfs on /.snapshots/11/snapshot/.snapshots/12/snapshot/dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64)
/dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/var/log type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/var/cache type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/var/lib/zypp type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/var/lib/ca-certificates type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/var/lib/alternatives type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/var/lib/selinux type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
overlay on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/etc type overlay (rw,relatime,lowerdir=/etc,upperdir=/var/lib/overlay/12/etc,workdir=/var/lib/overlay/12/work-etc)
/dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/boot/grub2/x86_64-efi type btrfs (rw,relatime,space_cache,subvolid=265,subvol=/@/boot/grub2/x86_64-efi)
/dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/boot/grub2/i386-pc type btrfs (rw,relatime,space_cache,subvolid=266,subvol=/@/boot/grub2/i386-pc)
proc on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/proc type proc (rw,nosuid,nodev,noexec,relatime)
systemd-1 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1468)
sysfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys type sysfs (rw,nosuid,nodev,noexec,relatime)
securityfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
cgroup2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
none on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
debugfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
tracefs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
configfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
/dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/root type btrfs (rw,relatime,space_cache,subvolid=261,subvol=/@/root)
/dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/boot/writable type btrfs (rw,relatime,space_cache,subvolid=264,subvol=/@/boot/writable)
/dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/.snapshots type btrfs (rw,relatime,space_cache,subvolid=267,subvol=/@/.snapshots)
/dev/vda2 on /tmp/transactional-update-GaoQwC type btrfs (rw,relatime,space_cache,subvolid=329,subvol=/@/.snapshots/12/snapshot)
devtmpfs on /tmp/transactional-update-GaoQwC/dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64)
tmpfs on /tmp/transactional-update-GaoQwC/dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64)
devpts on /tmp/transactional-update-GaoQwC/dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
hugetlbfs on /tmp/transactional-update-GaoQwC/dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M)
mqueue on /tmp/transactional-update-GaoQwC/dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime)
/dev/vda2 on /tmp/transactional-update-GaoQwC/var/log type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-GaoQwC/var/cache type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-GaoQwC/var/lib/zypp type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-GaoQwC/var/lib/ca-certificates type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-GaoQwC/var/lib/alternatives type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
/dev/vda2 on /tmp/transactional-update-GaoQwC/var/lib/selinux type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var)
overlay on /tmp/transactional-update-GaoQwC/etc type overlay (rw,relatime,lowerdir=/etc,upperdir=/var/lib/overlay/12/etc,workdir=/var/lib/overlay/12/work-etc)
/dev/vda2 on /tmp/transactional-update-GaoQwC/boot/grub2/x86_64-efi type btrfs (rw,relatime,space_cache,subvolid=265,subvol=/@/boot/grub2/x86_64-efi)
/dev/vda2 on /tmp/transactional-update-GaoQwC/boot/grub2/i386-pc type btrfs (rw,relatime,space_cache,subvolid=266,subvol=/@/boot/grub2/i386-pc)
proc on /tmp/transactional-update-GaoQwC/proc type proc (rw,nosuid,nodev,noexec,relatime)
systemd-1 on /tmp/transactional-update-GaoQwC/proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1468)
sysfs on /tmp/transactional-update-GaoQwC/sys type sysfs (rw,nosuid,nodev,noexec,relatime)
securityfs on /tmp/transactional-update-GaoQwC/sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
cgroup2 on /tmp/transactional-update-GaoQwC/sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot)
pstore on /tmp/transactional-update-GaoQwC/sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
none on /tmp/transactional-update-GaoQwC/sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700)
debugfs on /tmp/transactional-update-GaoQwC/sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime)
tracefs on /tmp/transactional-update-GaoQwC/sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime)
configfs on /tmp/transactional-update-GaoQwC/sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime)
fusectl on /tmp/transactional-update-GaoQwC/sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime)
/dev/vda2 on /tmp/transactional-update-GaoQwC/root type btrfs (rw,relatime,space_cache,subvolid=261,subvol=/@/root)
/dev/vda2 on /tmp/transactional-update-GaoQwC/boot/writable type btrfs (rw,relatime,space_cache,subvolid=264,subvol=/@/boot/writable)
/dev/vda2 on /tmp/transactional-update-GaoQwC/.snapshots type btrfs (rw,relatime,space_cache,subvolid=267,subvol=/@/.snapshots)
Thanks and Regards
--
Dario Faggioli, Ph.D
http://about.me/dario.faggioli
Virtualization Software Engineer
SUSE Labs, SUSE https://www.suse.com/
-------------------------------------------------------------------
<
Am 15.11.21 um 17:17 Uhr schrieb Dario Faggioli:
On Mon, 2021-11-15 at 16:10 +0000, Dario Faggioli wrote:
Hello,
since a recent update (I'm on 20211111 right now), if I try to start a flatpak, and tukit is "doing something", I get the following:
bwrap: Can't bind mount /oldroot/tmp on /newroot/tmp: Unable to mount source on destination: Operation not permitted error: Failed to sync with dbus proxy
Ok, not sure if it helps, but FWIW, this does not happen in 20211025.
In transactional-update 3.6 I indeed changed the mount behaviour; one thing was to simpify the mount structure (among others to prevent those recursive mounts on failures like you can see in the overly long list below), the other thing as you noted already was that /tmp is now a tmpfs mount (to avoid having to clean up manually). I'll have to take a look at what bwrap is trying to do here and see what I can do to fix this. Cheers, Ignaz
There, the lines in `mount` that have to do with 'tmp' (with a t-u shell open) are the following:
devtmpfs on /dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64) tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64) tmpfs on /run type tmpfs (rw,nosuid,nodev,size=1218844k,nr_inodes=819200,mode=755,inode64) tmpfs on /tmp type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=409600,inode64) tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=609400k,nr_inodes=152350,mode=700,uid=1000,gid=100,inode64) devtmpfs on /.snapshots/11/snapshot/dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64) tmpfs on /.snapshots/11/snapshot/dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64) /dev/vda2 on /tmp/transactional-update-WroRYj type btrfs (rw,relatime,space_cache,subvolid=328,subvol=/@/.snapshots/11/snapshot) devtmpfs on /tmp/transactional-update-WroRYj/dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64) tmpfs on /tmp/transactional-update-WroRYj/dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64) devpts on /tmp/transactional-update-WroRYj/dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) hugetlbfs on /tmp/transactional-update-WroRYj/dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M) mqueue on /tmp/transactional-update-WroRYj/dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime) /dev/vda2 on /tmp/transactional-update-WroRYj/var/log type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-WroRYj/var/cache type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-WroRYj/var/lib/zypp type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-WroRYj/var/lib/ca-certificates type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-WroRYj/var/lib/alternatives type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-WroRYj/var/lib/selinux type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) overlay on /tmp/transactional-update-WroRYj/etc type overlay (rw,relatime,lowerdir=/etc,upperdir=/var/lib/overlay/11/etc,workdir=/var/lib/overlay/11/work-etc) /dev/vda2 on /tmp/transactional-update-WroRYj/boot/grub2/x86_64-efi type btrfs (rw,relatime,space_cache,subvolid=265,subvol=/@/boot/grub2/x86_64-efi) /dev/vda2 on /tmp/transactional-update-WroRYj/boot/grub2/i386-pc type btrfs (rw,relatime,space_cache,subvolid=266,subvol=/@/boot/grub2/i386-pc) proc on /tmp/transactional-update-WroRYj/proc type proc (rw,nosuid,nodev,noexec,relatime) systemd-1 on /tmp/transactional-update-WroRYj/proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1468) sysfs on /tmp/transactional-update-WroRYj/sys type sysfs (rw,nosuid,nodev,noexec,relatime) securityfs on /tmp/transactional-update-WroRYj/sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) cgroup2 on /tmp/transactional-update-WroRYj/sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot) pstore on /tmp/transactional-update-WroRYj/sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) none on /tmp/transactional-update-WroRYj/sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700) debugfs on /tmp/transactional-update-WroRYj/sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime) tracefs on /tmp/transactional-update-WroRYj/sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime) configfs on /tmp/transactional-update-WroRYj/sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime) fusectl on /tmp/transactional-update-WroRYj/sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime) /dev/vda2 on /tmp/transactional-update-WroRYj/root type btrfs (rw,relatime,space_cache,subvolid=261,subvol=/@/root) /dev/vda2 on /tmp/transactional-update-WroRYj/boot/writable type btrfs (rw,relatime,space_cache,subvolid=264,subvol=/@/boot/writable) /dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots type btrfs (rw,relatime,space_cache,subvolid=267,subvol=/@/.snapshots) devtmpfs on /.snapshots/12/snapshot/dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64) tmpfs on /.snapshots/12/snapshot/dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64) devtmpfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64) tmpfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64) devpts on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) hugetlbfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M) mqueue on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime) devtmpfs on /.snapshots/11/snapshot/.snapshots/12/snapshot/dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64) tmpfs on /.snapshots/11/snapshot/.snapshots/12/snapshot/dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64) /dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/var/log type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/var/cache type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/var/lib/zypp type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/var/lib/ca-certificates type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/var/lib/alternatives type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/var/lib/selinux type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) overlay on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/etc type overlay (rw,relatime,lowerdir=/etc,upperdir=/var/lib/overlay/12/etc,workdir=/var/lib/overlay/12/work-etc) /dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/boot/grub2/x86_64-efi type btrfs (rw,relatime,space_cache,subvolid=265,subvol=/@/boot/grub2/x86_64-efi) /dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/boot/grub2/i386-pc type btrfs (rw,relatime,space_cache,subvolid=266,subvol=/@/boot/grub2/i386-pc) proc on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/proc type proc (rw,nosuid,nodev,noexec,relatime) systemd-1 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1468) sysfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys type sysfs (rw,nosuid,nodev,noexec,relatime) securityfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) cgroup2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot) pstore on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) none on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700) debugfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime) tracefs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime) configfs on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime) fusectl on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime) /dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/root type btrfs (rw,relatime,space_cache,subvolid=261,subvol=/@/root) /dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/boot/writable type btrfs (rw,relatime,space_cache,subvolid=264,subvol=/@/boot/writable) /dev/vda2 on /tmp/transactional-update-WroRYj/.snapshots/12/snapshot/.snapshots type btrfs (rw,relatime,space_cache,subvolid=267,subvol=/@/.snapshots) /dev/vda2 on /tmp/transactional-update-GaoQwC type btrfs (rw,relatime,space_cache,subvolid=329,subvol=/@/.snapshots/12/snapshot) devtmpfs on /tmp/transactional-update-GaoQwC/dev type devtmpfs (rw,nosuid,size=3035596k,nr_inodes=758899,mode=755,inode64) tmpfs on /tmp/transactional-update-GaoQwC/dev/shm type tmpfs (rw,nosuid,nodev,size=3047108k,nr_inodes=761777,inode64) devpts on /tmp/transactional-update-GaoQwC/dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000) hugetlbfs on /tmp/transactional-update-GaoQwC/dev/hugepages type hugetlbfs (rw,relatime,pagesize=2M) mqueue on /tmp/transactional-update-GaoQwC/dev/mqueue type mqueue (rw,nosuid,nodev,noexec,relatime) /dev/vda2 on /tmp/transactional-update-GaoQwC/var/log type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-GaoQwC/var/cache type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-GaoQwC/var/lib/zypp type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-GaoQwC/var/lib/ca-certificates type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-GaoQwC/var/lib/alternatives type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) /dev/vda2 on /tmp/transactional-update-GaoQwC/var/lib/selinux type btrfs (rw,relatime,space_cache,subvolid=258,subvol=/@/var) overlay on /tmp/transactional-update-GaoQwC/etc type overlay (rw,relatime,lowerdir=/etc,upperdir=/var/lib/overlay/12/etc,workdir=/var/lib/overlay/12/work-etc) /dev/vda2 on /tmp/transactional-update-GaoQwC/boot/grub2/x86_64-efi type btrfs (rw,relatime,space_cache,subvolid=265,subvol=/@/boot/grub2/x86_64-efi) /dev/vda2 on /tmp/transactional-update-GaoQwC/boot/grub2/i386-pc type btrfs (rw,relatime,space_cache,subvolid=266,subvol=/@/boot/grub2/i386-pc) proc on /tmp/transactional-update-GaoQwC/proc type proc (rw,nosuid,nodev,noexec,relatime) systemd-1 on /tmp/transactional-update-GaoQwC/proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=30,pgrp=1,timeout=0,minproto=5,maxproto=5,direct,pipe_ino=1468) sysfs on /tmp/transactional-update-GaoQwC/sys type sysfs (rw,nosuid,nodev,noexec,relatime) securityfs on /tmp/transactional-update-GaoQwC/sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime) cgroup2 on /tmp/transactional-update-GaoQwC/sys/fs/cgroup type cgroup2 (rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot) pstore on /tmp/transactional-update-GaoQwC/sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime) none on /tmp/transactional-update-GaoQwC/sys/fs/bpf type bpf (rw,nosuid,nodev,noexec,relatime,mode=700) debugfs on /tmp/transactional-update-GaoQwC/sys/kernel/debug type debugfs (rw,nosuid,nodev,noexec,relatime) tracefs on /tmp/transactional-update-GaoQwC/sys/kernel/tracing type tracefs (rw,nosuid,nodev,noexec,relatime) configfs on /tmp/transactional-update-GaoQwC/sys/kernel/config type configfs (rw,nosuid,nodev,noexec,relatime) fusectl on /tmp/transactional-update-GaoQwC/sys/fs/fuse/connections type fusectl (rw,nosuid,nodev,noexec,relatime) /dev/vda2 on /tmp/transactional-update-GaoQwC/root type btrfs (rw,relatime,space_cache,subvolid=261,subvol=/@/root) /dev/vda2 on /tmp/transactional-update-GaoQwC/boot/writable type btrfs (rw,relatime,space_cache,subvolid=264,subvol=/@/boot/writable) /dev/vda2 on /tmp/transactional-update-GaoQwC/.snapshots type btrfs (rw,relatime,space_cache,subvolid=267,subvol=/@/.snapshots)
Thanks and Regards
On Mon, 2021-11-15 at 21:06 +0100, Ignaz Forster wrote:
In transactional-update 3.6 I indeed changed the mount behaviour;
Right.
[...]
I'll have to take a look at what bwrap is trying to do here and see what I can do to fix this.
That would be great. :-)
As a further data point, it apparently is not only flatpak:
Error: unable to start container "16271fd6f71b3e0a2e0b392a5eaf2b000faf29656f2e4c3c32aebf0b0f2066ad":
container_linux.go:380: starting container process caused: process_linux.go:545: container init caused:
rootfs_linux.go:76: mounting "/tmp" to rootfs at "/tmp" caused: mount through procfd: operation not permitted: OCI permission denied
/usr/bin/toolbox: failed to start container 'toolbox-test-user'
It's also toolbox, which basically means this is a problem for podman
containers in general.
Which in turn means this is no MicroOS _Desktop_ only any longer, I
guess, and we probably want to fix it for MicroOS, Kubic, SLE-Micro and
whatever. :-)
Given this new info, let me know if you prefer me to open a bug, for
better tracking, or do anything else.
Thanks and Regards
--
Dario Faggioli, Ph.D
http://about.me/dario.faggioli
Virtualization Software Engineer
SUSE Labs, SUSE https://www.suse.com/
-------------------------------------------------------------------
<
Am 18.11.21 um 15:41 Uhr schrieb Dario Faggioli:
On Mon, 2021-11-15 at 21:06 +0100, Ignaz Forster wrote:
In transactional-update 3.6 I indeed changed the mount behaviour;
Right.
[...]
I'll have to take a look at what bwrap is trying to do here and see what I can do to fix this.
That would be great. :-)
The problem is that it tries to recursively mount everything from the root file system, and it stumbles over the fact that /tmp/transactional-update-xxx is mounted as "unbindable" (to prevent those recursive mounts). Now one could argue that this is wrong behavior and would fail on other systems, too, but I'm trying to fix this on the transactional-update side due to the next problem you mentioned.
As a further data point, it apparently is not only flatpak:
Error: unable to start container "16271fd6f71b3e0a2e0b392a5eaf2b000faf29656f2e4c3c32aebf0b0f2066ad": container_linux.go:380: starting container process caused: process_linux.go:545: container init caused: rootfs_linux.go:76: mounting "/tmp" to rootfs at "/tmp" caused: mount through procfd: operation not permitted: OCI permission denied /usr/bin/toolbox: failed to start container 'toolbox-test-user'
It's also toolbox, which basically means this is a problem for podman containers in general.
Yes, Richard also noticed and told me already.
Which in turn means this is no MicroOS _Desktop_ only any longer, I guess, and we probably want to fix it for MicroOS, Kubic, SLE-Micro and whatever. :-)
Tumbleweed. Just Tumbleweed. I've revoked my submissions for SLE* already.
Given this new info, let me know if you prefer me to open a bug, for better tracking, or do anything else.
I'll never complain about a bug report - then I don't have to create it ;-) Cheers, Ignaz
participants (2)
-
Dario Faggioli -
Ignaz Forster