search

DeterminateSystems / nix-installer

Install Nix and flakes with the fast and reliable Determinate Nix Installer, with over 7 million installs.
https://determinate.systems
GNU Lesser General Public License v2.1
2.31k stars 58 forks source link

Fedora Silverblue, nix-env causing "error: getting status of '/run/lock/lvm/default.nix': Permission denied" #904

Open usrfriendly opened 8 months ago

usrfriendly commented 8 months ago

I followed a guide to get nix installed in multi-user mode on Fedora Silverblue. I managed to get nix installed using Determinate Systems' installer following this guide. (I believe this is multi-user?)

My first goal was to get a Tidalcycles environment set up, which I'm doing via nix-shell with the following configuration:

requires nix-gl

let
  nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-23.11";
  pkgs = import nixpkgs { config = {}; overlays = []; };
in

pkgs.mkShellNoCC {
  packages = with pkgs; [
    pipewire.jack
    supercollider-with-sc3-plugins
    (haskellPackages.ghcWithPackages (self : [
      self.tidal
    ]))
  ];
}

This sits in ~/Nix/Tidal, and when I run nix-shell, it generates the shell with nix-shell --keep-derivations to ensure the derivations are available offline. This part is working just fine.

I'm trying to install some packages that are less fiddly and more boilerplate, and have the following configuration in ~/.config/nixpkgs/config.nix taken directly from the NixOS wiki:

{
  packageOverrides = pkgs: with pkgs; {
    myPackages = pkgs.buildEnv {
      name = "my-packages";
      paths = [
        neovim
      ];
    };
  };
}

When I attempt to run nix-env -f. -iA I get the following:

$ nix-env -iA myPackages -f.
error: getting status of '/run/lock/lvm/default.nix': Permission denied

The above error returns zero results on google without the commmand, and all I can find is issues related to nix package locks which are not the above issue. I also get "permission denied" if I try to view /run/lock/lvm/default.nix without being root (on my system, via sudo su to elevate), and the directory is empty.

I also re-ran the installer after cleaning up, and even trying a single-user install, and have completely nuked my nix setup before re-following that guide and verifying I didn't do anything weird, like run things as root that shouldn't have been. This appears to be a nix-specific issue, but if it's a Fedora Silverblue-related issue, I would be curious if it was something this installer could add as a fix along with the rest of the adjustments (like the SELinux rules, etc).

usrfriendly commented 8 months ago

I saw other issues with lockfiles and modified the directory, /run/lock/lvm to have perms of 777, to allow writing to it, and I assume locking of these files locally? It also worked with 666, which I set to be a little more secure.

I was able to run nix -iA neovim to install it as a test, so this seemed to be a read/write permissions issue there. I'm quite sure this is rather far from best practices, as well, but it at least provides some helpful insight into what's going on.