nixos-rebuild fails with "unable to make filesystem XYZ private"

[bjornfor]

I have an autofs filesystem on /mnt/remote-pc1 that, when activated, mounts a CIFS share.

The way autofs works when pc1 is off is that programs accessing the mountpoint get "No such device" error.

The problem is that this somehow affects nixos-rebuild:

$ sudo nixos-rebuild boot
[...]
fetching path ‘/nix/store/5fcvqc7gnwz94zkrdf8wbh0nmxg6jq0x-grub-2.x-2015-11-16’...
fetching path ‘/nix/store/rkbmyphsifgl3423i8bbbksdda5m7782-libvirt-2.2.0’...
fetching path ‘/nix/store/bxw7mpfqng5qm1p3dbm5syg90if49724-zenity-2.32.1’...
building path(s) ‘/nix/store/8hfidzddi2x25dyl9vmn6q91wsic8gzd-apcupsd-scriptdir’
killing process 31562
killing process 31536
killing process 31534
error: while setting up the build environment: unable to make filesystem ‘/mnt/remote-pc1’ private: No such device

I see that the "unable to make filesystem XYZ private" message comes from Nix, hence this issue. What I don't understand is that the issue only affects nixos-rebuild, not nix-build.

Why does Nix care about filesystems in /mnt? Can we fix it?

UPDATE: This is with Nix 1.11.4 on NixOS 16.09.

[vcunat]

Your intention is not to have that FS available to the builders, right?

[bjornfor]

Correct. I don't expect (nor want) Nix to look at anything other than the build inputs.

[vcunat]

I unfortunately don't understand such details around bind-mounts and private mount namespaces on Linux, so I can't easily enough improve the code...

[bjornfor]

Hit this again, now with nix-build:

$ nix-build -A magic-wormhole  # arbitrary package that cause a local build
these derivations will be built:
  /nix/store/x3409b72mlkxgx267yqlwwfbpz7frwka-magic-wormhole-0.8.1.drv
building path(s) ‘/nix/store/a8lqlf6afv012rq20s4vl30lnyd1l0sj-magic-wormhole-0.8.1’
error: while setting up the build environment: unable to make filesystem ‘/run/media/bfo/Ubuntu.04 LTS amd64’ private: No such file or directory

I happen to have inserted a Ubuntu Live USB disk that has been automounted:

$ mount | grep Ubuntu
/dev/sdb1 on /run/media/bfo/Ubuntu 16.04 LTS amd64 type iso9660 (ro,nosuid,nodev,relatime,uid=1000,gid=100,iocharset=utf8,mode=0400,dmode=0500,uhelper=udisks2)

I'm running Nix 1.11.4 (from NixOS 16.09). With sandboxed builds.

[abbradar]

Hit this but with gvfs -- NixOS systems that use it (e.g. with Xfce) now can't use Nix without either unmounting this fs or (as @joachifm suggested) restarting Nix daemon.

[edolstra]

Might be fixed by https://github.com/NixOS/nix/pull/1139.

[Mic92]

The snippet is used by systemd and systemd on its own use autofs for .automount.

[bjornfor]

Hit this again today, with NixOS 17.03. @edolstra, https://github.com/NixOS/nix/pull/1139 hasn't made it to Nix stable, so I don't know whether it fixes this issue. (I don't want to upgrade to unstable out of fear of not being able to roll back Nix database schema.)

[peterhoeg]

It's not fixed on unstable. I hit it every now on an NFS mount but without any particular pattern to it.

[Mic92]

@peterhoeg what is the error message in your case. It should be:

error: while setting up the build environment: unable to make ‘/’ private mount

if the path is something else, your version is not using my patch.

[peterhoeg]

The path is indeed something else. Sometimes it's /storage/media and other times /storage/data - one is an NFS mount and the other btrfs.

[Mic92]

Then my guess is, that you are still using the nix stable.

[peterhoeg]

I'll keep an eye out for this - it is possible that it's only triggered when using nixops, which we use for the production servers running stable.

[stale[bot]]

I marked this as stale due to inactivity. → More info

[stale[bot]]

I closed this issue due to inactivity. → More info