search

NixOS / nix

Nix, the purely functional package manager
https://nixos.org/
GNU Lesser General Public License v2.1
11.51k stars 1.44k forks source link

can't install nix-2.3.7 on ChromeOS linux container: operation not permitted mounting /proc #4107

Open sneak opened 3 years ago

sneak commented 3 years ago 
++ export PATH=/home/jp/.nix-profile/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
++ PATH=/home/jp/.nix-profile/bin:/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
++ unset NIX_LINK
+ /nix/store/4vz8sh9ngx34ivi0bw5hlycxdhvy5hvz-nix-2.3.7/bin/nix-env -i /nix/store/4vz8sh9ngx34ivi0bw5hlycxdhvy5hvz-nix-2.3.7
installing 'nix-2.3.7'
error: while setting up the build environment: mounting /proc: Operation not permitted
+ echo '/tmp/nix-binary-tarball-unpack.mlW9tTwnCj/unpack/nix-2.3.7-x86_64-linux/install: unable to install Nix into your default profile'
/tmp/nix-binary-tarball-unpack.mlW9tTwnCj/unpack/nix-2.3.7-x86_64-linux/install: unable to install Nix into your default profile
+ exit 1
jp@penguin:~$ /nix/store/4vz8sh9ngx34ivi0bw5hlycxdhvy5hvz-nix-2.3.7/bin/nix-env -i /nix/store/4vz8sh9ngx34ivi0bw5hlycxdhvy5hvz-nix-2.3.7
installing 'nix-2.3.7'
error: while setting up the build environment: mounting /proc: Operation not permitted
1 jp@penguin:~$

/proc is mounted and there's stuff in there, but mounting/unmounting/remounting things inside of the container in which the linux support for ChromeOS runs is not generally permitted.

arcuru commented 3 years ago

This is a known bug in ChromeOS - https://bugs.chromium.org/p/chromium/issues/detail?id=1087937

And has shown up on the NixOS discourse - https://discourse.nixos.org/t/chrome-os-83-breaks-nix-sandboxing/6764/4

The workaround is to run sudo umount /proc/{cpuinfo,diskstats,meminfo,stat,uptime} and then try to install again. It worked for me on ChromeOS 85, but both those threads will point out it's not necessarily a good idea.

nathan-at-least commented 3 years ago

BTW- I always get tripped up on the work-arounds from reading those threads, so I documented literal cut-and-paste instructions for the workaround on ChromeOS in this lxd/lxc ticket. Let me know if those literal instructions work for anyone experiencing this, or if they do not.

domenkozar commented 2 years ago

Workaround is also to disable sandboxing, although that affects reproducibility/security of nix builds.

stale[bot] commented 2 years ago

I marked this as stale due to inactivity. → More info

ahoneybun commented 2 years ago

Sorry for reopening this but it looks like this didn't fix it at least with Nix 2.9.1, I needed to use this:

https://github.com/NixOS/nix/issues/4107#issuecomment-710196475

I also did it with single user as multi wasn't working for me.

kirillrdy commented 2 years ago

not sure if this helps, starting ChromeOS 103 ( which hasn't reached stable yet) nix works out of the box without any workarounds

ahoneybun commented 2 years ago

not sure if this helps, starting ChromeOS 103 ( which hasn't reached stable yet) nix works out of the box without any workarounds

That does help! Thank you for the report!