search

jeaye / nixos-in-place

Install NixOS on top of any existing Linux distribution without rebooting
MIT License
460 stars 57 forks source link

init: Permission denied #38

Open nh2 opened 7 years ago

nh2 commented 7 years ago

Got this on an Ubuntu 16.04 bare metal machine with LVM, on commit 8760ff58fa266d30b2175404134566218723e32a:

# ./install -g /dev/sda
>>> Checking environment... seems sane
>>> Unable to determine your grub boot device! Please specify with the -g option.
>>> NixOS installer (nixos-in-place)
>>>    GRUB => /dev/sda
>>>    Root => /dev/mapper/vg00-root (ext4)
>>>    ISO => nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso
>>>    Digital Ocean => false
>>>    Working directory => /tmp/tmp.PnD3RWwyCk
>>>    Extra config => /root/nixos-in-place/no-extra-config
>>> Continue? [yn] y
/tmp/tmp.PnD3RWwyCk ~/nixos-in-place
>>> Downloading NixOS nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso
--2017-09-01 14:12:31--  https://d3g5gsiof5omrk.cloudfront.net/nixos/16.09/nixos-16.09.680.4e14fd5/nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso
Resolving d3g5gsiof5omrk.cloudfront.net (d3g5gsiof5omrk.cloudfront.net)... 
52.85.22.85, 52.85.22.80, 52.85.22.64, ...
Connecting to d3g5gsiof5omrk.cloudfront.net (d3g5gsiof5omrk.cloudfront.net)|52.85.22.85|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 404750336 (386M) [application/octet-stream]
Saving to: ‘nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso’

nixos-minimal-16.09.680.4e14fd5-x 100%[============================================================>] 386.00M  34.7MB/s    in 15s     

2017-09-01 14:12:48 (25.3 MB/s) - ‘nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso’ saved [404750336/404750336]

>>> Validating checksum
nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso: OK
>>> Extracting ISO
mount: /dev/loop0 is write-protected, mounting read-only
Parallel unsquashfs: Using 2 processors
44678 inodes (49014 blocks) to write

[==================================================================================================================|] 49014/49014 100%

created 37671 files
created 13602 directories
created 7007 symlinks
created 0 devices
created 0 fifos
>>> Embarking stage1!
>>> Setting up chroot networking
>>> Looking for NixOS init... ./nix/store/2v9jfkpnggal20f0ahkz4p06s6cxhmcg-nixos-system-nixos-16.09.680.4e14fd5/init
>>> Looking for NixOS bash... ./nix/store/ddqnyrjdm9la6dwvdx50w65vmq712lbm-bash-4.3-p46/bin/bash
>>> Patching init
>>> Binding remaining environment
>>> Embarking stage2!
chroot: failed to run command ‘/./nix/store/2v9jfkpnggal20f0ahkz4p06s6cxhmcg-nixos-system-nixos-16.09.680.4e14fd5/init’: Permission denied

Not sure what the problem is.

nh2 commented 7 years ago

Turns out this was because my /mnt was mounted with the noexec (is it possible that this is the default in Ubuntu 16.04?).

I solved it with mount -o remount,exec /tmp.

Ideally ./install would detect this.

nh2 commented 7 years ago

is it possible that this is the default in Ubuntu 16.04?

Looks like the answer is no, and that this is just some "security improvement" shipped by default by my server hoster.

jeaye commented 7 years ago

Awesome job looking into this and I appreciate you reporting your results. I don't think remounting /tmp is something that nixos-in-place should do, especially since it may not be a separate partition or mount in the first place.

I do think it's good having this ticket to will help anyone who's searching for the issue. Are you good with closing this? Did you NixOS install go through smoothly?

nh2 commented 7 years ago

I agree that it's not the script's job to remount /tmp.

I wonder though if it could check whether scripts from /tmp can be executed at the start, because the error can be so confusing and many hosters where you'd need nixos-in-place seem to like to do this. E.g. to place a bash script with no contents in the temporary dir it creates and execute it, and echo "Could not execute from /tmp, please check that it's not mounted noexec" if that fails.