linux-container: Inhibit GC thread creation in child. The `unshare' system call with `CLONE_NEWUSER' cannot be used in multithreaded programs. Guile VM's automatic GC thread creation used to lead to nondeterministic failures in container creation, which uses this system call. * gnu/build/linux-container.scm (run-container): Disable GC in child after `(clone)' and re-enable after `(unshare)'. Fixes: #1169 Change-Id: I9df5412102509c13f74ab9911f6f06c0152d0a4f Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
1 files changed, 3 insertions(+), 0 deletions(-) M gnu/build/linux-container.scm
M gnu/build/linux-container.scm => gnu/build/linux-container.scm +3 -0
@@ 266,6 266,8 @@ that host UIDs (respectively GIDs) map to in the namespace." (let ((flags (namespaces->bit-mask namespaces))) (match (clone flags) (0 ;; Inhibit thread creation until after the unshare call. (gc-disable) (call-with-clean-exit (lambda () (close-port parent) @@ 320,6 322,7 @@ that host UIDs (respectively GIDs) map to in the namespace." ;; why unshare(CLONE_NEWUSER) can be used. (let ((uid (getuid)) (gid (getgid))) (unshare (logior CLONE_NEWUSER CLONE_NEWNS)) (gc-enable) (when (file-exists? "/proc/self") (initialize-user-namespace (getpid) host-uids