--user installs broken on tmpfs $HOME due to missing xattr support
probonopd opened this issue · 21 comments
Trying to follow the instructions from https://wiki.gnome.org/Projects/SandboxedApps/NightlyBuilds on Fedora 23, I get:
xdg-app install-runtime --user gnome org.gnome.Platform 3.18
...
error: While pulling runtime/org.gnome.Platform/x86_64/3.18 from remote gnome: Operation not supported
What distro are you on, and where did you get your build of xdg-app?
Oh, f23. So are you using the xdg-app distro package? Do you use that standard F23 kernel?
I am using Fedora-Live-Workstation-x86_64-23-10.iso (slightly changed to use overlayfs rather than device-mapper) loop-mounted with GRUB2 with its stock kernel. I followed ste steps from https://wiki.gnome.org/Projects/SandboxedApps/NightlyBuilds for getting xdg-app.
Can you do something like:
strace -o log -f xdg-app install-runtime --user gnome org.gnome.Platform 3.18
And attach "log" here?
Here is the failure:
3248 fsetxattr(14, "user.ostreemeta", "\0\0\0\0\0\0\0\0\0\0\201\244", 12, 0) = -1 EOPNOTSUPP (Operation not supported)
I guess overlayfs does not support xattrs?
(The EBADF are just from trying to close all possible fds before execing a child process).
If you just want to test this, you can try to install without the --user. Then you need to run it as root and it will install stuff in /var/xdg-app/, but it will not use xattrs.
All I could find on https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt is "On a file opened with O_RDONLY fchmod(2), fchown(2), futimesat(2) and fsetxattr(2) will fail with EROFS.".
I do not know how to test setxattr, but
[root@host me]# touch test
[root@host me]# strace -f setfattr -n foo -v bar test 2>&1 | grep attrexecve("/bin/setfattr", ["setfattr", "-n", "foo", "-v", "bar", "test"], [/* 35 vars */]) = 0
open("/lib64/libattr.so.1", O_RDONLY|O_CLOEXEC) = 3
setxattr("test", "foo", "bar", 3, 0) = -1 EOPNOTSUPP (Operation not supported)
write(2, "setfattr: test: Operation not su"..., 40setfattr: test: Operation not supported
These are my relevant mounts:
/dev/sdb1 /run/initramfs/isoscan vfat rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro 0 0
/dev/loop0 /run/initramfs/live iso9660 ro,relatime 0 0
/dev/loop6 /run/initramfs/squashfs squashfs ro,relatime 0 0
/dev/loop7 /run/sysroot ext4 ro,relatime,data=ordered 0 0
overlay / overlay rw,noatime,lowerdir=/run/sysroot,upperdir=/run/upper,workdir=/run/work 0 0
Thanks, testing without --user nor now, no longer getting the error, but needing no root rights is key for me.
What is /run/upper on?
Also, could you not mount (e.g. a bind mount) ~/.local/share/xdg-app (or even ~/) directly to a ext4 directory somewhere. I.e. there is no need for the user homedir to be overlayed, no?
run is a tmpfs.
Yes, that would be doable if I wanted a persistent system (which is not my use case though).
Yeah, tmpfs has no xattrs support unfortunately
That probably means that this solution is not going to work for Fedora live systems out-of-the-box then.
Yeah, i'll think some about it.
@alexlarsson do you still consider making this usable for Live systems?
It would be nice to have, but i can't really think of a good solution. Maybe one could create an ostree repo mode similar to bare-user that doesn't use xattrs, or one could look at adding xattrs to tmpfs.
Unfortunately, I have the same problem with nfs $HOME. Do you recommend the bind mounting workaround for people in that situation as well?
Symlink should work too. Or, install the apps in the system repo (/var/lib/xdg-app), althought that requires you to be root to install them. The later is the long-term plan for most xdg-app installs actually. I want to add a polkit enabled helper that lets users update/install signed apps from trusted remotes.
Cool, thanks! That sounds like a good plan.
This issue was moved to flatpak/flatpak#17