I experimented with printf-based (well, format-based) debugging and pinpointed the cause. Guile VM apparently creates a new thread for GC. And this causes unshare to fail with EINVAL. Obviously, lighter containers (like that with just coreutils) are more likely to get set up before the GC kicks in.
Additionally, I observed that unshare sometimes succeeds even when the process is multithreaded. This has been making failures even less deterministic. I hunted the bug just today and noticed that it has meanwhile been addressed by the removal of some functionality that used unshare. I shall send a patch here nevertheless, just in case someone wants to bring that functionality back now. Also, my solution is just a quick workaround — disabling the GC in child and re-enabling it. It would be more correct to disable it before the clone call and re-enable it in parent, perhaps using dynamic-wind. Anyone, feel free to improve on the presented solution, I am done now. Best Wojtek -- W. Kosior website: https://koszko.org/koszko.html fediverse: https://friendica.me/profile/koszko/profile PGP fingerprint: E972 7060 E3C5 637C 8A4F 4B42 4BC5 221C 5A79 FD1A
pgplYw9xj65to.pgp
Description: OpenPGP digital signature
