guix_mirror_bot pushed a commit to branch master
in repository guix.
commit 3966f7629723c68e49b66fdf05feab901f8741ac
Author: W. Kosior <[email protected]>
AuthorDate: Wed Oct 15 16:18:23 2025 +0200
linux-container: Inhibit GC thread creation in child.
The `unshare' system call with `CLONE_NEWUSER' cannot be used in
multithreaded
programs. Guile VM's automatic GC thread creation used to lead to
nondeterministic failures in container creation, which uses this system
call.
* gnu/build/linux-container.scm (run-container): Disable GC in child after
`(clone)' and re-enable after `(unshare)'.
Fixes: #1169
Change-Id: I9df5412102509c13f74ab9911f6f06c0152d0a4f
Signed-off-by: Maxim Cournoyer <[email protected]>
---
gnu/build/linux-container.scm | 3 +++
1 file changed, 3 insertions(+)
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index b6f8563f7d..25890ec0a1 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -266,6 +266,8 @@ that host UIDs (respectively GIDs) map to in the namespace."
(let ((flags (namespaces->bit-mask namespaces)))
(match (clone flags)
(0
+ ;; Inhibit thread creation until after the unshare call.
+ (gc-disable)
(call-with-clean-exit
(lambda ()
(close-port parent)
@@ -320,6 +322,7 @@ that host UIDs (respectively GIDs) map to in the namespace."
;; why unshare(CLONE_NEWUSER) can be used.
(let ((uid (getuid)) (gid (getgid)))
(unshare (logior CLONE_NEWUSER CLONE_NEWNS))
+ (gc-enable)
(when (file-exists? "/proc/self")
(initialize-user-namespace (getpid)
host-uids
