***rekado_ is now known as rekado
***jackhill is now known as jackhill[m]
***jackhill[m] is now known as jackhill
<rekado>I just destroyed a server by running “guix shell -C --share=/etc” as root <rekado>after exiting the container /etc/passwd is empty <zimoun>and you did as a regular user, right? <rekado>no, I ran the container as root, because I wanted to drop privileges inside <rekado>I didn’t expect it to blow away /etc/passwd <zimoun>Spiderman effect… great power, … ouch! <rekado>used an exploit to become uid 0, then restored /etc/passwd from /etc/passwd- and /etc/group from /etc/group- <rekado>now I need to figure out what other files in /etc it would touch <civodul>i think /etc/{passwd,group,hosts} are the only things that should be touched, i think <rekado>I wonder if we can prevent this from happening <rekado>either by aborting or by using an overlay or something <rekado>admittedly, it *is* exceptionally stupid to 1) run this as root and 2) share /etc <civodul>right, i wouldn't dare say so, but i have to admit there's some truth in what you just wrote :-) <rekado>but I didn’t know I’d actually shoot me in the foot just because I’m handling a loaded gun. <rekado>the most annoying part: the test didn’t work <civodul>it's just one of the many ways to shoot oneself in the foot i guess <civodul>so i'm not sure special-casing --share=/etc for instance would really help <rekado>I’m having trouble with a shared installation of RStudio server. <rekado>this wouldn’t have happened with ESS <rekado>when rsession is started outside of a container it inexplicably loads system libraries <rekado>I don’t know why, but both RStudio and R play loose with LD_LIBRARY_PATH, so who knows <rekado>my thought was to hide the root file system <rekado>but then I realized I’d need to be able to authenticate users via PAM, so I shared parts of the system… <rekado>I’ll try this again without root and using only --expose where necessary <rekado>I think zimoun had a similar problem with rstudio loading a system variant of libgfortran <civodul>would be good to see where it ends up setting LD_LIBRARY_PATH <civodul>--expose=/etc might be just as bad, or it might fail when "guix shell" attempts to create /etc/{passwd,group,hosts} <rekado>using LD_LIBRARY_PATH is what rstudio does invariably before opening libR.so <rekado>definitely feels like hacking around a big no-no <rekado>it annoys me that RStudio doesn’t just do what ESS does: start R and talk to it over streams. Don’t use it as a library. This is the cause of a lot of trouble, and the reason why you can’t just use any custom variant of R with RStudio. <zimoun>yeah, I had troubles with RStudio too. Well, it is a big mess… and it is not straightforward to have RStudio from regular distro and use R and R packages from Guix. For RStudio, you have only one R… otherwise you pay. rekado fixed, IIUC, but we have to admit that Guix is fragile for big GUI apps as RStudio. <zimoun>the correct (if not the ONLY) way to use R. ;-) <zimoun>and cherry, you can also use it with Julia. ;-) <rekado>my patched RStudio lets you use different Rs from Guix, but it cannot let you use the system R. <zimoun>yeah but currently RStudio from guix-science is broken <rekado>could you please point me to a bug report (if it exists)? <rekado>I wonder if that’s the same problem I’m having <rekado>FWIW, rstudio from guix-science works for me when run as an unprivileged user inside of a container <zimoun>rekado: something as PurpleSym pointed. Yeah, it also starts in a container but it is not fully functional, IIRC. No bug report, I have not had the time yet to open one. <rekado>ah, sorry, i keep forgetting that you’re talking about the desktop version <zimoun>and you connect a regular RStudio from this server? (it is mysterious for me how RStudio works) <PurpleSym>RStudio Server provides a web interface, exactly like RStudio Desktop (which is based on qtwebsomething). <zimoun>Thanks for the explanation. Oulà, I have enough issues without adding javascript thing. :-) <rekado>it’s actually surprisingly usable <rekado>users here had much fewer problems with rserver, especially when running it on HPC nodes *rekado turns guix.install into a CRAN package