linux-container: Inhibit GC thread creation in child.

The `unshare' system call with `CLONE_NEWUSER' cannot be used in multithreaded programs. Guile VM's automatic GC thread creation used to lead to nondeterministic failures in container creation, which uses this system call. * gnu/build/linux-container.scm (run-container): Disable GC in child after `(clone)' and re-enable after `(unshare)'. Fixes: #1169 Change-Id: I9df5412102509c13f74ab9911f6f06c0152d0a4f Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
2026-01-28 19:56:59 -06:00 · 2025-10-15 16:18:23 +02:00 · 2025-10-15 16:18:23 +02:00 · 3966f76297
commit 3966f76297
parent 5373d3b9aa
1 changed files with 3 additions and 0 deletions
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@ -266,6 +266,8 @@ that host UIDs (respectively GIDs) map to in the namespace."
     (let ((flags (namespaces->bit-mask namespaces)))
       (match (clone flags)
         (0
+          ;; Inhibit thread creation until after the unshare call.
+          (gc-disable)
          (call-with-clean-exit
           (lambda ()
             (close-port parent)
@ -320,6 +322,7 @@ that host UIDs (respectively GIDs) map to in the namespace."
                  ;; why unshare(CLONE_NEWUSER) can be used.
                  (let ((uid (getuid)) (gid (getgid)))
                    (unshare (logior CLONE_NEWUSER CLONE_NEWNS))
+                    (gc-enable)
                    (when (file-exists? "/proc/self")
                      (initialize-user-namespace (getpid)
                                                 host-uids