From 3966f7629723c68e49b66fdf05feab901f8741ac Mon Sep 17 00:00:00 2001
From: "W. Kosior" <koszko@koszko.org>
Date: Wed, 15 Oct 2025 16:18:23 +0200
Subject: [PATCH] linux-container: Inhibit GC thread creation in child.

The `unshare' system call with `CLONE_NEWUSER' cannot be used in multithreaded
programs.  Guile VM's automatic GC thread creation used to lead to
nondeterministic failures in container creation, which uses this system call.

* gnu/build/linux-container.scm (run-container): Disable GC in child after
`(clone)' and re-enable after `(unshare)'.

Fixes: #1169
Change-Id: I9df5412102509c13f74ab9911f6f06c0152d0a4f
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
---
 gnu/build/linux-container.scm | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index b6f8563f7d0..25890ec0a13 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -266,6 +266,8 @@ that host UIDs (respectively GIDs) map to in the namespace."
      (let ((flags (namespaces->bit-mask namespaces)))
        (match (clone flags)
          (0
+          ;; Inhibit thread creation until after the unshare call.
+          (gc-disable)
           (call-with-clean-exit
            (lambda ()
              (close-port parent)
@@ -320,6 +322,7 @@ that host UIDs (respectively GIDs) map to in the namespace."
                   ;; why unshare(CLONE_NEWUSER) can be used.
                   (let ((uid (getuid)) (gid (getgid)))
                     (unshare (logior CLONE_NEWUSER CLONE_NEWNS))
+                    (gc-enable)
                     (when (file-exists? "/proc/self")
                       (initialize-user-namespace (getpid)
                                                  host-uids