Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

/proc is not readably by readFile #3539

Closed
guibou opened this issue Apr 26, 2020 · 3 comments
Closed

/proc is not readably by readFile #3539

guibou opened this issue Apr 26, 2020 · 3 comments

Comments

@guibou
Copy link
Contributor

guibou commented Apr 26, 2020

readFile and similar operations disallows reading from /proc. For example, on my system, /proc/meminfo contains a few lines, such as:

MemTotal:        8067164 kB
MemFree:         2833268 kB
...

However, reading them using builtins.readFile or "${/proc/meminfo}" results in empty string, without any warning / error:

$ nix repl
Welcome to Nix version 2.3.4. Type :? for help.

nix-repl> builtins.readFile "/proc/meminfo"
""

or:

nix-repl> f = "${/proc/meminfo}"
nix-repl> f                      
"/nix/store/rjxx1xy628gqs1nbl931xjahh5zr3cax-meminfo"
...

$ cat /nix/store/rjxx1xy628gqs1nbl931xjahh5zr3cax-meminfo

I don't understand this limitation.

I do understand that /proc output are not reproducibles, but this is the case of any file directly picked on the file system. I can use readFile on arbitrary files, such as builtins.readFile "/home/guibou/.vimrc" without any limitation, so why an arbitrary one on /proc`?

Actually, there is a trivial non-hermetic and dangerous workaround, /proc is readable at build time:

nix-repl> :l <nixpkgs>
Added 11766 variables.

nix-repl> :b runCommand "foo" {} ''cat /proc/meminfo > $out''                 
[1 built, 0.0 MiB DL]

this derivation produced the following outputs:
  out -> /nix/store/qfv5xyrxpll38y8iklymcw48y2sks985-foo

...

$ cat /nix/store/qfv5xyrxpll38y8iklymcw48y2sks985-foo | head -n 3
MemTotal:        8067164 kB
MemFree:         2829544 kB
MemAvailable:    4752268 kB

And that's normal, programs in the build sandbox must be able to read /proc to be able to work correctly. But this is really dangerous because this derivation is non reproducible at all. I can fix this problem by adding a builtins.currentTime in my derivation.

My feature request / discussion contains a few points:

  • I'd like to understand the limitation on /proc
  • Either remove this limitation or fail with an error or warning instead of an empty string.
@PkmX
Copy link

PkmX commented Apr 27, 2020

I think this is just due to the way Nix reads files:

if (fstat(fd, &st) == -1)

that it calls fstat to retrieve the file size so it can pre-allocate the buffer, but many files under /proc or /sys or /dev just report 0 or outright incorrect size.

@matthewbauer
Copy link
Member

I think this is a dupe of #3026

@guibou
Copy link
Contributor Author

guibou commented Apr 27, 2020

@matthewbauer Indeed, thank you. I can close that one and continue the discussion on 3026.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants