init: Permission denied

[nh2]

Got this on an Ubuntu 16.04 bare metal machine with LVM, on commit 8760ff5:

# ./install -g /dev/sda
>>> Checking environment... seems sane
>>> Unable to determine your grub boot device! Please specify with the -g option.
>>> NixOS installer (nixos-in-place)
>>>    GRUB => /dev/sda
>>>    Root => /dev/mapper/vg00-root (ext4)
>>>    ISO => nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso
>>>    Digital Ocean => false
>>>    Working directory => /tmp/tmp.PnD3RWwyCk
>>>    Extra config => /root/nixos-in-place/no-extra-config
>>> Continue? [yn] y
/tmp/tmp.PnD3RWwyCk ~/nixos-in-place
>>> Downloading NixOS nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso
--2017-09-01 14:12:31--  https://d3g5gsiof5omrk.cloudfront.net/nixos/16.09/nixos-16.09.680.4e14fd5/nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso
Resolving d3g5gsiof5omrk.cloudfront.net (d3g5gsiof5omrk.cloudfront.net)... 
52.85.22.85, 52.85.22.80, 52.85.22.64, ...
Connecting to d3g5gsiof5omrk.cloudfront.net (d3g5gsiof5omrk.cloudfront.net)|52.85.22.85|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 404750336 (386M) [application/octet-stream]
Saving to: ‘nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso’

nixos-minimal-16.09.680.4e14fd5-x 100%[============================================================>] 386.00M  34.7MB/s    in 15s     

2017-09-01 14:12:48 (25.3 MB/s) - ‘nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso’ saved [404750336/404750336]

>>> Validating checksum
nixos-minimal-16.09.680.4e14fd5-x86_64-linux.iso: OK
>>> Extracting ISO
mount: /dev/loop0 is write-protected, mounting read-only
Parallel unsquashfs: Using 2 processors
44678 inodes (49014 blocks) to write

[==================================================================================================================|] 49014/49014 100%

created 37671 files
created 13602 directories
created 7007 symlinks
created 0 devices
created 0 fifos
>>> Embarking stage1!
>>> Setting up chroot networking
>>> Looking for NixOS init... ./nix/store/2v9jfkpnggal20f0ahkz4p06s6cxhmcg-nixos-system-nixos-16.09.680.4e14fd5/init
>>> Looking for NixOS bash... ./nix/store/ddqnyrjdm9la6dwvdx50w65vmq712lbm-bash-4.3-p46/bin/bash
>>> Patching init
>>> Binding remaining environment
>>> Embarking stage2!
chroot: failed to run command ‘/./nix/store/2v9jfkpnggal20f0ahkz4p06s6cxhmcg-nixos-system-nixos-16.09.680.4e14fd5/init’: Permission denied

Not sure what the problem is.

[nh2]

Turns out this was because my /mnt was mounted with the noexec (is it possible that this is the default in Ubuntu 16.04?).

I solved it with mount -o remount,exec /tmp.

Ideally ./install would detect this.

[nh2]

is it possible that this is the default in Ubuntu 16.04?

Looks like the answer is no, and that this is just some "security improvement" shipped by default by my server hoster.

[jeaye]

Awesome job looking into this and I appreciate you reporting your results. I don't think remounting /tmp is something that nixos-in-place should do, especially since it may not be a separate partition or mount in the first place.

I do think it's good having this ticket to will help anyone who's searching for the issue. Are you good with closing this? Did you NixOS install go through smoothly?

[nh2]

I agree that it's not the script's job to remount /tmp.

I wonder though if it could check whether scripts from /tmp can be executed at the start, because the error can be so confusing and many hosters where you'd need nixos-in-place seem to like to do this. E.g. to place a bash script with no contents in the temporary dir it creates and execute it, and echo "Could not execute from /tmp, please check that it's not mounted noexec" if that fails.