Installing Nix fails on Ubuntu 18.04.1 LTS Error: cloning builder process: Invalid argument

Hi

I am running Ubuntu Linux on my Windows 10 machine using WSL, I have installed may packages on WSL before and have not had many issues. I have tried various methods to install nix, but get similar results. I have seen related issues for Ubuntu, however the issue usually relates to permission errors.

Here is the output when I run curl https://nixos.org/nix/install | sh:

~$ curl https://nixos.org/nix/install | sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2476  100  2476    0     0   8012      0 --:--:-- --:--:-- --:--:--  8012
downloading Nix 2.2.1 binary tarball for x86_64-linux from 'https://nixos.org/releases/nix/nix-2.2.1/nix-2.2.1-x86_64-linux.tar.bz2' to '/tmp/nix-binary-tarball-unpack.oRBavFjSIj'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 22.5M  100 22.5M    0     0  2368k      0  0:00:09  0:00:09 --:--:-- 1269k
performing a single-user installation of Nix...
copying Nix to /nix/store.................................
initialising Nix database...
installing 'nix-2.2.1'
error: cloning builder process: Invalid argument
error: unable to start build process
/tmp/nix-binary-tarball-unpack.oRBavFjSIj/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile

[zarybnicky]

I have the same problem with Debian Stretch 9.6 running on an OpenVZ hypervisor.

Trying out strace leads me to the following lines that seem relevant:

[pid 28894] set_robust_list(0x7f723d5ebee0, 24) = 0
[pid 28894] ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
[pid 28894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 28894] getuid()                    = 0
[pid 28894] setgroups(0, NULL)          = 0
[pid 28894] mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f723d49d000
[pid 28894] clone(child_stack=0x7f723d59cff0, flags=CLONE_PARENT|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) = -1 EINVAL (Invalid argument)
[pid 28894] clone(child_stack=0x7f723d59cff0, flags=CLONE_PARENT|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWNET|SIGCHLD) = -1 EINVAL (Invalid argument)
[pid 28894] write(2, "error: ", 7error: )      = 7
[pid 28894] write(2, "cloning builder process: Invalid"..., 41cloning builder process: Invalid argument) = 41
[pid 28894] write(2, "\n", 1
)           = 1
[pid 28894] exit_group(1)               = ?
[pid 28894] +++ exited with 1 +++

[zarybnicky]

Looking through http://man7.org/linux/man-pages/man2/clone.2.html#ERRORS - on my system it seems most likely to be one of the options NEWIPC, NEWNET, NEWPID, or NEWUTS, where the manpage says "[...] was specified in flags, but the kernel was not configured with the [...] option". And given my experience with the OpenVZ host, I'm inclined to think this is the problem.

[zarybnicky]

As for the WSL issue - googling leads me to issues like microsoft/WSL#2242, but every clone-related issue I found was already closed. @BraedenF What's your WSL or Windows release?

[zarybnicky]

Or better: @BraedenF can you also attach your strace output? Assuming we're using the same binary, this should work for you as well: sudo HOME=/root strace -f /nix/store/5hdmx9yk7gr71b98j4vh9271k0zg5jis-nix-2.2.1/bin/nix-env -i /nix/store/5hdmx9yk7gr71b98j4vh9271k0zg5jis-nix-2.2.1.

The OS version of Windows I am using is : 17134.523. I do not have the ~/nix/.. directory as the nix installer didn't get that far. Do you think I need to configure my profile for nix to build correctly, as that is what the error seems to indicate?

I have done some digging and the common issue with WSL and Nix is that WSL's system paths are too long. I have enabled NTFS Win32 long path support, however I still have the same error. The error I get with the strace command is - 85error: the group 'nixbld' specified in 'build-users-group' does not exist ) = 85
Here is my strace output:

[pid 474] unlink("/nix/var/nix/db/db.sqlite-wal") = 0 [pid 474] fcntl(4, F_SETLK, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=1073741824, l_len=2}) = 0 [pid 474] fcntl(4, F_SETLK, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0 [pid 474] fstat(4, {st_mode=S_IFREG|0644, st_size=53248, ...}) = 0 [pid 474] stat("/nix/var/nix/db/db.sqlite", {st_mode=S_IFREG|0644, st_size=53248, ...}) = 0 [pid 474] close(4) = 0 [pid 474] brk(0x1941e000) = 0x1941e000 [pid 474] close(3) = 0 [pid 474] write(2, "\33[31;1merror:\33[0m the group 'nix"..., 85error: the group 'nixbld' specified in 'build-users-group' does not exist ) = 85 [pid 474] exit_group(1) = ? [pid 475] <... rt_sigtimedwait resumed> <unfinished ...>) = ? [pid 475] +++ exited with 1 +++ [pid 476] <... futex resumed>) = ? [pid 476] +++ exited with 1 +++ [pid 477] <... futex resumed>) = ? [pid 478] <... futex resumed>) = ? [pid 477] +++ exited with 1 +++ [pid 478] +++ exited with 1 +++ [pid 479] <... futex resumed>) = ? [pid 480] <... futex resumed>) = ? [pid 479] +++ exited with 1 +++ [pid 480] +++ exited with 1 +++ [pid 481] <... futex resumed>) = ? [pid 482] <... futex resumed>) = ? [pid 481] +++ exited with 1 +++ [pid 474] +++ exited with 1 +++ +++ exited with 1 +++

It looks as though the issue may relate to "/nix/var/nix/db/db.sqlite".

[symphorien]

Can you try installing nix after having created /etc/nix/nix.conf with content

sandbox = false

?
The sandbox uses user namespaces and Error: cloning builder process: Invalid argument is typically associated to unsupported user namespaces.

[zarybnicky]

The installer refuses to start when /etc/nix exists, but I'll try to work around it

[MartinPotier]

Exact same error on CentOS Linux release 7.6.1810 (Core)

EDIT: although, creating echo 'sandbox = false' > /etc/nix/nix.conf beforehand allows the install to finish.

I added sandbox = false to the nix.conf file which got further in the install, but got hung on waiting for the sql-db to intialise. So, I also added use-sqlite-wal = false to the nix.conf file, which was a suggestion on #2292. Now the install of nix has installed successfully, even though through a work around. Thanks for all the help!

[zarybnicky]

I was unable to install using the installer itself after creating nix.conf (due to There are some relics of a previous installation of Nix at /etc/nix, the check if [ -d /etc/nix ]; then), but after patching the installer to ignore /etc/nix, I got a bit further:

GC Warning: pthread_getattr_np or pthread_attr_getstack failed for main thread
installing 'nix-2.2.1'
error: while setting up the build environment: unable to load seccomp BPF program: Invalid argument

Strace shows me a different error when running sudo HOME=/root strace -f /nix/store/5hdmx9yk7gr71b98j4vh9271k0zg5jis-nix-2.2.1/bin/nix-env -i /nix/store/5hdmx9yk7gr71b98j4vh9271k0zg5jis-nix-2.2.1:

[pid 29597] prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
[pid 29597] seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 ENOSYS (Function not implemented)
[pid 29597] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=45, filter=0x1130ef20}) = -1 EINVAL (Invalid argument)
[pid 29597] write(2, "\1while setting up the build envi"..., 94 <unfinished ...>

The solution for this is #1882 - setting filter-syscalls = false in nix.conf. It seems my OpenVZ host has a very limited set of kernel features - neither user namespacing, nor seccomp.

I'm still getting GC Warning: pthread_getattr_np or pthread_attr_getstack failed for main thread though on every nix-* invocation (and several times when calling nix-info), and that's something I didn't find a solution to anywhere.

Oh wow so OpenVZ has only the root namespace? Seems like linux sub-environments that have peculiar kernel configurations are a pain point for Nix. Maybe a solution would be to have a guided install for Nix, that prompts the user about what kind of setup is available for their system. Such as one option for a regular setup, another for a custom setup and so on. Anyway i'll leave a contributor to close this issue, as there are some work around solutions available here.