Installing Nix fails on Ubuntu 18.04.1 LTS Error: cloning builder process: Invalid argument

[braedenf]

Hi

I am running Ubuntu Linux on my Windows 10 machine using WSL, I have installed may packages on WSL before and have not had many issues. I have tried various methods to install nix, but get similar results. I have seen related issues for Ubuntu, however the issue usually relates to permission errors.

Here is the output when I run curl https://nixos.org/nix/install | sh:

~$ curl https://nixos.org/nix/install | sh
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  2476  100  2476    0     0   8012      0 --:--:-- --:--:-- --:--:--  8012
downloading Nix 2.2.1 binary tarball for x86_64-linux from 'https://nixos.org/releases/nix/nix-2.2.1/nix-2.2.1-x86_64-linux.tar.bz2' to '/tmp/nix-binary-tarball-unpack.oRBavFjSIj'...
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 22.5M  100 22.5M    0     0  2368k      0  0:00:09  0:00:09 --:--:-- 1269k
performing a single-user installation of Nix...
copying Nix to /nix/store.................................
initialising Nix database...
installing 'nix-2.2.1'
error: cloning builder process: Invalid argument
error: unable to start build process
/tmp/nix-binary-tarball-unpack.oRBavFjSIj/unpack/nix-2.2.1-x86_64-linux/install: unable to install Nix into your default profile

[zarybnicky]

I have the same problem with Debian Stretch 9.6 running on an OpenVZ hypervisor.

Trying out strace leads me to the following lines that seem relevant:

[pid 28894] set_robust_list(0x7f723d5ebee0, 24) = 0
[pid 28894] ioctl(2, TCGETS, {B38400 opost isig icanon echo ...}) = 0
[pid 28894] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 28894] getuid()                    = 0
[pid 28894] setgroups(0, NULL)          = 0
[pid 28894] mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f723d49d000
[pid 28894] clone(child_stack=0x7f723d59cff0, flags=CLONE_PARENT|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWPID|CLONE_NEWNET|SIGCHLD) = -1 EINVAL (Invalid argument)
[pid 28894] clone(child_stack=0x7f723d59cff0, flags=CLONE_PARENT|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWIPC|CLONE_NEWUSER|CLONE_NEWNET|SIGCHLD) = -1 EINVAL (Invalid argument)
[pid 28894] write(2, "error: ", 7error: )      = 7
[pid 28894] write(2, "cloning builder process: Invalid"..., 41cloning builder process: Invalid argument) = 41
[pid 28894] write(2, "\n", 1
)           = 1
[pid 28894] exit_group(1)               = ?
[pid 28894] +++ exited with 1 +++

[zarybnicky]

Looking through http://man7.org/linux/man-pages/man2/clone.2.html#ERRORS - on my system it seems most likely to be one of the options NEWIPC, NEWNET, NEWPID, or NEWUTS, where the manpage says "[...] was specified in flags, but the kernel was not configured with the [...] option". And given my experience with the OpenVZ host, I'm inclined to think this is the problem.

[zarybnicky]

As for the WSL issue - googling leads me to issues like microsoft/WSL#2242, but every clone-related issue I found was already closed. @braedenf What's your WSL or Windows release?

[zarybnicky]

Or better: @braedenf can you also attach your strace output? Assuming we're using the same binary, this should work for you as well: sudo HOME=/root strace -f /nix/store/5hdmx9yk7gr71b98j4vh9271k0zg5jis-nix-2.2.1/bin/nix-env -i /nix/store/5hdmx9yk7gr71b98j4vh9271k0zg5jis-nix-2.2.1.

[braedenf]

The OS version of Windows I am using is : 17134.523. I do not have the ~/nix/.. directory as the nix installer didn't get that far. Do you think I need to configure my profile for nix to build correctly, as that is what the error seems to indicate?

[braedenf]

I have done some digging and the common issue with WSL and Nix is that WSL's system paths are too long. I have enabled NTFS Win32 long path support, however I still have the same error. The error I get with the strace command is - 85error: the group 'nixbld' specified in 'build-users-group' does not exist ) = 85
Here is my strace output:

[pid 474] unlink("/nix/var/nix/db/db.sqlite-wal") = 0 [pid 474] fcntl(4, F_SETLK, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=1073741824, l_len=2}) = 0 [pid 474] fcntl(4, F_SETLK, {l_type=F_UNLCK, l_whence=SEEK_SET, l_start=0, l_len=0}) = 0 [pid 474] fstat(4, {st_mode=S_IFREG|0644, st_size=53248, ...}) = 0 [pid 474] stat("/nix/var/nix/db/db.sqlite", {st_mode=S_IFREG|0644, st_size=53248, ...}) = 0 [pid 474] close(4) = 0 [pid 474] brk(0x1941e000) = 0x1941e000 [pid 474] close(3) = 0 [pid 474] write(2, "\33[31;1merror:\33[0m the group 'nix"..., 85error: the group 'nixbld' specified in 'build-users-group' does not exist ) = 85 [pid 474] exit_group(1) = ? [pid 475] <... rt_sigtimedwait resumed> <unfinished ...>) = ? [pid 475] +++ exited with 1 +++ [pid 476] <... futex resumed>) = ? [pid 476] +++ exited with 1 +++ [pid 477] <... futex resumed>) = ? [pid 478] <... futex resumed>) = ? [pid 477] +++ exited with 1 +++ [pid 478] +++ exited with 1 +++ [pid 479] <... futex resumed>) = ? [pid 480] <... futex resumed>) = ? [pid 479] +++ exited with 1 +++ [pid 480] +++ exited with 1 +++ [pid 481] <... futex resumed>) = ? [pid 482] <... futex resumed>) = ? [pid 481] +++ exited with 1 +++ [pid 474] +++ exited with 1 +++ +++ exited with 1 +++

[braedenf]

It looks as though the issue may relate to "/nix/var/nix/db/db.sqlite".

[symphorien]

Can you try installing nix after having created /etc/nix/nix.conf with content

sandbox = false

?
The sandbox uses user namespaces and Error: cloning builder process: Invalid argument is typically associated to unsupported user namespaces.

[zarybnicky]

The installer refuses to start when /etc/nix exists, but I'll try to work around it

[MartinPotier]

Exact same error on CentOS Linux release 7.6.1810 (Core)

EDIT: although, creating echo 'sandbox = false' > /etc/nix/nix.conf beforehand allows the install to finish.

[braedenf]

I added sandbox = false to the nix.conf file which got further in the install, but got hung on waiting for the sql-db to intialise. So, I also added use-sqlite-wal = false to the nix.conf file, which was a suggestion on #2292. Now the install of nix has installed successfully, even though through a work around. Thanks for all the help!

[zarybnicky]

I was unable to install using the installer itself after creating nix.conf (due to There are some relics of a previous installation of Nix at /etc/nix, the check if [ -d /etc/nix ]; then), but after patching the installer to ignore /etc/nix, I got a bit further:

GC Warning: pthread_getattr_np or pthread_attr_getstack failed for main thread
installing 'nix-2.2.1'
error: while setting up the build environment: unable to load seccomp BPF program: Invalid argument

Strace shows me a different error when running sudo HOME=/root strace -f /nix/store/5hdmx9yk7gr71b98j4vh9271k0zg5jis-nix-2.2.1/bin/nix-env -i /nix/store/5hdmx9yk7gr71b98j4vh9271k0zg5jis-nix-2.2.1:

[pid 29597] prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) = 0
[pid 29597] seccomp(SECCOMP_SET_MODE_STRICT, 1, NULL) = -1 ENOSYS (Function not implemented)
[pid 29597] prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, {len=45, filter=0x1130ef20}) = -1 EINVAL (Invalid argument)
[pid 29597] write(2, "\1while setting up the build envi"..., 94 <unfinished ...>

The solution for this is #1882 - setting filter-syscalls = false in nix.conf. It seems my OpenVZ host has a very limited set of kernel features - neither user namespacing, nor seccomp.

I'm still getting GC Warning: pthread_getattr_np or pthread_attr_getstack failed for main thread though on every nix-* invocation (and several times when calling nix-info), and that's something I didn't find a solution to anywhere.

[braedenf]

Oh wow so OpenVZ has only the root namespace? Seems like linux sub-environments that have peculiar kernel configurations are a pain point for Nix. Maybe a solution would be to have a guided install for Nix, that prompts the user about what kind of setup is available for their system. Such as one option for a regular setup, another for a custom setup and so on. Anyway i'll leave a contributor to close this issue, as there are some work around solutions available here.

[jlou2u]

workaround for me was to use 2.1.3 installer:

sh <(curl https://nixos.org/releases/nix/nix-2.1.3/install) --daemon

[mekosmowski]

I added sandbox = false to the nix.conf file which got further in the install, but got hung on waiting for the sql-db to intialise. So, I also added use-sqlite-wal = false to the nix.conf file, which was a suggestion on #2292. Now the install of nix has installed successfully, even though through a work around. Thanks for all the help!

This worked for me with the Debian WSL.

[symphorien]

The installer refuses to start when /etc/nix exists, but I'll try to work around it

By the way, for a single user install, you can put the configuration in ~/.config/nix/nix.conf instead, and the installer will not refuse to run.

[matthiasbeyer]

Can reproduce on CentOS7, doing a echo 'sandbox = false' > /etc/nix/nix.conf helps.

[DanielFabian]

Could someone point me to the install script that does the single-user install? It would be really nice to add the two workarounds into the install script.

It should be fairly easy to verify that this only happens on WSL according to StackOverflow

[domenkozar]

https://github.com/NixOS/nix/blob/master/scripts/install-nix-from-closure.sh

[edolstra]

Nix (build.cc, not the installer) should detect whether user namespaces are available, and if not, refrain from using them.

[limaner2002]

The installer refuses to start when /etc/nix exists, but I'll try to work around it

By the way, for a single user install, you can put the configuration in ~/.config/nix/nix.conf instead, and the installer will not refuse to run.

I can confirm that adding the following options in ~/.config/nix/nix.conf works.

sandbox = false
use-sqlite-wal = false

Running the install script then succeeded. Tested on Windows 10 Subsystem for Linux using Ubuntu 18.04 and nix version 2.2.2.

[MarSoft]

Had similar problem while trying to repair NixOS partition mounted on a non-NixOS system. Could not change /etc/nix/nix.conf because it is static; this is what worked for me:

# nixos-rebuild --option sandbox false --option filter-syscalls false build

Note that filter-syscalls is insecure but I had to enable it because otherwise I got error: while setting up the build environment: unable to load seccomp BPF program: Invalid argument.

[stale]

I marked this as stale due to inactivity. → More info

[nixos-discourse]

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/cross-compilation-failing-with-nix-and-docker-on-macos/22169/4