Error updating nix store on NFS: removing extended attribute ‘system.nfs4_acl’

[phi-gamma]

Issue description

Was about to update my nix-store a Fedora 25 workstation:

$ nix-channel --update
downloading Nix expressions from ‘https://d3g5gsiof5omrk.cloudfront.net/nixpkgs/nixpkgs-18.03pre116369.14cbeaa892/nixexprs.tar.xz’...
downloading ‘https://d3g5gsiof5omrk.cloudfront.net/nixpkgs/nixpkgs-18.03pre116369.14cbeaa892/nixexprs.tar.xz’... [8991/9145 KiB, 640.3 KiB/s]
$ nix-env -u
error: removing extended attribute ‘system.nfs4_acl’ from ‘/nix/store/ijxblasjbl4l53gd3cg3q49ci8nh6wj1-env-manifest.nix’: Input/output error

This used to work for years.

The store is located on an NFSv4 mount served over network. Its location is
~/.nix-store, bind-mounted at login to /nix.

Steps to reproduce

# set up nix and nixpkgs; then
$ nix-channel --update
$ nix-env -u

Technical details

• System: (NixOS: nixos-version, Ubuntu/Fedora: lsb_release -a, ...)

  $ uname -a
  Linux drift.m.i2n 4.12.11-200.fc25.x86_64 Compile glibc without -fstack-protector. #1 SMP Fri Sep 8 11:44:51 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux

• Nix version: (run nix-env --version)

  $ nix-env --version
  nix-env (Nix) 1.11.14

• Nixpkgs version: (run nix-instantiate --eval '<nixpkgs>' -A lib.nixpkgsVersion)

  $ nix-instantiate --eval '' -A lib.nixpkgsVersion
  "18.03pre114739.d0d905668c"

• Sandboxing enabled: (run grep build-use-sandbox /etc/nix/nix.conf)

Does not apply: Not NixOS.

[edolstra]

Probably caused by NixOS/nix@d798349.

[phi-gamma]

Looks like. Anything I can do?

[edolstra]

We can probably ignore system.nfs4_acl, as with security.selinux, but we'd have to be sure that this leaves no ACLs behind...

[phi-gamma]

Could this be made configurable? I imagine other situations may arise where users need to whitelist attributes because of an exotic setup.

[knedlsepp]

Just having the same problem on a Lustre file system:

error: removing extended attribute ‘lustre.lov’ from ‘/nix/store/y2y67fng7drrqlgfwf92mlf62lmgg7zj-perl-5.24.3/bin/perl5.24.3’: Permission denied

[tobiasBora]

Hello,
Any news? Because of that error I can't even install nix.

[knedlsepp]

@tobiasBora If you are willing to compile it manually, you can apply the patch supplied by phi-gamma. I've had success with that solution.
After bootstrapping, the following .config/nixpkgs/config.nix might be what you need:

{ 
  packageOverrides = pkgs: {
    nix = pkgs.nix.overrideAttrs(oldAttrs: {
      prePatch = ''
        substituteInPlace src/libstore/local-store.cc \
          --replace '(eaName == "security.selinux")' \
                    '(eaName == "security.selinux" || eaName == "system.nfs4_acl")'
      '';
    });
  };
}

[tobiasBora]

@knedlsepp : Thank you for the tip, but do you have any idea why this fix is not included upstream?

[adamnovak]

I'm having this issue in nix 2.0.2, which I just built manually from source. I'm confused as to how to apply the workaround @knedlsepp mentioned (since I'm just learning how to use nix); it looks like after dropping that file (in my home directory? Or somewhere in my nix store or state directories?) I need to use nix to rebuild nix. Is that likely to work if I can't update the channels? And how would I go about doing that?

EDIT: I applied the patch at #1584 by manually patching the nix source and rebuilding. Now I have a new error to solve.

[thomasjm]

I'm having this error in Nix 2.1.3 with a CephFS filesystem:

error: removing extended attribute 'ceph.dir.entries' from ...: Operation not supported

I'd also appreciate if this were made configurable, since indiscriminately removing xattrs from files can cause problems in unusual setups.

[v217]

Is this error related #71900 ?

[v217]

Is there an easier workaround like granting the chattr rights to the user, who does the single-user-installation of /nix in ubuntu?
sudo nix-env ... does not work.

[stale]

Thank you for your contributions.
This has been automatically marked as stale because it has had no activity for 180 days.
If this is still important to you, we ask that you leave a comment below. Your comment can be as simple as "still important to me". This lets people see that at least one person still cares about this. Someone will have to do this at most twice a year if there is no other activity.
Here are suggestions that might help resolve this more quickly:

1. Search for maintainers and people that previously touched the
   related code and @ mention them in a comment.
2. Ask on the NixOS Discourse. 3. Ask on the #nixos channel on
   irc.freenode.net.

[ymarco]

Still important to me. I have the same issue but with btrfs.compression.

[Kamilcuk]

Still important to me. I can't install nix because of this error. Is there any workaround I can do when installing?

[FeepingCreature]

Note the simple workaround of using NFSv3. (Worked when I ran into it just now.)

[kthommandra]

Linux kernel NFS client code disables removing system.nfs4_acl xattr
https://github.com/torvalds/linux/blob/9b76d71fa8be8c52dbc855ab516754f0c93e2980/fs/nfs/nfs4proc.c#L5947