Hi Ludo, Ludovic Courtès writes: > I can think of several ways to address that: > > 1. Change the exec* wrappers in libfakechroot such that, on ENOENT, > they try a direct ld.so invocation to run program, like > ‘run-in-namespace.c’ does. > > Problem is that for this to work correctly, it would need to > compute the ‘--library-path’ argument at run time, by computing the > equivalent of (map dirname (file-needed/recursive program)). > Impractical at best. > > 2. Wrap/graft every package in the closure (as opposed to generating > wrappers for just those packages that appear in the profile, which > is what ‘guix pack’ currently does). > > The downside is that the “userns” and “proot” execution engines > don’t need something this heavyweight: they just need a leaf > package to be wrapped. > > 3. Ignore the problem. After all, we’re talking about a corner case > of the “fakechroot” engine, which is a niche within a niche. > > Food for thought… I would like to be proven wrong, but I don't think anyone has run into this, and there are other possible engines (that do require more privileges, sure). It seems quite non-trivial to fix, so this can probably go on the back-burner until someone actually complains (please do so). Best, -- Josselin Poiret