From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id yHh9BVmmSWK1VAEAgWs5BA (envelope-from ) for ; Sun, 03 Apr 2022 15:51:21 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id OPLSAlmmSWI1iAAA9RJhRA (envelope-from ) for ; Sun, 03 Apr 2022 15:51:21 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A84B02AE58 for ; Sun, 3 Apr 2022 15:51:20 +0200 (CEST) Received: from localhost ([::1]:46648 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nb0dT-0000PF-Ju for larch@yhetil.org; Sun, 03 Apr 2022 09:51:19 -0400 Received: from eggs.gnu.org ([209.51.188.92]:36990) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nb0d1-0000P3-H9 for guix-devel@gnu.org; Sun, 03 Apr 2022 09:50:51 -0400 Received: from sonic311-13.consmr.mail.bf2.yahoo.com ([74.6.131.123]:37834) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nb0cz-0002aS-6T for guix-devel@gnu.org; Sun, 03 Apr 2022 09:50:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.br; s=s2048; t=1648993847; bh=Ya/oiv7KNLoOC5JbkRsomCVKEPj64Hv7Gd58+YsUFj8=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From:Subject:Reply-To; b=p2QO8TdcphpEIldPaNLFitNEt/40WXZlCIpkC4DULF0brPF788H8FSUaRKQrBcTTa2LF+7BJ8/1UKBdJ6m1lpqcP2wGgWq4NmyI9zINMJ9IgzAUbpgxzlq/8PVe1k20aaxwDWAc3T0nZLfMZv7WtD9jdfCRLwiFEZ6z3qor64LUUA0fbil5tkQhmA76VhLVR7+J12uWZabWovmX9z6hpUxKq+OuZYbVEiKDzCkblxxu/MBrMzY6YIbvaB0wzScpISNZMA6wRaZQlAx149hamlW4tRjKSu8EK46aQ8V+0bAGvF9X1ySAZO7gFUoGT693iDPacibWwmHcNjA20yaw6Sg== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1648993847; bh=FWqlWwrXtAbhZ2jPFRgvLXxK5bJPNmdgoX46uUDY674=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=XzqZgSlStO3K3mRHrs5Zj8+W3GuNjrug5qqf+MDn7FIMMfx2WwWUYquv1+9q0KmudtEBjwALaP9TCNUXbaUaFuop7miJRs4aVhXxm8Z/WOUpWxYjkxPqaMBSwSs4kSK9Rau3/vSWq018Y1GLXLpOd89JIiVhTieqEAtV560IxGrGkZ//yL+Zy5OybFx/1q1mbjhn91IsK0kd2IsNQi+26EAvH4lS+DmEP8eJJ8TJfmeltgrIyzecw3umJXsUqeAUJ4i0iaTsRxSaE9mUBN+XAkI3JE9QPUfQCLFL9FEL50en8yfwEeuwn6WLhp94IIqhZOpIZ0RPK6EqVclwFijtPA== X-YMail-OSG: _I6OrF8VM1mwLcgiO0cXPh1ekHB1GFJvaP4SPNwBDlEYbIN37pKt.Xoe2Pe0k_b Ws7s5MdQ_6y_c86cDeckUtojZZcfe_ObZqklhuEnaiHiqcc9aCqgFjjSGYThhROFhh_oTXB_4r41 HJBEE0LTZE6IG8Ubi6yYnSjM7ZClF1DwgT.AK4pVwKX_npsfoxA5y2kS.Z9joD8HiTIoBzl_m9V1 0tDVnMnNqXyB67G.F5GUw1BIZYG7XfuDfDXbEjPNoO4Ak9_Y49LDyZ98cNcPZ5JuQWVBqxZ62wJ5 ElWjqpJFJU6NKa15FG4USukzKhCWlUc6fZEB5FuYgZX5Pl9w6oQ2.X35zBaSxRWR0qTzdlV6m.WK l3PWF5xuu9Sk72tQIK1iJOwptPds7cPj.qlziuzSR9PVTcauvY1gHIJYHouBhjz2.zJQuMczzJx1 jyoI1vCi1YGZv2FVF.Hqs1jkBwQ4LfZEJCBxU_ARD2M5332NXGySdLwsC4pAdD_vVlhshf3ayVOS 37FziJow6r0Pjb5DQTeRFICLPMqVD3cAgMXd3VJI68bi_uSXUKNG_shWMfY2YDGcg4IVY914GbgZ r_FR5vmVf2YSN725d1QXZvk9vpmeR7cKtPEPZkYi84DemKxdxaGq7YnDrefq9AXJuUGViYn7HNwy ZV5x.pKuqfDTpCAIq1e2VqbvJhRqHnhjOIoaECerwpwn5x9.NJ1wJ6PReyljyczRLYg.rMd9RaKO vOnt.rXbIkvqCl0CjKFI95zDM5t_0wsdLfIva9XrcS10ZVbOjDB3dbf1z7Vd7SOTvZUx2MLxF0IC f2fWhx1SkRI2YWPtzhoQEfkjAqGfi56xxdzP_fY7SVzmi_1rGwpCIwbs04uRj9X0xD4GfV5mWfui 0tPvjP3IJmeeHM3Usd8NSfJQ7eRDo2saZtB3oJxxoOfNIUxBqen5iWeoemJ2jeW0V_WenXQ28UF2 oHx3rqf4HxlL8XNgCrGMyrCW1PX1jn7kkS2XOysSADqk2nJZmRKah.FYVUpDToI0qg1zSUHyvQHA sapgKhqjzj01lUu0C2UCH_vuux.We8LSNb7l4r.5kfmVRpRQ_1a1Z.OTLiKMjriLWwTxdWgWulv9 _8yo8woCTh8VWSz1NEMiJ5jYpOzllR4AInAGS2k3IRXDH.NJb3EmsSEU.1MQdx1KGrKWyd9yIZtC k8UtZ5gmEexw4R4qO8bdHjuRLbkSmDQ3IVBjUvl6cpay42M5iSM2SHu.BfLiAGR.3FL0BEr83MB6 EgTz4voTMdd3jZ0u4lv4MaXluHsN1lLVoOGM8j25kl5X9__djZEkLUUxkDzLfGfzvSHM0LLRXHtq Y0oJUcrxxcAZEZ80OV1HjSV0Ol39vrRpr.PaiB.3ZP1veQnNQb6NcSvmILq3lgqSEuK4xya2BGxG AOxbyXuZI3vp_9ZQeMvbBT7D4ghHYVZ3o7Zw5CpP93_aDHdgNOublY8VD6GZ5Xu4WA4Qvbz0vI4a SxaB4LIVsZj1UDuptG3E0VttisOsVtKp19OJ5S8gLYQ_oB5kCFjYmEaiEGy1Kt8jPb7lcC9sOqXp BkT.xd_IdHgHqvt8Y7tpWAE6n8ZJdJi7IhD.Ova1VYdO2Uuc1sB61oRxQ8boQOM3b6Ym0bkDBDks ztAjUEJ4qzYy8kJSq0r9qkf6mYVL6vqE00OR1EoPM1SsQhP_l5tqNY5HMxCkuPDmhJrdpD1DNhuV d6D59Uv85nTux30_9NGjWdTi8XAaudo.UdKOISsGZF8P9HArqPyTvYAolthxDuGAKZKV0y40bF1N uiDRQ_IQVcojnJNARt57xEAk3cN36h0mWmcK01MGfEtxVywlqTSJgFCvFSfkalo2c2GMGiHU7v.8 lf2i4bHZN6tyTstNNYUz5jKJ0OlSjnamDVxjnHYlSYdR83S4pGxSraj74aU3tV60NBJFP46ZNsOr R8CrhOOLqGl83u0ftSlJcQfKcJaSa5HmCsfXVTfEX2aOIHMP5oq4cL0f..XoqU_GjBgRRcWQuc7q J25FSfM4uTfCocUmUJg.ketxjl1FbjB7twxZ3ldbUCYOAgz1b.dGLIoK8B5jWQDzTz3sVeNtGxBX DKwvYnQ1V12FDTWspNGncv4LKHipP_H.rJFRa5jts6cvzAoJckUXQfrearWa3Wr12RQZatiS20.m HUxtu3X7gNhuvVSSiwFDtaOyvTuFu.ubQTiHYxNix0pd_jfoz3p.PXaQ7RS7iAeHw..lXHpwGtfx 8aex9NcEL3vaCklW5NHU9k2gQxb6JsBfR5YWoN52wDMajaUP0muETT9kVK5H. X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.bf2.yahoo.com with HTTP; Sun, 3 Apr 2022 13:50:47 +0000 Received: by kubenode501.mail-prod1.omega.ir2.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID ec854b3efff3b99a7bddc0efbc35dbe8; Sun, 03 Apr 2022 13:50:42 +0000 (UTC) From: Antonio Carlos Padoan Junior To: Maxime Devos Cc: Ludovic =?utf-8?Q?Court=C3=A8s?= , guix-devel Subject: Re: lxc and subuid References: <87v8vwj5la.fsf.ref@yahoo.com.br> <87v8vwj5la.fsf@yahoo.com.br> <87pmm1p6h4.fsf@gnu.org> <155379df66e2bd76a411090460c3501db2ed2ea6.camel@telenet.be> Date: Sun, 03 Apr 2022 15:50:40 +0200 In-Reply-To: <155379df66e2bd76a411090460c3501db2ed2ea6.camel@telenet.be> (Maxime Devos's message of "Sat, 02 Apr 2022 15:52:11 +0200") Message-ID: <874k3atgwf.fsf@yahoo.com.br> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Mailer: WebService/1.1.20001 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Received-SPF: pass client-ip=74.6.131.123; envelope-from=acpadoanjr@yahoo.com.br; helo=sonic311-13.consmr.mail.bf2.yahoo.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=unavailable autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1648993880; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=Ya/oiv7KNLoOC5JbkRsomCVKEPj64Hv7Gd58+YsUFj8=; b=sNHvel40hoEFE0wG6vWyjZL5WpNz7RVAodjk8XfbRYp938HuaVfpvMHIVgT0OWAI7becQ6 xhUvAs5hdsW5JJ9yjKxKLIKBoYWU/6Mcb5WLH/LS5uWqviJgnRiR97b6Jw/kIfGuMYcNXa Jl00Mmz0sJkdA/RwFABpP7f+6ijfrCP6dxDzaqt/nBb+Gg2QPx3/HrnWxsyVcAvgo/zaAn eDstvdox3d+/eFgUR+gD4S8oAGBTQfljc7CyiqJmL5db87qi1aKimhqQQNIw7JCLkio3Qh fZBV4QFvd/W9uvhe8KSS+ZvujuGkHhXNNopqTc+dQ19Dz4OrW50jFhXtcNpLvg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1648993880; a=rsa-sha256; cv=none; b=YxgPl/rgZy/r7mQ+YqTdmGhyS4mZaiEySFZ2TrTRYON8MO4G/ywnWMR4u2AEiRI1Q1JNdd b7ZukDxiA3mbm62f8TieV0sq/WUqbBhDxt3ml5CKHfAIFHAQMLKU1ehAGiNVkopr7QGKSH 7GSCfv5kcHC/Yy+dRPreFhmLLGJDawsOxhRTaRTfA+NnbLKOIKiOrhTAy5ArY4lrGOaULA nNNLF7pan+JWLUsOnlsMT8IKfTayZtdwYpFC/hfQn7r3s9memq1iqFyoNAdYGfVU/LSW/W BTJq4NFjw4ByTtIiOMpF4015IbFeRUVUIVz7ytai4YF9nL3bmvVmknsSUi56YA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=yahoo.com.br header.s=s2048 header.b=p2QO8Tdc; dmarc=pass (policy=reject) header.from=yahoo.com.br; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -5.68 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=yahoo.com.br header.s=s2048 header.b=p2QO8Tdc; dmarc=pass (policy=reject) header.from=yahoo.com.br; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: A84B02AE58 X-Spam-Score: -5.68 X-Migadu-Scanner: scn0.migadu.com X-TUID: 9oBgFfyso2j/ Dears, I would like stress my original intend. It would be great to have a easy (supported/documented/secure) way to build foreign distributions containers in guix (an ubuntu, debian or centos container). It could be by means of lxc, lxd or singularity (or whatever). The idea is that guix system becomes the distribution to rule them all (and not the contrary). I tried to build a guix package for a recent singularity version, mainly because the one available in guix is old and perhaps broken. But I miserably failed. Actually I do not master Go and its library system. I finished installing a nix package on the top of guix and that is fine for today. I do not know how to help here but I would like to have the possibility to create these "foreign" containers easily in guix. This would really impr= ess the ones who do not yet know guix system. Maxime Devos writes: > Ludovic Court=C3=A8s schreef op vr 01-04-2022 om 10:12 [+0200]: >> Or we could unconditionally add 65536 subuids for each non-system user >> account; that=E2=80=99s what other distros seem to be doing. >>=20 >> I think we could take advantage of it for =E2=80=98guix system container= =E2=80=99: it >> could run in an unprivileged user namespace and map several UIDs in that >> namespace, such that it doesn=E2=80=99t need to run as root anymore. > > I think it will need to be conditional, because the container only has > access to 65536 uids. So if the container contains at least one non- > system user, then all available uids are occupied so there is no room > anymore for 'root' or per-service users ... > > Greetings, > Maxime. > Best regards, --=20 Antonio Carlos PADOAN JUNIOR GPG fingerprint: 243F 237F 2DD3 4DCA 4EA3 1341 2481 90F9 B421 A6C9