From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id 4BlCAK2hXWHzNgAAgWs5BA (envelope-from ) for ; Wed, 06 Oct 2021 15:16:29 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id 2ISON6yhXWFCTAAA1q6Kng (envelope-from ) for ; Wed, 06 Oct 2021 13:16:28 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 8AC5E8524 for ; Wed, 6 Oct 2021 15:16:28 +0200 (CEST) Received: from localhost ([::1]:40358 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mY6mZ-0003Ws-LZ for larch@yhetil.org; Wed, 06 Oct 2021 09:16:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:43498) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mY6ic-0008Nm-Gi for guix-devel@gnu.org; Wed, 06 Oct 2021 09:12:22 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:49866) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1mY6ia-0004SK-Ga; Wed, 06 Oct 2021 09:12:20 -0400 Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:59144 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1mY6ia-0007oA-6z; Wed, 06 Oct 2021 09:12:20 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Maxime Devos Subject: Re: Code sharing between system and home services (was Re: On the naming of System and Home services modules.) References: <87tuiajdv1.fsf@yoctocell.xyz> <87a6k2ng48.fsf@dismail.de> <875yukdh6a.fsf@gnu.org> <87zgrrwlgy.fsf@gnu.org> <87k0isoo6o.fsf@gnu.org> <129eb4ca6dd24e150f360df431e294413e238ac8.camel@telenet.be> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 15 =?utf-8?Q?Vend=C3=A9miaire?= an 230 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 06 Oct 2021 15:12:17 +0200 In-Reply-To: <129eb4ca6dd24e150f360df431e294413e238ac8.camel@telenet.be> (Maxime Devos's message of "Mon, 04 Oct 2021 18:14:35 +0200") Message-ID: <874k9ujo0e.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: guix-devel@gnu.org, Xinglu Chen , Maxim Cournoyer , Andrew Tropin Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1633526188; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:list-id:list-help: list-unsubscribe:list-subscribe:list-post; bh=B9OuVE40K2/3sbSHLUhZSaW/zfzBDwcOM9aOpGfjoPQ=; b=b2EEIis1enUfAZjJvDPqE8tqLdoLaWPznYB4el8fz/cbB+6h7Qg5DiqehMxOUqFylIrwYz PgIiwrtzcq6hCoifRbGrKRbOV01Z6J4uONeFlzyscs/D9pzwZrtSoMBMLKg1wOR3Yx1yHL Z7xORX7xgD8U8Hw/Ep2B+ueNXNfIBF0ahBmJo4fq2xSQqKYs6PVViXFejb9kKob73ly1rf rum4bA/MGDtpy+kJo8OLp5LVncrUpMRbyI9BHzhqnzbvaN9bmIp5BQeyMD3uRAgUn3j4Vt H4YrScc9z2Uu3rq4lh76Vl1ebkufqimgrDloucUvU7b/Ew5ZBpQ5NUdcWLj9wA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1633526188; a=rsa-sha256; cv=none; b=UxuEMb4WtDCHu2GTFWQu4k0m9FLyFk6CQCvboexcHetjCMkTertB3MPCdl/58z8OxzDfjg yERhiBmMkfEM8LkqFts7xM+4EHclYEuUnJAiMrBnMq3JGx48TxLWykxNUiyxwgmMqwSscl Wy06m6jViI+HGnCl6zZpXykJ9ck6ooTLLuP/+WtwvoFrmhV7aPSrS9VYmaLuyYBI1xCXWP 9katUPrdoya6Y2VaSYwqJXySKSV/mr1TO5m8/GESC6qz2iSz1gImLWZiupuapKxZbJVK5N UVoIHH1ixrfGxOPio9p8yEWmsKm765ai0BPN3l+R9Cik5G2BvS/zl4mE4EcbEA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Spam-Score: -2.02 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org X-Migadu-Queue-Id: 8AC5E8524 X-Spam-Score: -2.02 X-Migadu-Scanner: scn1.migadu.com X-TUID: YXaHxWkJaiKf Hi, Maxime Devos skribis: > It might be possible to modify 'make-forkexec-constructor/container' to c= all > (exec-command (cons* newuidmap ARGUMENTS-TO-NEWUIDMAP command) ...), > where newuidmap is (search-input-file "newuidmap" '("/run/setuid-programs= " "/usr/sbin" "/sbin")). > That path should work on Guix System and many foreign distro, presuming t= he distro > is configured to make "newuidmap" setuid. That looks like opening the door to reproducibility issues. If we wanted to take that route, it might be slightly more aesthetically pleasing to rely on a service such as Bubblewrap, but the non-self-containment issue remains. Ludo=E2=80=99.