From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id WEQTFFldRGLgNQAAgWs5BA (envelope-from ) for ; Wed, 30 Mar 2022 15:38:33 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id iHQKDVldRGJsqQAAG6o9tA (envelope-from ) for ; Wed, 30 Mar 2022 15:38:33 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id A8C50122EC for ; Wed, 30 Mar 2022 15:38:32 +0200 (CEST) Received: from localhost ([::1]:40546 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nZYWt-0005Ol-89 for larch@yhetil.org; Wed, 30 Mar 2022 09:38:31 -0400 Received: from eggs.gnu.org ([209.51.188.92]:55490) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nZY8b-0002jQ-He for guix-devel@gnu.org; Wed, 30 Mar 2022 09:13:25 -0400 Received: from sonic311-13.consmr.mail.bf2.yahoo.com ([74.6.131.123]:33558) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nZY8Y-0007Je-VE for guix-devel@gnu.org; Wed, 30 Mar 2022 09:13:25 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com.br; s=s2048; t=1648646001; bh=kzRlI1A8Y/YC9xaRr+pww/4QYtFI1rc5d7BzPSF05Gg=; h=From:To:Cc:Subject:References:Date:In-Reply-To:From:Subject:Reply-To; b=eI2/+KidjW/7iTzuoSTzN1IMiwjP0QWKWCyvljeYi2KZ8gJAsfIPt1izTWWzSAgKZXWXvt52knRMkrZAMiMCIzt5Pn+8VdVXeU27K2t17rab8izuwhc5xUXfEmD4idujN/ee1vXtFBJfNkkH5DGpYxsLX9ROg33WYBJ14YySCl8TaNWPk3ypiaM/n6xqAw8SbKHsrTtRXzd5EEFJ4R2YjNxP53Pe3BaPNSnIDntrtHZK+Irel5210YWKcJr4qTOySaiH+PyuycymP04PIvEtaEWMkz7fB8LZx74trf/0KAbuBZkdlOXACE7X3efNhstLoFnWxGrsb4MxSYYj4uIPzw== X-SONIC-DKIM-SIGN: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s2048; t=1648646001; bh=5dNEC2lxAk7Oem3QVaq59zNI8fCzFV8nB3jKSJLV5gM=; h=X-Sonic-MF:From:To:Subject:Date:From:Subject; b=Ol3g5Gbe6AGNKep9fAgeFCmGhDeZn6SzTHZt511oMIZnCKrsiyb30v+ZPvDuQvNSilNKByTn+x/pzglxl81LNn1ESJ0Tx3Vi8oej/HkyeZQxIbh+ndTp96EEP4rtdKns0uHfn49zIJOydycjA9+G9eX3wDMixKxB/pnMw1+RXbn9AeHp97FY7l2EU3g3JSA7gI5GQ19MPjjf0GyUNVBPBP9eTAREwo11a9fGKiS/JYqFFCJrO7WMXNHnAgGwXNtYTXY1jCAwDH3WyDKQAKrubiFuC2n41pnIWAtS6ZfIdf2m6HeJ5/sXPaR68I7gdHnn19Wb6gcPzY7g/hypJeX9Tw== X-YMail-OSG: 6zOvEGYVM1l21LJdSHZBjdMOFoP5cuwHDHDRAJaXh0xN4klx4Fbt4PcPGvZIxgg 2Z31ZRlQ9vPhUmytie_.0fPnGrgnL730JaPw93uEQXSThCKajIqZSyy65r1vhh4bB0meR.2JPSyN LfD7Njo1CsJvd9iD9x2gZfY.F1WG.n5lcFS30zVgJ8V1wszy3RZDlkbWbDp6zGEA1mJk.VN_Ki8q tyI5TBSOoQNQ_E2LoXkDk4ILqrCu15EMh92JHWRjZbBzApjvFXVAb7kpu8WyC.SQPqx9rInRQDj7 AWSTJKmmC0t4EancHdv50ns2Yr8SxOioFL9UNxCawIu6ykneFjP15zuekOe_a0GnRZOHJ.uYniQe IiNHE8SIHfAiVomTN1ChKHBZQcHYpdmOLIMtF.S8WILX0qNinC2KEAygVGwS9qCP0tWU4wwW42qJ O5nDPC_yeXVRlVMikhSxdZmRkIW8hzYS0bsb4zmPyDTK__5yNv9G0.y54zb_H2rJjD2coI4BZw.a tilWtZ7fh9uTKnQPSlZ2CU9iUNKFixz7OcloOkrFnAnhMgYfFwSFoR.42jriY6MDWoM_D4naWmEE rodHwIjwi8zAnsfXHkCJy7mHWumOTImHu4xnQWkwtnxaSM.L_nTtZP8d14pR7A8hC1u9GfJf03Kq s3.lBlSRivtMtW2P93y3gWRVIhNeHxf4QJaxk_hWeYdt67or7BbsUXWZ.UqkHCjT95gmG8oHKDWA 7sPZIzXQDPiW9B.lkrYqxDAUq4VBK0rWGna.YnyRYbsv78rDQKLmRb.RnYNELuukisqeGYvIHpG_ YB2oR.GE_fFJYBdyZohAZmkXg2QWAw8A3kcbOiTnC5fzk1qKASdRVGBuOGMMznDH1FNzH9pHT_04 nOcV2VXNg5vgeE5nvHbS.lodjGdboiSCqinqe4wHpt.K7yjhG0BgbynTdixo.1gptFhR6.hcq78p IjhnHqSLZ1K.dGQl_MpM6yvUNyPzpWT8i6jUQwu2DD41vOSrUJx2eSg521Wg5yM9v2h3M2TVzGEA 46vIh0zO_k3N0QiKkntYu6JE4b5mZyI1SJ89JNCyVkCHCvJffm.iZqW3b_ubiyVRlU8HGOY.7Qa9 UPvttCiwzIF8WWCHTMwAAavCJV3UMS9yBNXX25oZHCGhE3I1b_.qoSRooVGJL4EagrjpKx3Pv50W z9MgCON157hNeTUMxzcVGDaYFVA.u.7NSYMQP0E_TIJEXQmdhR2RFu._MQ5Q8.z9WcrblJ24Mp6h Zf1P5oGzGA8NXFRV87CK9h4iv9VXKdbxMUD92dp02DW8fhpj1QJYaP1ylyjY1evkRLO0aXm3v2ui 0AlN9kDjf_LZr0LWWFeNH7gj1GOIG49lJiFy7AymlLjhsVXUP7rHoQtasgwqNhGVViNK1HWzCO7j 9uONGSfxVGtZgik9NIGEe_OS5Tmvjk8QirY15IrRA1VcU4Rge2QbnGKTtZK.9qCJnEkK_kR9LmgQ ORfwrTdtXAt8D.x9hBhSoCVZBOfr1TCL_scvdONF1CVWirOkdXujiSmth6nPkpUeOX8HMCYHxHq6 fUEBh6QMyQI2Za94.wiTGzZMvUhoJjjRV4fmxZnzTfqoVQQcAiPZZw7u.sjlHG6DbHGNqdwCHM7E rYh4xt_Af_HMuIE_XY7DyBFISurcLG5Jiqpc1DN47afOt3irPYTFT37ptXx7tAz.Fj1Z.3Sr3GKf fTtNfbrezCp0IbQ4X9O3oaoHrjqVowMO2Hr7RoMrMKmKOuOjwmaY6cLUSQPy_x_L7bXkN1mjKmFc XfGZ0.XTc8YasJ2DIjG.NO2eXVgbzX7XK24IQrJGWa2__x5os1SHMNSr2fzVVU19uRqtyaAy1Nl4 fUqnKMLAxV29fSbmJymLf2Ojppoj.FStXvhbpYk7vGbPj.1JIc39TGryzdqSVszB2Z1HvcX9_Ghk ZR5oKVGz9IjdW_3pF6uunghw6hGyZUQNX8h3pT4QH8N8kWhC42bKW3l0T51cVMLwaHgGsHekg6hc BigouZ5bvYEsmY9P0x8JyXBNjfOMkmeShAaSxRkdNtr.RXwfXRpNRYc.2tyD_TER66XdpcfVYQw2 TJ.ogkUoY7kEs3SRZEy5uoOLS7JRYOqOzAisqkAZo_seJymo7myQQ5siZsa6WdieFFlzwsq7MV5E lOJmSuOS0ZBJjr5h.pUKNY8OHhHMctcBg.e8MJR8F_GWOXL6.aJ4XouQcVzc1cQ1SZnQb4z3fpYr yTfHwht4G2jqT99z5DRb5ES6gK5uBHEIyiDA48hAkXpGKK6rMMi8i1T1zCXs8S23yvvK6aHpkcKP UTe_6dLa0N1ooKpQwhabrRBt7VCiErXNgsYe51vAgo24p4dqNeR.P X-Sonic-MF: Received: from sonic.gate.mail.ne1.yahoo.com by sonic311.consmr.mail.bf2.yahoo.com with HTTP; Wed, 30 Mar 2022 13:13:21 +0000 Received: by kubenode515.mail-prod1.omega.ir2.yahoo.com (VZM Hermes SMTP Server) with ESMTPA ID 14ec5f2a266f0e8fdf1c68c788414fce; Wed, 30 Mar 2022 13:13:19 +0000 (UTC) From: Antonio Carlos Padoan Junior To: Maxime Devos Cc: guix-devel Subject: Re: lxc and subuid References: <87v8vwj5la.fsf.ref@yahoo.com.br> <87v8vwj5la.fsf@yahoo.com.br> Date: Wed, 30 Mar 2022 15:13:17 +0200 In-Reply-To: (Maxime Devos's message of "Wed, 30 Mar 2022 13:30:22 +0200") Message-ID: <87v8vvtwgi.fsf@yahoo.com.br> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Mailer: WebService/1.1.19987 mail.backend.jedi.jws.acl:role.jedi.acl.token.atz.jws.hermes.yahoo Received-SPF: pass client-ip=74.6.131.123; envelope-from=acpadoanjr@yahoo.com.br; helo=sonic311-13.consmr.mail.bf2.yahoo.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: "Guix-devel" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1648647513; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=kzRlI1A8Y/YC9xaRr+pww/4QYtFI1rc5d7BzPSF05Gg=; b=RG3jpE+zW7M0PRImGacvKA0wu/PuyhNEV5gRTXnF8Np2sGrZ77AP43BJHofGnmktrRQpwx cA9DTi6BweTSbpNWe5z6McS7+Z0L0Vv5IgYLmrjQ/YErbaa/aUGS72GYmGDCvleARrzn8C jKatmfHwhBtKwM2ouzproHPOIYKEciBay+YisTeUsgPFd4eYMp3KXzoIvtYn94RtOo0qZa nvgw286hlGCfwKExyz9cGX2ySbqZJjpjTpE4Be936FBPMes4PQEGcCMglV5EoWqHTzqpyA cTWKQ6Xa6yCNLsIFQKLBCrZk880WxxZp2PS81FTkl6k9TXrlm/tqtSvf/lQo6A== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1648647513; a=rsa-sha256; cv=none; b=q/rYATzl6fMRIUru4PVs5ixXM20OjjVOwMpPOqpVVEdtj8TpcRgbGF6GBRvYXgU56Dw71w +8oQIHGRuCD91mSPSq/gxIYFDU03biGfZy7fcLP1qj4CiKOS5xupe7JvXPJL4Il4z4sPgi bDuP+Mv7lSl9ZEY+LDhAgyV0Zb/PbVk6Zn9v4mRGaRudlaDHqOEdUAPCE9cZV2+IK6suBn nmeLA8jP/QUjC6VMCAVtPIevZTgbLEwK/p/PkA0yKl9z9/z2errUXahJA611zyNLuLx/r1 cdhw0r3oR37GnArBT9xduqELH8gZVoSD7sAvJmqQQ3w+HzG2FiYoxEPs8z/C4Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=pass header.d=yahoo.com.br header.s=s2048 header.b="eI2/+Kid"; dmarc=pass (policy=reject) header.from=yahoo.com.br; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -4.07 Authentication-Results: aspmx1.migadu.com; dkim=pass header.d=yahoo.com.br header.s=s2048 header.b="eI2/+Kid"; dmarc=pass (policy=reject) header.from=yahoo.com.br; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: A8C50122EC X-Spam-Score: -4.07 X-Migadu-Scanner: scn1.migadu.com X-TUID: OVoOBtjbde7o Thanks Maxime, Maxime Devos writes: > Antonio Carlos Padoan Junior schreef op wo 30-03-2022 om 08:51 [+0200]: >> Hello, >> >> I'm trying to figure out how to set a unprivileged container using lxc >> in guix. I do not know either how to allocate subuid/gid space in guix, > > subuid/gid are _not_ unprivileged. They are an userspace feature by > the (privileged) setuid binary 'newuidmap', see > . > > I don't think there's currently a mechanism for that in Guix System, > except manually creating and modifying /etc/subuid appropriately and > installing the setuid binaries. However, I suppose that the 'user- > account' record could be extended to support subuid/subgid and > automatically create /etc/subuid. I created them manually as you suggested. But now I'm in trouble with the creation of virtual network interfaces for the container. It is not possible to follow the standard lxc documentation and apply it for guix directly. The same problem if I use lxd. I'm looking the "Singularity service" as an alternative for lxc but it seem it does not install the daemon (as per guix documentation). I have no idea how to properly proceed and set a viable singularity deamon in my machine. I will try docker service instead, but this is not exactly what I'm looking for (but I hope at least it will work). I have the feeling people create guix packages and services for personal use but without minimal documentation on how to use properly on guix. Please consider that as a critic from someone that has goodwill but who is a little bit frustrated today. > > Greetings, > Maxime > Best regards, -- Antonio Carlos PADOAN JUNIOR GPG fingerprint: 243F 237F 2DD3 4DCA 4EA3 1341 2481 90F9 B421 A6C9