On 21-07-2022 18:10, Josselin Poiret wrote: > bokr@bokr.com writes: >> Naively: >> >> Why does "the" guix daemon per se need root access at all? > The main thing is that all files in the store end up being written by > the guix daemon user. So if we want the files to be easily > substitutable, they'd need to have a fixed uid/gid, and the only one we > can guarantee is root. Other than that, it needs to use a bunch of > Linux namespaces to isolate the builds from the rest of the system, > which depending on the kernel build-time configuration might not be > possible when unprivileged. Also, resource savings on multi-user systems. And if the guix daemon is run as the regular user, then all other daemons (on Guix System) would need to be run as that user or as root to be able to access theirselves, which is bad from a security perspective. Greetings, Maxime.