On 21-07-2022 18:10, Josselin Poiret wrote:

bokr@bokr.com writes:

Naively:

Why does "the" guix daemon per se need root access at all?

The main thing is that all files in the store end up being written by
the guix daemon user.  So if we want the files to be easily
substitutable, they'd need to have a fixed uid/gid, and the only one we
can guarantee is root.  Other than that, it needs to use a bunch of
Linux namespaces to isolate the builds from the rest of the system,
which depending on the kernel build-time configuration might not be
possible when unprivileged.

Also, resource savings on multi-user systems. And if the guix daemon is run as the regular user, then all other daemons (on Guix System) would need to be run as that user or as root to be able to access theirselves, which is bad from a security perspective.

Greetings,
Maxime.