From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms13.migadu.com with LMTPS id ML0oIWC73GbTigAAqHPOHw:P1 (envelope-from ) for ; Sat, 07 Sep 2024 20:45:20 +0000 Received: from aspmx1.migadu.com ([2001:41d0:403:4876::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0.migadu.com with LMTPS id ML0oIWC73GbTigAAqHPOHw (envelope-from ) for ; Sat, 07 Sep 2024 22:45:20 +0200 X-Envelope-To: larch@yhetil.org Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=SUTksUY3; dkim=fail ("headers rsa verify failed") header.d=autistici.org header.s=stigmate header.b=oZWma57x; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1725741920; h=from:from:sender:sender:reply-to:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=EC8DchDVsktw5cDAKxB42cyKhkwPv/LORbCqbMNimMg=; b=NX0MLzY+wQLYlpwISPP3qacSie+gE78NidZTWd1JzDyLlCBYCVS2bvECtFEa0jGdhvJC0b 5bWQ/Bg5HcBGEOZVtItKwNzpTUSvy/M9msvnHwdrQO4peTKxcPQOicdxCLG6bOcyDwR99v ktsOP+MNFbKmITIhQTIB2KXNj4Sjdxf1iLuoomBErLvYqHjDiF8WxBF6AlKLKXL1r+72nE IIyBv8sqFDmCM7c4H3yi+s16c//ArY6HEKoWQ0UPDhnbX89omsojVW2NgB8WNQ9Gg3NDyP VPyY5enmB3FWmJeNGy48A+pIaI3HbKgJTmx9ub7j4oJOuOj0//KpQTcDbBbVeQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=debbugs.gnu.org header.s=debbugs-gnu-org header.b=SUTksUY3; dkim=fail ("headers rsa verify failed") header.d=autistici.org header.s=stigmate header.b=oZWma57x; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org"; dmarc=pass (policy=none) header.from=gnu.org ARC-Seal: i=1; s=key1; d=yhetil.org; t=1725741920; a=rsa-sha256; cv=none; b=PWth2R/4bdkFrphZP1WCavBWOLTqZAWuE6ZOaBLN9uabn72wMSBCViLyf/KwJXS4atlwPM SVh7KxCtbR4/tBYzGPhtpWs6s9m+Hvc1gHkH2XiQnJhWFr/6Dm8yDtXqRw3C/6Y5YYj9pI OIAF6OAA6A8oQbgzHBqbKrNV5oqJylZbwGQ9968XmMK4RAlvoxI/WqyKFeMF094/jE+yRu fo1dSrzV27rCD1Jl8gIRchJ8P55Qave5VylbHnSJYQpUyYYC8eUzBpQgkwNDyhEctyn5sX 2nAnU0NA1ChF98mBo+aJ+nvwajSYk7/PnZiD/KjFFNjfUQR5QxyLPBRaP6ZuJg== Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 431C0767A9 for ; Sat, 07 Sep 2024 22:45:20 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1sn2Ir-0003yq-M1; Sat, 07 Sep 2024 16:45:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1sn2In-0003yI-F9 for guix-patches@gnu.org; Sat, 07 Sep 2024 16:45:01 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1sn2In-0000yf-1d for guix-patches@gnu.org; Sat, 07 Sep 2024 16:45:01 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=In-Reply-To:From:References:MIME-Version:Date:To:Subject; bh=EC8DchDVsktw5cDAKxB42cyKhkwPv/LORbCqbMNimMg=; b=SUTksUY3ADGIo0Ffkc+Hg86RSJt0tCjzuC8q2yZHWa7tSk4WJ99ARyb72uBwK0M1mBWAtzbA/OfWOhHMfBI9wUVYIBh75oz4UQp8FdUG6Lc5/N0YKnRNcj4A8jBWgF629+FDklpSc64RLDXRkHY4VkhYLzE642R5GJZuOARWvC/2M5/ZLiJNB/DiiONVjJjP6VglKlo4Xs0vTo2zAvhaXQ7P3yWFoLikcsZzjXi2WgbYPDrOFtNaTC8NDDGdLkLUKAYyoX7FuDGx3wp870if3BUaE2T1oZirKGoXugmJZMxxFTq46FS9l4lundUCdFmhTWwCPFIxG5hHC4SE22kQgA==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1sn2In-0003DE-Th for guix-patches@gnu.org; Sat, 07 Sep 2024 16:45:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#72337] Add /etc/subuid and /etc/subgid support Resent-From: paul Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sat, 07 Sep 2024 20:45:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 72337 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: To: Ludovic =?UTF-8?Q?Court=C3=A8s?= Cc: 72337@debbugs.gnu.org, Maxim Cournoyer , Florian Pelz , Matthew Trzcinski Received: via spool by 72337-submit@debbugs.gnu.org id=B72337.172574187512292 (code B ref 72337); Sat, 07 Sep 2024 20:45:01 +0000 Received: (at 72337) by debbugs.gnu.org; 7 Sep 2024 20:44:35 +0000 Received: from localhost ([127.0.0.1]:57674 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sn2IM-0003CC-Mz for submit@debbugs.gnu.org; Sat, 07 Sep 2024 16:44:35 -0400 Received: from confino.investici.org ([93.190.126.19]:24785) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1sn2II-0003By-KJ for 72337@debbugs.gnu.org; Sat, 07 Sep 2024 16:44:32 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=autistici.org; s=stigmate; t=1725741860; bh=EC8DchDVsktw5cDAKxB42cyKhkwPv/LORbCqbMNimMg=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=oZWma57xFv4NA38YH/q3GE00EniW+O0f8qC+aBZ8ukAYcHoGPAFeRhrJ5WOASGcxD NkdIEdhP6T+RUV70vxosjjj43CDj1TNYPpeUOFH3x1ccXXbuDqAds+Cir5kVyqw9Gs jbZLWAXp3/bsGntOGOqcPScHutLYhF7USQv6YtS0= Received: from mx1.investici.org (unknown [127.0.0.1]) by confino.investici.org (Postfix) with ESMTP id 4X1Q7S36zKz11Fl; Sat, 7 Sep 2024 20:44:20 +0000 (UTC) Received: from [93.190.126.19] (mx1.investici.org [93.190.126.19]) (Authenticated sender: goodoldpaul@autistici.org) by localhost (Postfix) with ESMTPSA id 4X1Q7S1q7xz112F; Sat, 7 Sep 2024 20:44:20 +0000 (UTC) Message-ID: <80b94cc3-bcb3-e5ab-1f2a-2731129874af@autistici.org> Date: Sat, 7 Sep 2024 22:44:19 +0200 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.15.0 Content-Language: en-US References: <8b0b9421e1347e0f0d6ce88c8eb66a5b6296cc0c.1724192097.git.goodoldpaul@autistici.org> <87zfon9kvt.fsf_-_@gnu.org> In-Reply-To: <87zfon9kvt.fsf_-_@gnu.org> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: paul X-ACL-Warn: , paul via Guix-patches From: paul via Guix-patches via Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: guix-patches-bounces+larch=yhetil.org@gnu.org X-Migadu-Country: US X-Migadu-Flow: FLOW_IN X-Spam-Score: -5.59 X-Migadu-Queue-Id: 431C0767A9 X-Migadu-Scanner: mx10.migadu.com X-Migadu-Spam-Score: -5.59 X-TUID: pYn7q2HzhBnl Hi Ludo’ , I'm sending an updated v4 patchset that should address most your comments. One point I'm not sure about is still how to use newuidmap. I've added a smoke test checking the content of /proc/self/uid_map inside a podman unshare command. I'm not sure that is sufficient but for a full Guile implementation I would wait for another issue if you agree. I still have to find a reliable smoke test. This is something I've been trying, without success so far :( . (use-modules (ice-9 popen)              ;(ice-9 rdelim)              ) (define pid (primitive-fork)) (if (= 0 pid)     (let ((port (pk 'port (open-output-pipe "bash"))))       (sleep 1)       (display "whoami\n" port)       (display "cat /proc/self/uid_map\n" port)       (display "cat /proc/self/gid_map\n" port)       (if (not (eqv? 0 (status:exit-val (close-pipe port))))           (error "Cannot run command")))     (begin       (system* "newuidmap" (number->string pid) "paul" "165536" "65536"))) Thank you for all your help in polishing this service, giacomo