From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([209.51.188.92]:33970) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h4n72-0002XW-Eh for guix-patches@gnu.org; Fri, 15 Mar 2019 09:43:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h4n71-0004Fd-65 for guix-patches@gnu.org; Fri, 15 Mar 2019 09:43:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:59160) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1h4n70-0004FR-UB for guix-patches@gnu.org; Fri, 15 Mar 2019 09:43:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1h4n70-0003LP-Jo for guix-patches@gnu.org; Fri, 15 Mar 2019 09:43:02 -0400 Subject: [bug#34859] [PATCH] pack: "-RR" produces PRoot-enabled relocatable binaries. Resent-Message-ID: From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20190314161026.15696-1-ludo@gnu.org> Date: Fri, 15 Mar 2019 14:41:48 +0100 In-Reply-To: <20190314161026.15696-1-ludo@gnu.org> ("Ludovic \=\?utf-8\?Q\?Cou\?\= \=\?utf-8\?Q\?rt\=C3\=A8s\=22's\?\= message of "Thu, 14 Mar 2019 17:10:26 +0100") Message-ID: <87ftro45lv.fsf@gnu.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 34859@debbugs.gnu.org Hi there! Ludovic Court=C3=A8s skribis: > @item --relocatable > @itemx -R > Produce @dfn{relocatable binaries}---i.e., binaries that can be placed > -anywhere in the file system hierarchy and run from there. For example, > -if you create a pack containing Bash with: > +anywhere in the file system hierarchy and run from there. > + > +When this option is passed once, the resulting binaries require support = for > +@dfn{user namespaces} in the kernel Linux; when passed > +@emph{twice}@footnote{Here's a trick to memorize it: @code{-RR}, which a= dds > +PRoot support, can be thought of as the abbreviation of ``Really > +Relocatable''. Neat, isn't it?}, relocatable binaries fall to back to P= Root > +if user namespaces are unavailable, and essentially work anywhere---see = below > +for the implications. For the record, we had discussed this idea a while back=C2=B9, and I was recently reminded of it when looking at udocker=C2=B2. Udocker has a third method to achieve file system virtualization, which is to use Debian=E2=80=99s Fakechroot=C2=B3. Fakechroot is an LD_PRELOAD-b= ased thing, so it=E2=80=99s more lightweight than PRoot but also more fragile. I don=E2=80=99t think it=E2=80=99d be interesting for us to support that meth= od in addition to user namespaces and PRoot. Thoughts? Ludo=E2=80=99. =C2=B9 https://lists.gnu.org/archive/html/guix-devel/2018-04/msg00252.html =C2=B2 https://github.com/indigo-dc/udocker/ =C2=B3 https://github.com/dex4er/fakechroot/wiki