From mboxrd@z Thu Jan 1 00:00:00 1970 From: Pjotr Prins Subject: bug#34494: proot-based non-root setup: refusing to run with elevated privileges (UID 0) Date: Sat, 16 Feb 2019 07:34:52 +0100 Message-ID: <20190216063452.xllpdkhz4lc4jz4q@thebird.nl> References: <81415b97-6e02-33dc-a4da-b1b046d5a4e7@florian-thevissen.de> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([209.51.188.92]:48323) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1guthj-0005eT-G2 for bug-guix@gnu.org; Sat, 16 Feb 2019 01:44:05 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1guthi-0008LN-J7 for bug-guix@gnu.org; Sat, 16 Feb 2019 01:44:03 -0500 Received: from debbugs.gnu.org ([209.51.188.43]:50669) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1guthi-0008KX-FE for bug-guix@gnu.org; Sat, 16 Feb 2019 01:44:02 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1guthi-00021s-3c for bug-guix@gnu.org; Sat, 16 Feb 2019 01:44:02 -0500 Sender: "Debbugs-submit" Resent-Message-ID: Received: from eggs.gnu.org ([209.51.188.92]:48267) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1guthQ-0005d6-W3 for bug-Guix@gnu.org; Sat, 16 Feb 2019 01:43:45 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1guthP-0007WJ-5A for bug-Guix@gnu.org; Sat, 16 Feb 2019 01:43:44 -0500 Received: from mail.thebird.nl ([94.142.245.5]:34180) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1guthN-0007PI-DA for bug-Guix@gnu.org; Sat, 16 Feb 2019 01:43:43 -0500 Content-Disposition: inline In-Reply-To: <81415b97-6e02-33dc-a4da-b1b046d5a4e7@florian-thevissen.de> List-Id: Bug reports for GNU Guix List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-guix-bounces+gcggb-bug-guix=m.gmane.org@gnu.org Sender: "bug-Guix" To: Florian Thevissen Cc: bug-Guix@gnu.org Did you try something like proot -0 -b /proc -b /dev -b /etc -r . -b etc_guix/acl:/etc/guix/acl gnu/= store/vir3l..-guix-0.x/bin/guix-daemon --disable-chroot (note the extra -0 and chroot switches) and you should see on a guix pack= age install. That used to work. But maybe no longer? On Fri, Feb 15, 2019 at 09:39:21PM +0100, Florian Thevissen wrote: > Hi, >=20 > I am trying to get guix to run on a system where I do not have root > access, following a guide by pjotrp involving proot, here: > [1]https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.org= . >=20 > All guix operations that involve the script perform-download fail wi= th > the error: >=20 > guix perform-download: error: refusing to run with elevated > privileges (UID 0) >=20 > I am not sure if this hints at a bug in guix itself, but a comment i= n > the guix sources lets me assume so. It says in > package-management.scm:355 >=20 > =E2=80=9CNote that scripts like =E2=80=98guix perform-download=E2=80= =99 do not run as root > (=E2=80=A6)=E2=80=9D >=20 > In my setup, following this guide, however, it apparently is run as > root, and (assert-low-privileges) in the script perform-download.scm= :89 > acts accordingly by signalling the error and exiting. >=20 > (By the way - running guix-daemon with proot root privileges fails > (-0), and running it without (no -0) fails also.) >=20 > Now my question: why is perform-download run as root following pjotr= s > guide, and is there anything that can be done about it? >=20 > I am a bit at a loss here, being unfamiliar with the guix sources an= d > overall system setup. >=20 > Looking forward to help, thanks, >=20 > Florian > =E2=80=8B >=20 > References >=20 > 1. https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.org