From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: How to install guix without root permission
Date: Sat, 07 Jan 2017 22:06:53 +0100
Message-ID: <877f661swi.fsf@gnu.org>
References: <CAGKZdmYOgpPXZ-t3zuGqvJvO2chQG6xcM5HOX-QnC=FhzfwXrA@mail.gmail.com>
	<87tw9cmh75.fsf@gnu.org>
	<CAGKZdmacg1gvKoWwBnCJ1v-2bDBzHKGCpBBRDXJJ9ZCsWA2ZFA@mail.gmail.com>
	<87r34gkyj2.fsf@gnu.org>
	<CAGKZdmYYyqgfXEEKQ2W3edn-TPEWTKPjqoiUeAdaCwQJ1MpDng@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:41776)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1cPyCZ-0006HB-Ar
	for help-guix@gnu.org; Sat, 07 Jan 2017 16:07:00 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1cPyCW-0001T9-6G
	for help-guix@gnu.org; Sat, 07 Jan 2017 16:06:59 -0500
In-Reply-To: <CAGKZdmYYyqgfXEEKQ2W3edn-TPEWTKPjqoiUeAdaCwQJ1MpDng@mail.gmail.com>
	(rohit yadav's message of "Fri, 6 Jan 2017 17:26:11 -0600")
List-Id: <help-guix.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/help-guix/>
List-Post: <mailto:help-guix@gnu.org>
List-Help: <mailto:help-guix-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/help-guix>,
	<mailto:help-guix-request@gnu.org?subject=subscribe>
Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org
Sender: "Help-Guix" <help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org>
To: rohit yadav <rohityadav@utexas.edu>
Cc: help-guix@gnu.org

rohit yadav <rohityadav@utexas.edu> skribis:

> =E2=80=8B
> On Fri, Jan 6, 2017 at 9:18 AM, Ludovic Court=C3=A8s <ludo@gnu.org> wrote:
>
>  rohit yadav <rohityadav@utexas.edu> skribis:
>
>  > =E2=80=8BThanks for the reply. =E2=80=8BThe proot (https://proot-me.gi=
thub.io/) project
>  > allows you to map $HOME/gnu/store to /gnu/store etc. However, where I =
am
>  > struggling is the guixbuild users and group creation, and running guix
>  > daemon.
>
>  Yes, though PRoot relies on syscall interception using ptrace(2), which
>  is inefficient (which may or may not be a problem, depending on the
>  application).
>
> =E2=80=8B I am not greatly familiar with the lower level details of linux=
 kernel yet. How lot of these useful utilities work is not clear to me. I w=
ill probably work on it sometime (any references?). For now, the performance
> is not an issue. However, the main issue how to create guixbuild group an=
d users?=E2=80=8B

As I wrote to Tobias, it=E2=80=99s probably OK to use --disable-chroot (whi=
ch
alleviates the need for build users) and ask PRoot to restrict file
system access to /gnu/store.

Still not as good as what you get by running guix-daemon as root
(separate UIDs, access to specific /gnu/store items), but probably =E2=80=
=9Cgood
enough=E2=80=9D as a first approximation.

>  > I am using kernel 4+, which supports namespaces.
>
> =E2=80=8BHow should I check it?

Like this:

>  Yes, but some distributions compile it out or turn it off by default.
>  See
>  <http://git.savannah.gnu.org/cgit/guix.git/tree/guix/scripts/environment=
.scm#n517>,
>  for a way to check whether user namespaces are enabled.

HTH!

Ludo=E2=80=99.