From mboxrd@z Thu Jan  1 00:00:00 1970
From: Ricardo Wurmus <ricardo.wurmus@mdc-berlin.de>
Subject: rootless Guix
Date: Sun, 7 Oct 2018 22:15:44 +0200
Message-ID: <87y3b9qzrj.fsf@mdc-berlin.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:49262)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <Ricardo.Wurmus@mdc-berlin.de>) id 1g9FbQ-0000Y0-KT
	for guix-devel@gnu.org; Sun, 07 Oct 2018 16:24:41 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <Ricardo.Wurmus@mdc-berlin.de>) id 1g9FSw-0005RZ-Ro
	for guix-devel@gnu.org; Sun, 07 Oct 2018 16:15:55 -0400
Received: from venus.bbbm.mdc-berlin.de ([141.80.25.30]:41340)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <Ricardo.Wurmus@mdc-berlin.de>)
	id 1g9FSw-0005Of-Fr
	for guix-devel@gnu.org; Sun, 07 Oct 2018 16:15:50 -0400
Received: from localhost (localhost [127.0.0.1])
	by venus.bbbm.mdc-berlin.de (Postfix) with ESMTP id 13BA3380581
	for <guix-devel@gnu.org>; Sun,  7 Oct 2018 22:15:46 +0200 (CEST)
Received: from venus.bbbm.mdc-berlin.de ([127.0.0.1])
	by localhost (venus.bbbm.mdc-berlin.de [127.0.0.1]) (amavisd-new,
	port 10024) with ESMTP id 7FVtzcdouRcI for <guix-devel@gnu.org>;
	Sun,  7 Oct 2018 22:15:45 +0200 (CEST)
Received: from SW-IT-P-CAS2.mdc-berlin.net (puck.citx.mdc-berlin.de
	[141.80.36.101])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits))
	(No client certificate requested)
	by venus.bbbm.mdc-berlin.de (Postfix) with ESMTPS
	for <guix-devel@gnu.org>; Sun,  7 Oct 2018 22:15:45 +0200 (CEST)
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: guix-devel@gnu.org

Hi,

it would be nice if we could simplify the case where a user does not
have root access, but the system supports user namespaces.

Currently, a user would have to perform a number of non-obvious steps to
somehow run the Guix daemon in an environment where the filesystem is
virtualized.  It would be great if we could better support this case,
maybe even simplify it to a point where the user does not have to even
start the daemon by themselves.

A user operating in this mode would lose the ability to share with other
users on the same system, of course.  By default Guix could store
everything in a subdirectory of ~/.local and map that to /gnu/store in
the container context.  Applications would also need to be run from
within that container context to ensure that /gnu/store file names are
resolved properly.

I think this would be especially useful for situations where =E2=80=9Cguix =
pack=E2=80=9D
is not sufficient.  =E2=80=9Cguix pack=E2=80=9D produces one-shot bundles, =
but it cannot
be composed.  A daemon+store-in-container setup would be extensible.

What do you think about this?  Can we automate the setup necessary for
this scenario and add better defaults?

--
Ricardo