From mboxrd@z Thu Jan  1 00:00:00 1970
From: =?UTF-8?B?Q2xhZXMgV2FsbGluICjpn4vlmInoqqAp?=
	<gnu@clacke.user.lysator.liu.se>
Subject: Re: Running guix-daemon as an unprivileged user (Was: [PATCH]
	syscalls: setns: Skip binding if there is no such C function.)
Date: Mon, 17 Aug 2015 17:16:54 +0200
Message-ID: <CAGv_=Bryr2CpW5QZVkzjnEZkyyncmtgK7GXmr_v0OgEycuy-1w@mail.gmail.com>
References: <CAGv_=BpttjfOoLxnox7UsU+gDoZo8+vKDhiXuCyxZLhat0Jcjw@mail.gmail.com>
	<CAGv_=BoHVrMPeMw8WsOkRSW1_+n_EioxSHL6NSXkL-Pbopo+kQ@mail.gmail.com>
	<CAGv_=BrsFUpTWA9bHOE44mXPyOsQc0p8bjc9_D6PCK529Y96hQ@mail.gmail.com>
	<CAGv_=BoXi4EYw_1cYrqXAMdmh0U3bQXwfNbBGxdP73B6dQAYoA@mail.gmail.com>
	<20150817033358.580a0cdc@openmailbox.org>
	<CAJ=RwfZPhCvKs2eWnEYA-3Xu1hQetDBeoeMr5NweoJV+eCRrtQ@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:60080)
	by lists.gnu.org with esmtp (Exim 4.71) (envelope-from
	<SRS0+R+Ve=IY=clacke.user.lysator.liu.se=gnu@lysator.liu.se>)
	id 1ZRM9q-0008Ks-6n
	for guix-devel@gnu.org; Mon, 17 Aug 2015 11:17:11 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from
	<SRS0+R+Ve=IY=clacke.user.lysator.liu.se=gnu@lysator.liu.se>)
	id 1ZRM9p-00009Z-2l
	for guix-devel@gnu.org; Mon, 17 Aug 2015 11:17:06 -0400
In-Reply-To: <CAJ=RwfZPhCvKs2eWnEYA-3Xu1hQetDBeoeMr5NweoJV+eCRrtQ@mail.gmail.com>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: "Thompson, David" <dthompson2@worcester.edu>
Cc: guix-devel <guix-devel@gnu.org>, David Thompson <davet@gnu.org>

On Mon, Aug 17, 2015 at 4:34 PM, Thompson, David
<dthompson2@worcester.edu> wrote:
> On Mon, Aug 17, 2015 at 4:33 AM, Eric Bavier <ericbavier@openmailbox.org>=
 wrote:
>> On Mon, 17 Aug 2015 14:45:28 +0200
>> Claes Wallin (=E9=9F=8B=E5=98=89=E8=AA=A0) <gnu@clacke.user.lysator.liu.=
se> wrote:

>>> https://www.gnu.org/software/guix/manual/guix.html#Build-Environment-Se=
tup
>>>
>>> "If you are installing Guix as an unprivileged user, it is still
>>> possible to run guix-daemon provided you pass --disable-chroot."
>>>
>>
>> I have experimented with this a bit lately.  It works to some extent,
>> but I have had to apply a few patches to some package recipes.  Some
>> packages have failing tests (where presumably they would pass or be
>> skipped in the chroot), which I have disabled for the time being just
>> to move along.
>
> I think that to really make unprivileged use of Guix work acceptably,
> we need to use the user namespaces feature first introduced in Linux
> 3.8.  This would allow unprivileged users to build software in the
> same type of isolated environments that are used when running the
> daemon as root.


Working at all is acceptable to me.

Do namespaces really work for non-root? That's more awesome than I
expected. But without being able to point out how, it sounds to me
like it could easily be a privilege escalation waiting to happen,
unless you do it as compartmentalized as the Hurd does it ... which
Linux won't.

--=20
   /c