From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Thompson, David" Subject: Re: Non-privileged daemons and offloading Date: Mon, 20 Jun 2016 08:44:53 -0400 Message-ID: References: <5766991A.1020505@uq.edu.au> <87y460709u.fsf@gnu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:50017) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bEyZc-00084R-L5 for help-guix@gnu.org; Mon, 20 Jun 2016 08:45:05 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bEyZS-00058b-B0 for help-guix@gnu.org; Mon, 20 Jun 2016 08:45:03 -0400 Received: from mail-vk0-x22b.google.com ([2607:f8b0:400c:c05::22b]:36722) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bEyZS-00057j-6e for help-guix@gnu.org; Mon, 20 Jun 2016 08:44:54 -0400 Received: by mail-vk0-x22b.google.com with SMTP id u64so193645904vkf.3 for ; Mon, 20 Jun 2016 05:44:53 -0700 (PDT) In-Reply-To: <87y460709u.fsf@gnu.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: =?UTF-8?Q?Ludovic_Court=C3=A8s?= Cc: help-guix On Mon, Jun 20, 2016 at 4:05 AM, Ludovic Court=C3=A8s wrote: > The Nix daemon recently switch to user namespaces: > > https://github.com/NixOS/nix/commit/c68e5913c71badc89ff346d1c6948517ba7= 20c93 > > We could backport this. However, running builds with UID 0 is > potentially disruptive: some packages are sensitive to this and behave > differently under UID 0 (I remember Coreutils=E2=80=99 test suite does.) = Also, > this patch switches to user namespaces, but not specifically > _unprivileged_ user namespaces. It should be possible to create a new user within the container (say, UID 1000) and map it to a "guixbuild" user on the host system, avoiding this problem. - Dave