[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Non-privileged daemons and offloading
From: |
Thompson, David |
Subject: |
Re: Non-privileged daemons and offloading |
Date: |
Mon, 20 Jun 2016 08:44:53 -0400 |
On Mon, Jun 20, 2016 at 4:05 AM, Ludovic Courtès <address@hidden> wrote:
> The Nix daemon recently switch to user namespaces:
>
> https://github.com/NixOS/nix/commit/c68e5913c71badc89ff346d1c6948517ba720c93
>
> We could backport this. However, running builds with UID 0 is
> potentially disruptive: some packages are sensitive to this and behave
> differently under UID 0 (I remember Coreutils’ test suite does.) Also,
> this patch switches to user namespaces, but not specifically
> _unprivileged_ user namespaces.
It should be possible to create a new user within the container (say,
UID 1000) and map it to a "guixbuild" user on the host system,
avoiding this problem.
- Dave