[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#75810] [PATCH v7 11/16] linux-container: ‘unprivileged-user-namespa
|
From: |
Ludovic Courtès |
|
Subject: |
[bug#75810] [PATCH v7 11/16] linux-container: ‘unprivileged-user-namespace-supported?’ returns #f on non-Linux. |
|
Date: |
Thu, 20 Mar 2025 21:54:44 +0100 |
Previously this procedure would return #t on non-Linux systems.
* gnu/build/linux-container.scm (unprivileged-user-namespace-supported?):
When USERNS-FILE doesn’t exist, return (user-namespace-supported?).
Reported-by: Reepca Russelstein <reepca@russelstein.xyz>
Change-Id: I92050338b8b68bc3bd87100317eba69fcdf14a0a
---
gnu/build/linux-container.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index 5c303da8c8..a5c5d8962e 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2017-2019, 2022, 2023 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017-2019, 2022-2023, 2025 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -44,7 +44,7 @@ (define (unprivileged-user-namespace-supported?)
(let ((userns-file "/proc/sys/kernel/unprivileged_userns_clone"))
(if (file-exists? userns-file)
(eqv? #\1 (call-with-input-file userns-file read-char))
- #t)))
+ (user-namespace-supported?))))
(define (setgroups-supported?)
"Return #t if the setgroups proc file, introduced in Linux-libre 3.19,
--
2.48.1
- [bug#75810] [PATCH v7 00/16] Rootless guix-daemon, Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 03/16] daemon: Bind-mount /etc/nsswitch.conf & co. only if it exists., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 01/16] daemon: Use ‘close_range’ where available., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 06/16] daemon: Remount root directory as read-only., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 05/16] daemon: Remount inputs as read-only., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 04/16] daemon: Bind-mount all the inputs, not just directories., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 02/16] daemon: Close the read end of the logging pipe., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 09/16] daemon: Drop Linux ambient capabilities before executing builder., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 12/16] tests: Add missing derivation inputs., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 11/16] linux-container: ‘unprivileged-user-namespace-supported?’ returns #f on non-Linux.,
Ludovic Courtès <=
- [bug#75810] [PATCH v7 14/16] etc: systemd services: Run ‘guix-daemon’ as an unprivileged user., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 08/16] daemon: Create /var/guix/profiles/per-user unconditionally., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 13/16] tests: Run in a chroot and unprivileged user namespaces., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 10/16] daemon: Move comments where they belong., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 16/16] DRAFT gnu: guix: Update to f447941., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 15/16] guix-install.sh: Support the unprivileged daemon where possible., Ludovic Courtès, 2025/03/20
- [bug#75810] [PATCH v7 07/16] daemon: Allow running as non-root with unprivileged user namespaces., Ludovic Courtès, 2025/03/20