[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#75810: [PATCH v8 07/16] daemon: Allow running as non-root with unpri
|
From: |
Ludovic Courtès |
|
Subject: |
bug#75810: [PATCH v8 07/16] daemon: Allow running as non-root with unprivileged user namespaces. |
|
Date: |
Wed, 26 Mar 2025 18:07:13 +0100 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) |
Reepca Russelstein <reepca@russelstein.xyz> skribis:
> Looks good to me.
Pushed as a9239a769c5611f12061c9a895e4e218b3445e2f.
a9239a769c * guix-install.sh: Support the unprivileged daemon where possible.
107eb8ee8f * etc: systemd services: Run ‘guix-daemon’ as an unprivileged user.
2f65438eba * tests: Run in a chroot and unprivileged user namespaces.
f854095b6f * tests: Add missing derivation inputs.
29164192e9 * linux-container: ‘unprivileged-user-namespace-supported?’
returns #f on non-Linux.
bdd7b9a45d * daemon: Move comments where they belong.
0163c732a1 * daemon: Drop Linux ambient capabilities before executing builder.
a3d6f5ae70 * daemon: Create /var/guix/profiles/per-user unconditionally.
ae18b3d9e6 * daemon: Allow running as non-root with unprivileged user
namespaces.
40f69b586a * daemon: Remount root directory as read-only.
93474f9288 * daemon: Remount inputs as read-only.
550ca89744 * daemon: Bind-mount all the inputs, not just directories.
5c0b93b244 * daemon: Bind-mount /etc/nsswitch.conf & co. only if it exists.
7bad04fac0 * daemon: Close the read end of the logging pipe.
f03e6eff2f * daemon: Use ‘close_range’ where available.
Thanks a *lot*, Reepca.
If you liked this patch series, surely you’ll enjoy this followup:
https://issues.guix.gnu.org/77288
:-)
Ludo’.
- [bug#75810] [PATCH v8 03/16] daemon: Bind-mount /etc/nsswitch.conf & co. only if it exists., (continued)
- [bug#75810] [PATCH v8 03/16] daemon: Bind-mount /etc/nsswitch.conf & co. only if it exists., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 06/16] daemon: Remount root directory as read-only., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 02/16] daemon: Close the read end of the logging pipe., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 04/16] daemon: Bind-mount all the inputs, not just directories., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 05/16] daemon: Remount inputs as read-only., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 09/16] daemon: Drop Linux ambient capabilities before executing builder., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 08/16] daemon: Create /var/guix/profiles/per-user unconditionally., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 10/16] daemon: Move comments where they belong., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 07/16] daemon: Allow running as non-root with unprivileged user namespaces., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 11/16] linux-container: ‘unprivileged-user-namespace-supported?’ returns #f on non-Linux., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 12/16] tests: Add missing derivation inputs., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 13/16] tests: Run in a chroot and unprivileged user namespaces., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 14/16] etc: systemd services: Run ‘guix-daemon’ as an unprivileged user., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 16/16] DRAFT gnu: guix: Update to c9c7f87., Ludovic Courtès, 2025/03/23
- [bug#75810] [PATCH v8 15/16] guix-install.sh: Support the unprivileged daemon where possible., Ludovic Courtès, 2025/03/23