From unknown Wed Jun 18 23:17:38 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#34494 <34494@debbugs.gnu.org> To: bug#34494 <34494@debbugs.gnu.org> Subject: Status: proot-based non-root setup: refusing to run with elevated privileges (UID 0) Reply-To: bug#34494 <34494@debbugs.gnu.org> Date: Thu, 19 Jun 2025 06:17:38 +0000 retitle 34494 proot-based non-root setup: refusing to run with elevated pri= vileges (UID 0) reassign 34494 guix submitter 34494 Florian Thevissen severity 34494 normal tag 34494 notabug thanks From debbugs-submit-bounces@debbugs.gnu.org Fri Feb 15 16:09:47 2019 Received: (at submit) by debbugs.gnu.org; 15 Feb 2019 21:09:47 +0000 Received: from localhost ([127.0.0.1]:49831 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gukjw-0004rm-5M for submit@debbugs.gnu.org; Fri, 15 Feb 2019 16:09:47 -0500 Received: from eggs.gnu.org ([209.51.188.92]:60009) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gukGq-0004Ca-H2 for submit@debbugs.gnu.org; Fri, 15 Feb 2019 15:39:42 -0500 Received: from lists.gnu.org ([209.51.188.17]:53118) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gukGk-00073W-DC for submit@debbugs.gnu.org; Fri, 15 Feb 2019 15:39:35 -0500 Received: from eggs.gnu.org ([209.51.188.92]:46151) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gukGj-0000mf-9v for bug-Guix@gnu.org; Fri, 15 Feb 2019 15:39:34 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,HTML_MESSAGE, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gukGi-00071x-72 for bug-Guix@gnu.org; Fri, 15 Feb 2019 15:39:33 -0500 Received: from h2712310.stratoserver.net ([81.169.247.85]:46110 helo=mail.florian-thevissen.de) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gukGh-0006vx-84 for bug-Guix@gnu.org; Fri, 15 Feb 2019 15:39:32 -0500 Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.florian-thevissen.de (Postfix) with ESMTPSA id ABB2120021 for ; Fri, 15 Feb 2019 20:39:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=florian-thevissen.de; s=default; t=1550263161; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=w7WGQGbxlmOm7yz8/zMhEN2I/CGrQsf0aJ/VlhjuYYQ=; b=yYUm9rAq6D3EUYLmbekx1jSa8sVbWnOypldwg0mlaEKOcUs0lOtHVUsnK21rgsv5vytWwo 5ZSeC8M4N9JAp7gEw/1GrM4tN7J4iyEk4UOv0P9f78yi7qysgiE6bxwtPwWX6foP5hbK8n U1PYlB+iSMXT5OLY4fVOagrMJ2XAByM= To: bug-Guix@gnu.org From: Florian Thevissen Subject: proot-based non-root setup: refusing to run with elevated privileges (UID 0) Message-ID: <81415b97-6e02-33dc-a4da-b1b046d5a4e7@florian-thevissen.de> Date: Fri, 15 Feb 2019 21:39:21 +0100 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="------------D51AD3E15D18A3155C2362EF" Content-Language: en-US X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 81.169.247.85 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit X-Mailman-Approved-At: Fri, 15 Feb 2019 16:09:42 -0500 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) This is a multi-part message in MIME format. --------------D51AD3E15D18A3155C2362EF Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi, I am trying to get guix to run on a system where I do not have root=20 access, following a guide by pjotrp involving proot, here:=20 https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.org . All guix operations that involve the script perform-download fail with=20 the error: guix perform-download: error: refusing to run with elevated privileges (UID 0) I am not sure if this hints at a bug in guix itself, but a comment in=20 the guix sources lets me assume so. It says in package-management.scm:355 =E2=80=9CNote that scripts like =E2=80=98guix perform-download=E2=80=99= do not run as root (=E2=80=A6)=E2=80=9D In my setup, following this guide, however, it apparently is run as=20 root, and (assert-low-privileges) in the script perform-download.scm:89=20 acts accordingly by signalling the error and exiting. (By the way - running guix-daemon with proot root privileges fails (-0),=20 and running it without (no -0) fails also.) Now my question: why is perform-download run as root following pjotrs=20 guide, and is there anything that can be done about it? I am a bit at a loss here, being unfamiliar with the guix sources and=20 overall system setup. Looking forward to help, thanks, Florian =E2=80=8B --------------D51AD3E15D18A3155C2362EF Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

Hi,

I am trying to get guix to run on a system where I do not have root access, following a guide by pjotrp involving proot, here: https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT= .org .

All guix operations that involve the script perform-download fail with the error:

guix perform-download: error: refusing to run with elevated privileges (UID 0)

I am not sure if this hints at a bug in guix itself, but a comment in the guix sources lets me assume so. It says in package-management.scm:355<= /p>

=E2=80=9CNote tha= t scripts like =E2=80=98guix perform-download=E2=80=99 do not run as root= (=E2=80=A6)=E2=80=9D

In my setup, following this guide, however, it apparently is run as root, and (assert-low-privileges) in the script perform-download.scm:89 acts accordingly by signalling the error and exiting.

(By the way - running guix-daemon with proot root privileges fails (-0), and running it without (no -0) fails also.)

Now my question: wh= y is perform-download run as root following pjotrs guide, and is there anything that can be done about it?

I am a bit at a los= s here, being unfamiliar with the guix sources and overall system setup.

Looking forward to help, thanks,

Florian

=E2=80=8B
--------------D51AD3E15D18A3155C2362EF-- From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 16 01:44:00 2019 Received: (at submit) by debbugs.gnu.org; 16 Feb 2019 06:44:00 +0000 Received: from localhost ([127.0.0.1]:49950 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1guthg-00021U-Kc for submit@debbugs.gnu.org; Sat, 16 Feb 2019 01:44:00 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33885) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1guthe-00021E-1F for submit@debbugs.gnu.org; Sat, 16 Feb 2019 01:43:58 -0500 Received: from lists.gnu.org ([209.51.188.17]:60720) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1guthR-0007ap-WB for submit@debbugs.gnu.org; Sat, 16 Feb 2019 01:43:49 -0500 Received: from eggs.gnu.org ([209.51.188.92]:48267) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1guthQ-0005d6-W3 for bug-Guix@gnu.org; Sat, 16 Feb 2019 01:43:45 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1guthP-0007WJ-5A for bug-Guix@gnu.org; Sat, 16 Feb 2019 01:43:44 -0500 Received: from mail.thebird.nl ([94.142.245.5]:34180) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1guthN-0007PI-DA for bug-Guix@gnu.org; Sat, 16 Feb 2019 01:43:43 -0500 Received: by mail.thebird.nl (Postfix, from userid 1000) id 8EB271DB0; Sat, 16 Feb 2019 07:34:52 +0100 (CET) Date: Sat, 16 Feb 2019 07:34:52 +0100 From: Pjotr Prins To: Florian Thevissen Subject: Re: bug#34494: proot-based non-root setup: refusing to run with elevated privileges (UID 0) Message-ID: <20190216063452.xllpdkhz4lc4jz4q@thebird.nl> References: <81415b97-6e02-33dc-a4da-b1b046d5a4e7@florian-thevissen.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <81415b97-6e02-33dc-a4da-b1b046d5a4e7@florian-thevissen.de> User-Agent: NeoMutt/20170113 (1.7.2) Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 94.142.245.5 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: submit Cc: bug-Guix@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Did you try something like proot -0 -b /proc -b /dev -b /etc -r . -b etc_guix/acl:/etc/guix/acl gnu/= store/vir3l..-guix-0.x/bin/guix-daemon --disable-chroot (note the extra -0 and chroot switches) and you should see on a guix pack= age install. That used to work. But maybe no longer? On Fri, Feb 15, 2019 at 09:39:21PM +0100, Florian Thevissen wrote: > Hi, >=20 > I am trying to get guix to run on a system where I do not have root > access, following a guide by pjotrp involving proot, here: > [1]https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.org= . >=20 > All guix operations that involve the script perform-download fail wi= th > the error: >=20 > guix perform-download: error: refusing to run with elevated > privileges (UID 0) >=20 > I am not sure if this hints at a bug in guix itself, but a comment i= n > the guix sources lets me assume so. It says in > package-management.scm:355 >=20 > =E2=80=9CNote that scripts like =E2=80=98guix perform-download=E2=80= =99 do not run as root > (=E2=80=A6)=E2=80=9D >=20 > In my setup, following this guide, however, it apparently is run as > root, and (assert-low-privileges) in the script perform-download.scm= :89 > acts accordingly by signalling the error and exiting. >=20 > (By the way - running guix-daemon with proot root privileges fails > (-0), and running it without (no -0) fails also.) >=20 > Now my question: why is perform-download run as root following pjotr= s > guide, and is there anything that can be done about it? >=20 > I am a bit at a loss here, being unfamiliar with the guix sources an= d > overall system setup. >=20 > Looking forward to help, thanks, >=20 > Florian > =E2=80=8B >=20 > References >=20 > 1. https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.org From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 16 04:05:09 2019 Received: (at submit) by debbugs.gnu.org; 16 Feb 2019 09:05:09 +0000 Received: from localhost ([127.0.0.1]:49986 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1guvuH-0005M4-B0 for submit@debbugs.gnu.org; Sat, 16 Feb 2019 04:05:09 -0500 Received: from eggs.gnu.org ([209.51.188.92]:48508) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1guvuE-0005La-EM for submit@debbugs.gnu.org; Sat, 16 Feb 2019 04:05:07 -0500 Received: from lists.gnu.org ([209.51.188.17]:42120) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1guvu2-0006qO-3P for submit@debbugs.gnu.org; Sat, 16 Feb 2019 04:04:56 -0500 Received: from eggs.gnu.org ([209.51.188.92]:34620) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1guvtz-00015o-6z for bug-Guix@gnu.org; Sat, 16 Feb 2019 04:04:53 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,HTML_MESSAGE, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1guvtn-000625-Gv for bug-Guix@gnu.org; Sat, 16 Feb 2019 04:04:43 -0500 Received: from h2712310.stratoserver.net ([81.169.247.85]:40316 helo=mail.florian-thevissen.de) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1guvtm-0005r7-L8 for bug-Guix@gnu.org; Sat, 16 Feb 2019 04:04:39 -0500 Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.florian-thevissen.de (Postfix) with ESMTPSA id E1F4420021; Sat, 16 Feb 2019 09:04:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=florian-thevissen.de; s=default; t=1550307844; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=PuAt14hwVuyKy5WV5ns8akFSydKn/FnrrZZ5KtNEnRw=; b=Uhwg+SdGTqy13oVndXONM1VsLGORVTkmzCEZntk0VYkklQ3jQiNit1qCYVnNorDeKvO7t0 kIublkGRXGt3bh5MbbtqJsnMOkyO8vCNmhR+oGk4KlwvTb1buso+kiIe0cAy+t9hYxxKMv tNNvHvLnKOhRdYYz2Xn9g+Po/UfilNI= Subject: Re: bug#34494: proot-based non-root setup: refusing to run with elevated privileges (UID 0) To: Pjotr Prins References: <81415b97-6e02-33dc-a4da-b1b046d5a4e7@florian-thevissen.de> <20190216063452.xllpdkhz4lc4jz4q@thebird.nl> From: Florian Thevissen Message-ID: <0d4fc2ca-da74-dbb4-7e7d-df090b19a19f@florian-thevissen.de> Date: Sat, 16 Feb 2019 10:04:03 +0100 MIME-Version: 1.0 In-Reply-To: <20190216063452.xllpdkhz4lc4jz4q@thebird.nl> Content-Type: multipart/alternative; boundary="------------161F3BA1602DECC7E34BE6DF" Content-Language: en-US X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 81.169.247.85 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit Cc: bug-Guix@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) This is a multi-part message in MIME format. --------------161F3BA1602DECC7E34BE6DF Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi pjotr, Did you try something like proot -0 -b /proc -b /dev -b /etc -r . -b etc_guix/acl:/etc/guix/acl gnu/store/vir3l..-guix-0.x/bin/guix-daemon =E2=80=94disable-chroot Yes, this doesn=E2=80=99t work - with or without the -0 flag. That used to work. But maybe no longer? I tried the new guix binaries (0.16.0), and the ones that were recent=20 when you wrote the guide (0.13.0), and proot has not, if I see=20 correctly, significantly changed since then (v.5.1.0). To me, this looks as if the setup on my particular system had something=20 special to it that would lead guix to not behave correctly. Here=E2=80=99= s a=20 #guix chat-log, where Saone (at 00:25:29) comes to the same conclusion:=20 https://gnunet.org/bot/log/guix/2017-09-21 . For the record - this happens on an Debian 4.9.130-2 x86_64 system. I'll=20 try this out on other systems/VMs today... On 16/02/19 07:34, Pjotr Prins wrote: > Did you try something like > > proot -0 -b /proc -b /dev -b /etc -r . -b etc_guix/acl:/etc/guix/acl gn= u/store/vir3l..-guix-0.x/bin/guix-daemon --disable-chroot > > (note the extra -0 and chroot switches) and you should see on a guix pa= ckage install. > > That used to work. But maybe no longer? > > On Fri, Feb 15, 2019 at 09:39:21PM +0100, Florian Thevissen wrote: >> Hi, >> >> I am trying to get guix to run on a system where I do not have roo= t >> access, following a guide by pjotrp involving proot, here: >> [1]https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.o= rg . >> >> All guix operations that involve the script perform-download fail = with >> the error: >> >> guix perform-download: error: refusing to run with elevated >> privileges (UID 0) >> >> I am not sure if this hints at a bug in guix itself, but a comment= in >> the guix sources lets me assume so. It says in >> package-management.scm:355 >> >> =E2=80=9CNote that scripts like =E2=80=98guix perform-download=E2= =80=99 do not run as root >> (=E2=80=A6)=E2=80=9D >> >> In my setup, following this guide, however, it apparently is run a= s >> root, and (assert-low-privileges) in the script perform-download.s= cm:89 >> acts accordingly by signalling the error and exiting. >> >> (By the way - running guix-daemon with proot root privileges fails >> (-0), and running it without (no -0) fails also.) >> >> Now my question: why is perform-download run as root following pjo= trs >> guide, and is there anything that can be done about it? >> >> I am a bit at a loss here, being unfamiliar with the guix sources = and >> overall system setup. >> >> Looking forward to help, thanks, >> >> Florian >> =E2=80=8B >> >> References >> >> 1. https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.o= rg =E2=80=8B --------------161F3BA1602DECC7E34BE6DF Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

Hi pjotr,

Did you try something like

proot -0 -b /pro= c -b /dev -b /etc -r . -b etc_guix/acl:/etc/guix/acl gnu/store/vir3l..-guix-0.x/bin/guix-daemon =E2=80=94disable-chr= oot

Yes, this doesn=E2=80= =99t work - with or without the -0 flag.

That used to work= . But maybe no longer?

I tried the new gui= x binaries (0.16.0), and the ones that were recent when you wrote the guide (0.13.0), and proot has not, if I see correctly, significantly changed since then (v.5.1.0).

To me, this looks a= s if the setup on my particular system had something special to it that would lead guix to not behave correctly. Here=E2=80=99s a #g= uix chat-log, where Saone (at 00:25:29) comes to the same conclusion: https://gnu= net.org/bot/log/guix/2017-09-21 .

For the record - this happens on an Debian 4.9.130-2 x86_64 system. I'll try this out on other systems/VMs today...



On 16/02/19 07:34, Pjotr Prins wrote:

Did you try something like

proot -0 -b /proc -b /dev -b /etc -r . -b etc_guix/acl:/etc/guix/acl gnu/=
store/vir3l..-guix-0.x/bin/guix-daemon --disable-chroot

(note the extra -0 and chroot switches) and you should see on a guix pack=
age install.

That used to work. But maybe no longer?

On Fri, Feb 15, 2019 at 09:39:21PM +0100, Florian Thevissen wrote:

   Hi,

   I am trying to get guix to run on a system where I do not have root
   access, following a guide by pjotrp involving proot, here:
   [1]https://github.com/pjotrp/guix=
-notes/blob/master/GUIX-NO-ROOT.org .

   All guix operations that involve the script perform-download fail with
   the error:

     guix perform-download: error: refusing to run with elevated
     privileges (UID 0)

   I am not sure if this hints at a bug in guix itself, but a comment in
   the guix sources lets me assume so. It says in
   package-management.scm:355

     =E2=80=9CNote that scripts like =E2=80=98guix perform-download=E2=80=
=99 do not run as root
     (=E2=80=A6)=E2=80=9D

   In my setup, following this guide, however, it apparently is run as
   root, and (assert-low-privileges) in the script perform-download.scm:8=
9
   acts accordingly by signalling the error and exiting.

   (By the way - running guix-daemon with proot root privileges fails
   (-0), and running it without (no -0) fails also.)

   Now my question: why is perform-download run as root following pjotrs
   guide, and is there anything that can be done about it?

   I am a bit at a loss here, being unfamiliar with the guix sources and
   overall system setup.

   Looking forward to help, thanks,

   Florian
   =E2=80=8B

References

   1. https://github.com/pjotrp/guix=
-notes/blob/master/GUIX-NO-ROOT.org

=E2=80=8B
--------------161F3BA1602DECC7E34BE6DF-- From debbugs-submit-bounces@debbugs.gnu.org Sat Feb 16 05:08:30 2019 Received: (at submit) by debbugs.gnu.org; 16 Feb 2019 10:08:30 +0000 Received: from localhost ([127.0.0.1]:50002 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1guwtZ-0006oy-Nz for submit@debbugs.gnu.org; Sat, 16 Feb 2019 05:08:30 -0500 Received: from eggs.gnu.org ([209.51.188.92]:54241) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1guwtY-0006om-3n for submit@debbugs.gnu.org; Sat, 16 Feb 2019 05:08:28 -0500 Received: from lists.gnu.org ([209.51.188.17]:34358) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1guwtP-0002sC-Fd for submit@debbugs.gnu.org; Sat, 16 Feb 2019 05:08:22 -0500 Received: from eggs.gnu.org ([209.51.188.92]:40388) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1guwtN-0007se-UH for bug-Guix@gnu.org; Sat, 16 Feb 2019 05:08:19 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,HTML_MESSAGE, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1guwtM-0002pb-AK for bug-Guix@gnu.org; Sat, 16 Feb 2019 05:08:17 -0500 Received: from h2712310.stratoserver.net ([81.169.247.85]:53648 helo=mail.florian-thevissen.de) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1guwtL-0002nS-SI; Sat, 16 Feb 2019 05:08:16 -0500 Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.florian-thevissen.de (Postfix) with ESMTPSA id DB18E20405; Sat, 16 Feb 2019 10:07:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=florian-thevissen.de; s=default; t=1550311663; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1jlXVFc3Qk+6wEsh0l3/C9QtYqup/1ZTwZOoZjs5FNQ=; b=Tw8s7ntEkFiGEv48JHQ7gQojSqp6J53J2g/BexaujsqIQ1j+5Gf3x6a8x3YWv7Z6Jpky24 pbLzxA25VVKWFWgb8KZVTDDp940tZJQ88oNVNPKHewDtbzXMWp9MewUQE1wBUDjPts/sov XRQepqmCnHsVTooPCDv1oyjGgXlUx94= Subject: Re: bug#34494: proot-based non-root setup: refusing to run with elevated privileges (UID 0) To: Pjotr Prins References: <81415b97-6e02-33dc-a4da-b1b046d5a4e7@florian-thevissen.de> <20190216063452.xllpdkhz4lc4jz4q@thebird.nl> <0d4fc2ca-da74-dbb4-7e7d-df090b19a19f@florian-thevissen.de> <20190216091747.eb6g7znptifbqqbt@thebird.nl> From: Florian Thevissen Message-ID: Date: Sat, 16 Feb 2019 11:07:42 +0100 MIME-Version: 1.0 In-Reply-To: <20190216091747.eb6g7znptifbqqbt@thebird.nl> Content-Type: multipart/alternative; boundary="------------E1817396E343EF5C6AD4E5A4" Content-Language: en-US X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 81.169.247.85 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit Cc: ludo@gnu.org, bug-Guix@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) This is a multi-part message in MIME format. --------------E1817396E343EF5C6AD4E5A4 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Thanks, Pjotr. So I got it working on one system out of four, following the exact same=20 steps each time: * Debian 9 (Stretch) - 4.9.130-2 x86_64 (real system) - *_fail_* * Ubuntu 17.10 (Artful Aardvark) - 4.13.0-46-lowlatency (real system) =C2=A0=C2=A0=C2=A0=C2=A0 - _*fail*_ * Ubuntu 14.04 (Trusty Tahr)=C2=A0 - 4.4.0-31-generic - _*fail*_ * Debian 9 (Stretch) - 4.9.0-8-amd64 (VM) =C2=A0=C2=A0 - _*works*_ I don't know what the significant differentiating factor could be, that=20 lets guix behave correctly on that one debian system but not on the other= s. But what I also noticed, is that the "list of substitutes" is also not=20 being updated on the three failing systems. Is the update process using=20 the download script internally, maybe, and that silently fails? Or maybe=20 this hints at another problem? I fear there's nothing more I can immediately do. @Ludo - can you help? On 16/02/19 10:17, Pjotr Prins wrote: > Sorry about that. > > If you get it to work, do update the document - or me by E-mail. Maybe > Ludo has something to say about this. > > Pj. > > On Sat, Feb 16, 2019 at 10:04:03AM +0100, Florian Thevissen wrote: >> Hi pjotr, >> >> Did you try something like >> >> proot -0 -b /proc -b /dev -b /etc -r . -b etc_guix/acl:/etc/guix= /acl >> gnu/store/vir3l..-guix-0.x/bin/guix-daemon =E2=80=94disable-chro= ot >> >> Yes, this doesn=E2=80=99t work - with or without the -0 flag. >> >> That used to work. But maybe no longer? >> >> I tried the new guix binaries (0.16.0), and the ones that were rec= ent >> when you wrote the guide (0.13.0), and proot has not, if I see >> correctly, significantly changed since then (v.5.1.0). >> >> To me, this looks as if the setup on my particular system had some= thing >> special to it that would lead guix to not behave correctly. Here=E2= =80=99s a >> #guix chat-log, where Saone (at 00:25:29) comes to the same conclu= sion: >> [1]https://gnunet.org/bot/log/guix/2017-09-21 . >> For the record - this happens on an Debian 4.9.130-2 x86_64 system= . >> I'll try this out on other systems/VMs today... >> >> On 16/02/19 07:34, Pjotr Prins wrote: >> >> Did you try something like >> >> proot -0 -b /proc -b /dev -b /etc -r . -b etc_guix/acl:/etc/guix/acl g= nu/store/v >> ir3l..-guix-0.x/bin/guix-daemon --disable-chroot >> >> (note the extra -0 and chroot switches) and you should see on a guix p= ackage ins >> tall. >> >> That used to work. But maybe no longer? >> >> On Fri, Feb 15, 2019 at 09:39:21PM +0100, Florian Thevissen wrote: >> >> Hi, >> >> I am trying to get guix to run on a system where I do not have roo= t >> access, following a guide by pjotrp involving proot, here: >> [1][2]https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROO= T.org . >> >> All guix operations that involve the script perform-download fail = with >> the error: >> >> guix perform-download: error: refusing to run with elevated >> privileges (UID 0) >> >> I am not sure if this hints at a bug in guix itself, but a comment= in >> the guix sources lets me assume so. It says in >> package-management.scm:355 >> >> =E2=80=9CNote that scripts like =E2=80=98guix perform-download=E2= =80=99 do not run as root >> (=E2=80=A6)=E2=80=9D >> >> In my setup, following this guide, however, it apparently is run a= s >> root, and (assert-low-privileges) in the script perform-download.s= cm:89 >> acts accordingly by signalling the error and exiting. >> >> (By the way - running guix-daemon with proot root privileges fails >> (-0), and running it without (no -0) fails also.) >> >> Now my question: why is perform-download run as root following pjo= trs >> guide, and is there anything that can be done about it? >> >> I am a bit at a loss here, being unfamiliar with the guix sources = and >> overall system setup. >> >> Looking forward to help, thanks, >> >> Florian >> =E2=80=8B >> >> References >> >> 1. [3]https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROO= T.org >> >> =E2=80=8B >> >> References >> >> 1. https://gnunet.org/bot/log/guix/2017-09-21 >> 2. https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.o= rg >> 3. https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.o= rg --------------E1817396E343EF5C6AD4E5A4 Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

Thanks, Pjotr.

So I got it working on one system out of four, following the exact same steps each time:

  • Debian 9 (Stretch) - 4.9.130-2 x86_64 (real system) - fai= l
  • Ubuntu 17.10 (Artful Aardvark) - 4.13.0-46-lowlatency (real system) =C2=A0=C2=A0=C2=A0=C2=A0 - fail
  • Ubuntu 14.04 (Trusty Tahr)=C2=A0 - 4.4.0-31-generic -=C2=A0 = fail
  • Debian 9 (Stretch) - 4.9.0-8-amd64 (VM) =C2=A0=C2=A0 -=C2=A0 works

I don't know what the significant differentiating factor could be, that lets guix behave correctly on that one debian system but not on the others.

But what I also noticed, is that the "list of substitutes" is also not being updated on the three failing systems. Is the update process using the download script internally, maybe, and that silently fails? Or maybe this hints at another problem?

I fear there's nothing more I can immediately do. @Ludo - can you help?



On 16/02/19 10:17, Pjotr Prins wrote:<= br> 
Sorry about that.

If you get it to work, do update the document - or me by E-mail. Maybe
Ludo has something to say about this.

Pj.

On Sat, Feb 16, 2019 at 10:04:03AM +0100, Florian Thevissen wrote:

   Hi pjotr,

     Did you try something like

     proot -0 -b /proc -b /dev -b /etc -r . -b etc_guix/acl:/etc/guix/acl
     gnu/store/vir3l..-guix-0.x/bin/guix-daemon =E2=80=94disable-chroot

   Yes, this doesn=E2=80=99t work - with or without the -0 flag.

     That used to work. But maybe no longer?

   I tried the new guix binaries (0.16.0), and the ones that were recent
   when you wrote the guide (0.13.0), and proot has not, if I see
   correctly, significantly changed since then (v.5.1.0).

   To me, this looks as if the setup on my particular system had somethin=
g
   special to it that would lead guix to not behave correctly. Here=E2=80=
=99s a
   #guix chat-log, where Saone (at 00:25:29) comes to the same conclusion=
:
   [1]https://gnunet.org/bot/log/guix/2017-09-21 .
   For the record - this happens on an Debian 4.9.130-2 x86_64 system.
   I'll try this out on other systems/VMs today...

   On 16/02/19 07:34, Pjotr Prins wrote:

Did you try something like

proot -0 -b /proc -b /dev -b /etc -r . -b etc_guix/acl:/etc/guix/acl gnu/=
store/v
ir3l..-guix-0.x/bin/guix-daemon --disable-chroot

(note the extra -0 and chroot switches) and you should see on a guix pack=
age ins
tall.

That used to work. But maybe no longer?

On Fri, Feb 15, 2019 at 09:39:21PM +0100, Florian Thevissen wrote:

   Hi,

   I am trying to get guix to run on a system where I do not have root
   access, following a guide by pjotrp involving proot, here:
   [1][2]https://github.com/pjotrp/g=
uix-notes/blob/master/GUIX-NO-ROOT.org .

   All guix operations that involve the script perform-download fail with
   the error:

     guix perform-download: error: refusing to run with elevated
     privileges (UID 0)

   I am not sure if this hints at a bug in guix itself, but a comment in
   the guix sources lets me assume so. It says in
   package-management.scm:355

     =E2=80=9CNote that scripts like =E2=80=98guix perform-download=E2=80=
=99 do not run as root
     (=E2=80=A6)=E2=80=9D

   In my setup, following this guide, however, it apparently is run as
   root, and (assert-low-privileges) in the script perform-download.scm:8=
9
   acts accordingly by signalling the error and exiting.

   (By the way - running guix-daemon with proot root privileges fails
   (-0), and running it without (no -0) fails also.)

   Now my question: why is perform-download run as root following pjotrs
   guide, and is there anything that can be done about it?

   I am a bit at a loss here, being unfamiliar with the guix sources and
   overall system setup.

   Looking forward to help, thanks,

   Florian
   =E2=80=8B

References

   1. [3]https://github.com/pjotrp/g=
uix-notes/blob/master/GUIX-NO-ROOT.org

   =E2=80=8B

References

   1. https://gnunet.org/bot/log/guix/2017-09-21
   2. https://github.com/pjotrp/guix=
-notes/blob/master/GUIX-NO-ROOT.org
   3. https://github.com/pjotrp/guix=
-notes/blob/master/GUIX-NO-ROOT.org

--------------E1817396E343EF5C6AD4E5A4-- From debbugs-submit-bounces@debbugs.gnu.org Mon Mar 04 16:46:02 2019 Received: (at submit) by debbugs.gnu.org; 4 Mar 2019 21:46:02 +0000 Received: from localhost ([127.0.0.1]:60323 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h0vPN-00018R-TV for submit@debbugs.gnu.org; Mon, 04 Mar 2019 16:46:02 -0500 Received: from eggs.gnu.org ([209.51.188.92]:56504) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h0vPM-000188-Go for submit@debbugs.gnu.org; Mon, 04 Mar 2019 16:46:00 -0500 Received: from lists.gnu.org ([209.51.188.17]:51154) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h0vPH-0003RM-9P for submit@debbugs.gnu.org; Mon, 04 Mar 2019 16:45:55 -0500 Received: from eggs.gnu.org ([209.51.188.92]:42653) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h0vPG-0006QT-Hl for bug-Guix@gnu.org; Mon, 04 Mar 2019 16:45:55 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h0vPE-0003PA-T2 for bug-Guix@gnu.org; Mon, 04 Mar 2019 16:45:54 -0500 Received: from hera.aquilenet.fr ([2a0c:e300::1]:56432) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h0vPC-0003DI-UK for bug-Guix@gnu.org; Mon, 04 Mar 2019 16:45:52 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 5EBCF11D15; Mon, 4 Mar 2019 22:45:43 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TLzTDuiiM8dl; Mon, 4 Mar 2019 22:45:42 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 2659511D0D; Mon, 4 Mar 2019 22:45:42 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Florian Thevissen Subject: Re: bug#34494: proot-based non-root setup: refusing to run with elevated privileges (UID 0) References: <81415b97-6e02-33dc-a4da-b1b046d5a4e7@florian-thevissen.de> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 14 =?utf-8?Q?Vent=C3=B4se?= an 227 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Mon, 04 Mar 2019 22:45:41 +0100 In-Reply-To: <81415b97-6e02-33dc-a4da-b1b046d5a4e7@florian-thevissen.de> (Florian Thevissen's message of "Fri, 15 Feb 2019 21:39:21 +0100") Message-ID: <87lg1unwje.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a0c:e300::1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: submit Cc: bug-Guix@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Florian, Florian Thevissen skribis: > I am trying to get guix to run on a system where I do not have root > access, following a guide by pjotrp involving proot, here: > https://github.com/pjotrp/guix-notes/blob/master/GUIX-NO-ROOT.org . Not really answering your question, but would user namespaces be an option for you? If so, might be a simpler option. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Tue Mar 05 13:58:34 2019 Received: (at submit) by debbugs.gnu.org; 5 Mar 2019 18:58:34 +0000 Received: from localhost ([127.0.0.1]:33453 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h1FGs-0004wj-7G for submit@debbugs.gnu.org; Tue, 05 Mar 2019 13:58:34 -0500 Received: from eggs.gnu.org ([209.51.188.92]:47840) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h1FGq-0004wV-KN for submit@debbugs.gnu.org; Tue, 05 Mar 2019 13:58:33 -0500 Received: from lists.gnu.org ([209.51.188.17]:45599) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h1FGl-0001l3-Dn for submit@debbugs.gnu.org; Tue, 05 Mar 2019 13:58:27 -0500 Received: from eggs.gnu.org ([209.51.188.92]:33988) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h1FGk-0005nh-8L for bug-Guix@gnu.org; Tue, 05 Mar 2019 13:58:27 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.0 required=5.0 tests=BAYES_40,HTML_MESSAGE, URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h1FGj-0001cw-45 for bug-Guix@gnu.org; Tue, 05 Mar 2019 13:58:26 -0500 Received: from h2712310.stratoserver.net ([81.169.247.85]:60136 helo=mail.florian-thevissen.de) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h1FGi-0001Ai-LK; Tue, 05 Mar 2019 13:58:25 -0500 Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.florian-thevissen.de (Postfix) with ESMTPSA id 77CE920451; Tue, 5 Mar 2019 18:57:43 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=florian-thevissen.de; s=default; t=1551812263; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=y3nLF6uR49iUTQ/Zv6B63aPRkroKvpi+qIf+KgK9V3E=; b=xk09K7LgxohDyedZYYfrZceU+OK6gSK/VQdow+fpX2O2STm4Tbv9dKc3rzluq8N7NGN3k5 0BcNIKo22VLoEKkw4sU7B2TsIYjEwsdnUfWCfA6UtAF3foXcADWPl5kCQFaV3CHIAsBXDA Uph48NvkuETH6jUsbqu35iLMVGyEDhA= Subject: Re: bug#34494: proot-based non-root setup: refusing to run with elevated privileges (UID 0) To: =?UTF-8?Q?Ludovic_Court=c3=a8s?= References: <81415b97-6e02-33dc-a4da-b1b046d5a4e7@florian-thevissen.de> <87lg1unwje.fsf@gnu.org> From: Florian Thevissen Message-ID: <3ecb593e-49d1-e728-4a48-d4eaf9a675d2@florian-thevissen.de> Date: Tue, 5 Mar 2019 19:57:42 +0100 MIME-Version: 1.0 In-Reply-To: <87lg1unwje.fsf@gnu.org> Content-Type: multipart/alternative; boundary="------------D359429A0A6A4E876CC398CC" Content-Language: en-US X-detected-operating-system: by eggs.gnu.org: GNU/Linux 3.x X-Received-From: 81.169.247.85 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.9 (/) X-Debbugs-Envelope-To: submit Cc: bug-Guix@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.1 (/) This is a multi-part message in MIME format. --------------D359429A0A6A4E876CC398CC Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Hi Ludovic, Not really answering your question, but would user namespaces be an option for you? If so, might be a simpler option. Thank you for the suggestion, this does look interesting. However, the original use-case of using guix in a non-root scenario is=20 no longer relevant to me: I was convincing enough to get guix=20 root-installed on all relevant machines on which I do not have root=20 access. So I can enjoy guix properly, now. However, I could very well imagine guix to be used on a per-user basis,=20 acting on some sub-directory of $HOME. Afterall, many (most?)=20 desktop-systems are used by a single user - or so I would argue=E2=80=A6 On the original topic - I recently learned that the mechanisms proot=20 employs might just not work on all systems. So the issue may not per-se=20 have been with guix, but with proot. I=E2=80=99m no expert on the subject= =20 though, and didn=E2=80=99t dig deeper yet. Best regards, Florian =E2=80=8B --------------D359429A0A6A4E876CC398CC Content-Type: text/html; charset=utf-8 Content-Transfer-Encoding: quoted-printable

Hi Ludovic,

Not really answering your question, but would user namespaces be an=C2=A0 option for you? If so, <https://lists.gnu.org/archive/html/guix-devel/2018-05/msg00139.html> might be a simpler option.

Thank you for the suggestion, this does look interesting.

However, the original use-case of using guix in a non-root scenario is no longer relevant to me: I was convincing enough to get guix root-installed on all relevant machines on which I do not have root access. So I can enjoy guix properly, now.

However, I could very well imagine guix to be used on a per-user basis, acting on some sub-directory of $HOME. Afterall, many (most?) desktop-systems are used by a single user - or so I would argue=E2= =80=A6

On the original topic - I recently learned that the mechanisms proot employs might just not work on all systems. So the issue may not per-se have been with guix, but with proot. I=E2=80=99m no expert on the subject though, and didn=E2=80=99t dig deeper yet.

Best regards,
Florian

=E2=80=8B
--------------D359429A0A6A4E876CC398CC-- From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 06 11:00:54 2019 Received: (at submit) by debbugs.gnu.org; 6 Mar 2019 16:00:54 +0000 Received: from localhost ([127.0.0.1]:34607 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h1YyT-0002Hx-TJ for submit@debbugs.gnu.org; Wed, 06 Mar 2019 11:00:54 -0500 Received: from eggs.gnu.org ([209.51.188.92]:49875) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h1YyS-0002HX-4r for submit@debbugs.gnu.org; Wed, 06 Mar 2019 11:00:52 -0500 Received: from lists.gnu.org ([209.51.188.17]:55811) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h1YyM-0004z4-3p for submit@debbugs.gnu.org; Wed, 06 Mar 2019 11:00:46 -0500 Received: from eggs.gnu.org ([209.51.188.92]:36021) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1h1YyL-0000iq-32 for bug-Guix@gnu.org; Wed, 06 Mar 2019 11:00:45 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-0.5 required=5.0 tests=BAYES_05,URIBL_BLOCKED autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1h1YyF-0004se-BW for bug-Guix@gnu.org; Wed, 06 Mar 2019 11:00:45 -0500 Received: from hera.aquilenet.fr ([2a0c:e300::1]:43568) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1h1YyF-0004qA-3Z for bug-Guix@gnu.org; Wed, 06 Mar 2019 11:00:39 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id 896E1AACE; Wed, 6 Mar 2019 17:00:36 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pGBbJF1SGfil; Wed, 6 Mar 2019 17:00:35 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 83FDBAABD; Wed, 6 Mar 2019 17:00:35 +0100 (CET) From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Florian Thevissen Subject: Re: bug#34494: proot-based non-root setup: refusing to run with elevated privileges (UID 0) References: <81415b97-6e02-33dc-a4da-b1b046d5a4e7@florian-thevissen.de> <87lg1unwje.fsf@gnu.org> <3ecb593e-49d1-e728-4a48-d4eaf9a675d2@florian-thevissen.de> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 16 =?utf-8?Q?Vent=C3=B4se?= an 227 de la =?utf-8?Q?R?= =?utf-8?Q?=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Wed, 06 Mar 2019 17:00:34 +0100 In-Reply-To: <3ecb593e-49d1-e728-4a48-d4eaf9a675d2@florian-thevissen.de> (Florian Thevissen's message of "Tue, 5 Mar 2019 19:57:42 +0100") Message-ID: <87d0n4f0wt.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a0c:e300::1 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: submit Cc: bug-Guix@gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) Hi Florian, Florian Thevissen skribis: > Hi Ludovic, > > Not really answering your question, but would user namespaces be an > option for you? If so, > > might be a simpler option. > > Thank you for the suggestion, this does look interesting. > > However, the original use-case of using guix in a non-root scenario is > no longer relevant to me: I was convincing enough to get guix > root-installed on all relevant machines on which I do not have root > access. So I can enjoy guix properly, now. Well, congrats. :-) Note that has some thoughts on non-root usage that may be of interest to you. > However, I could very well imagine guix to be used on a per-user > basis, acting on some sub-directory of $HOME. Afterall, many (most?) > desktop-systems are used by a single user - or so I would argue=E2=80=A6 I agree that non-root usage would be useful; it=E2=80=99s just that the ker= nel Linux doesn=E2=80=99t make it easy, unless user namespaces are enabled=E2= =80=A6 Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Wed Mar 06 11:00:50 2019 Received: (at control) by debbugs.gnu.org; 6 Mar 2019 16:00:51 +0000 Received: from localhost ([127.0.0.1]:34604 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h1YyQ-0002Hh-JP for submit@debbugs.gnu.org; Wed, 06 Mar 2019 11:00:50 -0500 Received: from hera.aquilenet.fr ([185.233.100.1]:60960) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1h1YyP-0002HZ-5v for control@debbugs.gnu.org; Wed, 06 Mar 2019 11:00:49 -0500 Received: from localhost (localhost [127.0.0.1]) by hera.aquilenet.fr (Postfix) with ESMTP id E3C8FAAD2 for ; Wed, 6 Mar 2019 17:00:47 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at aquilenet.fr Received: from hera.aquilenet.fr ([127.0.0.1]) by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XkqiFhvROlvW for ; Wed, 6 Mar 2019 17:00:47 +0100 (CET) Received: from ribbon (unknown [IPv6:2a01:e0a:1d:7270:af76:b9b:ca24:c465]) by hera.aquilenet.fr (Postfix) with ESMTPSA id 3CB44AABD for ; Wed, 6 Mar 2019 17:00:47 +0100 (CET) Date: Wed, 06 Mar 2019 17:00:46 +0100 Message-Id: <87bm2of0wh.fsf@gnu.org> To: control@debbugs.gnu.org From: =?utf-8?Q?Ludovic_Court=C3=A8s?= Subject: control message for bug #34494 MIME-version: 1.0 Content-type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) tags 34494 notabug close 34494 From unknown Wed Jun 18 23:17:38 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Thu, 04 Apr 2019 11:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator