GNU bug report logs - #72337
Add /etc/subuid and /etc/subgid support

Previous Next

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Ludovic Courtès <ludo <at> gnu.org>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#72337: closed (Add /etc/subuid and /etc/subgid support)
Date: Wed, 18 Dec 2024 15:39:01 +0000

[Message part 1 (text/plain, inline)]

Your message dated Wed, 18 Dec 2024 16:38:22 +0100
with message-id <87v7vhj91t.fsf_-_ <at> gnu.org>
and subject line Re: bug#72337: Add /etc/subuid and /etc/subgid support
has caused the debbugs.gnu.org bug report #72337,
regarding Add /etc/subuid and /etc/subgid support
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
72337: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=72337
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]

From: paul <goodoldpaul <at> autistici.org>
To: guix-patches <at> gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>
Subject: Add /etc/subuid and /etc/subgid support
Date: Sun, 28 Jul 2024 17:25:09 +0200

Dear guixers,

I'm sending a small patch set to add a Guix System service (hopefully :) 
) able to handle /etc/subuid and /etc/subgid . It should be a first step 
towards a structured rootless-podman-service-type that I plan to 
implement. Please let me know your thoughts.

Ludo’ : I'm CCing you just FYI , this is not an ask for review just in 
some files your name is the only one in the copyright section and it may 
be that you are the most familiar with those, but please look at this 
when and if you have time.

Thank you everyone for your work,

giacomo

[Message part 3 (message/rfc822, inline)]

From: Ludovic Courtès <ludo <at> gnu.org>
To: Giacomo Leidi <goodoldpaul <at> autistici.org>
Cc: 72337-done <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer <at> gmail.com>,
 Florian Pelz <pelzflorian <at> pelzflorian.de>
Subject: Re: bug#72337: Add /etc/subuid and /etc/subgid support
Date: Wed, 18 Dec 2024 16:38:22 +0100

[Message part 4 (text/plain, inline)]

Giacomo Leidi <goodoldpaul <at> autistici.org> skribis:

> This commit adds a Guix System service to handle allocation of subuid
> and subgid requests.  Users that don't care can just add themselves as a
> subid-range and don't need to specify anything but their user name.
> Users that care about specific ranges, such as possibly LXD, can specify
> a start and a count.
>
> * doc/guix.texi: Document the new service.
> * gnu/build/activation.scm (activate-subuids+subgids): New variable.
> * gnu/local.mk: Add gnu/tests/shadow.scm.
> * gnu/system/accounts.scm (sexp->subid-range): New variable.
> * gnu/system/shadow.scm (%root-subid): New variable;
> (subids-configuration): new record;
> (subid-range->gexp): new variable;
> (assert-valid-subids): new variable;
> (delete-duplicate-ranges): new variable;
> (subids-activation): new variable;
> (subids-extension): new record;
> (append-subid-ranges): new variable;
> (subids-extension-merge): new variable;
> (subids-service-type): new variable.
> * gnu/tests/shadow.scm (subids): New system test.
>
> Change-Id: I3755e1c75771220c74fe8ae5de1a7d90f2376635
> Signed-off-by: Giacomo Leidi <goodoldpaul <at> autistici.org>

Applied as well!  I took the liberty to make the changes below to the
documentation.

I’m sorry that it took me so long.  I appreciate your patience and the
time you took to polish this patch series; I like the end result!  And I
realize it’s quite an important feature that will unlock a few things.
Thumbs up!

Thanks,
Ludo’.

[Message part 5 (text/x-patch, inline)]

diff --git a/doc/guix.texi b/doc/guix.texi
index f49154dc1b..fe84b52052 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -18848,6 +18848,13 @@ User Accounts
 special-case and is automatically added whether or not it is specified.
 @end defvar
 
+@cindex containers, subordinate IDs
+The Linux kernel also implements @dfn{subordinate user and group IDs},
+or ``subids'', which are used to map the ID of a user and group to
+several IDs inside separate name spaces---inside ``containers''.
+@xref{subordinate-user-group-ids, the subordinate user and group ID
+service}, for information on how to configure it.
+
 @node Keyboard Layout
 @section Keyboard Layout
 
@@ -41524,13 +41531,15 @@ Miscellaneous Services
 
 @c %end of fragment
 
-@cindex Subids
-@subsubheading Subid Service
+@anchor{subordinate-user-group-ids}
+@cindex subordinate user and group IDs
+@cindex subid, subordinate user and group IDs
+@subsubheading Subordinate User and Group ID Service
 
-Among the virtualization facilities implemented by the Linux kernel, the is the
-concept of subordinate IDs.  Subordinate IDs allow for mapping user and group
+Among the virtualization facilities implemented by the Linux kernel is the
+concept of @dfn{subordinate IDs}.  Subordinate IDs allow for mapping user and group
 IDs inside process namespaces to user and group IDs of the host system.
-Subordinate user ID ranges (subids) allow to map virtual user IDs inside
+Subordinate user ID ranges (subuids) allow users to map virtual user IDs inside
 containers to the user ID of an unprivileged user of the host system.
 Subordinate group ID ranges (subgids), instead map virtual group IDs to the
 group ID of an unprivileged user on the host system.  You can access

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.