GNU bug report logs - #75810
[PATCH 0/6] Rootless guix-daemon

Previous Next

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: 75810 <at> debbugs.gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>, Reepca Russelstein <reepca <at> russelstein.xyz>, Christopher Baines <guix <at> cbaines.net>, Josselin Poiret <dev <at> jpoiret.xyz>, Ludovic Courtès <ludo <at> gnu.org>, Mathieu Othacehe <othacehe <at> gnu.org>, Simon Tournier <zimon.toutoune <at> gmail.com>, Tobias Geerinckx-Rice <me <at> tobias.gr>
Subject: [bug#75810] [PATCH v4 00/14] Rootless guix-daemon
Date: Fri, 28 Feb 2025 15:29:19 +0100

Hello Guix!

Changes in v4, hopefully the last revision of this patch set:

  • For ‘deleteTmpDir’, go back to v2, but add ‘secureFilePerms’ call and
    define ‘reown’ variable to determine whether to re-chown after pivoting
    (suggested by Reepca).

  • For fixed outputs, bind-mount /etc/nsswitch.conf & co. only if they exist
    (necessary when running ‘guix build guix’, where these files are missing).

  • In ‘Derivationgoal::startBuilder’, when an input is a symlink, symlink it
    instead of bind-mounting it (bind mounts would reveal the symlink target,
    not the symlink itself.)  Add a test for that.

    Consequently, an input that is a symlink may be deleted by a build process.
    This is a harmless (only the copy of the symlink in the temporary store is
    deleted) but observable change.

  • Fix several tests that were missing explicit inputs (discovered by running
    ‘guix build guix’; this had gone unnoticed when I first ran ‘make check’
    because I was sharing ‘ac_cv_guix_test_root’ with my main Guix checkout,
    so these derivation results were already in store.)

  • Leave ‘makeStoreWritable’ unchanged compared to current ‘master’.

  • ‘guix-install.sh’ uses the ‘can_install_unprivileged_daemon’ function (it
    was defined but unused).

  • ‘./test-env’ warns when resorting to ‘--disable-chroot’.

  • Unprivileged daemon documented under “Build Environment Setup”.

I would like to push the two guix-daemon tests before this series:

  https://issues.guix.gnu.org/76488
  https://issues.guix.gnu.org/76636

Thoughts?  Are we done?

Ludo’.

Ludovic Courtès (14):
  daemon: Use ‘close_range’ where available.
  daemon: Bind-mount /etc/nsswitch.conf & co. only if it exists.
  daemon: Bind-mount all the inputs, not just directories.
  daemon: Remount inputs as read-only.
  daemon: Remount root directory as read-only.
  daemon: Allow running as non-root with unprivileged user namespaces.
  daemon: Create /var/guix/profiles/per-user unconditionally.
  daemon: Drop Linux ambient capabilities before executing builder.
  daemon: Move comments where they belong.
  tests: Add missing derivation inputs.
  tests: Run in a chroot and unprivileged user namespaces.
  etc: systemd services: Run ‘guix-daemon’ as an unprivileged user.
  guix-install.sh: Support the unprivileged daemon where possible.
  DRAFT gexp: No symlinks for ‘imported-files/derivation’.

 build-aux/test-env.in       |  16 ++-
 config-daemon.ac            |   5 +-
 doc/guix.texi               | 100 +++++++++++----
 etc/gnu-store.mount.in      |   3 +-
 etc/guix-daemon.service.in  |  20 ++-
 etc/guix-install.sh         | 106 +++++++++++----
 guix/gexp.scm               |   5 +-
 guix/substitutes.scm        |   4 +-
 nix/libstore/build.cc       | 226 ++++++++++++++++++++++++--------
 nix/libstore/local-store.cc |  26 ++--
 nix/libutil/util.cc         |  23 +++-
 tests/derivations.scm       |  24 ++--
 tests/packages.scm          |  13 +-
 tests/processes.scm         |   9 +-
 tests/store.scm             | 250 +++++++++++++++++++++++++++++++-----
 15 files changed, 650 insertions(+), 180 deletions(-)


base-commit: a76708a872e65230931f3c5c3b079d0a39d5cb84
-- 
2.48.1

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.