GNU bug report logs - #75810
[PATCH 0/6] Rootless guix-daemon

Previous Next

Full log

Message #465 received at 75810-done <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: Reepca Russelstein <reepca <at> russelstein.xyz>
Cc: 75810-done <at> debbugs.gnu.org
Subject: Re: [bug#75810] [PATCH v8 07/16] daemon: Allow running as non-root
 with unprivileged user namespaces.
Date: Wed, 26 Mar 2025 18:07:13 +0100

Reepca Russelstein <reepca <at> russelstein.xyz> skribis:

> Looks good to me.

Pushed as a9239a769c5611f12061c9a895e4e218b3445e2f.

  a9239a769c * guix-install.sh: Support the unprivileged daemon where possible.
  107eb8ee8f * etc: systemd services: Run ‘guix-daemon’ as an unprivileged user.
  2f65438eba * tests: Run in a chroot and unprivileged user namespaces.
  f854095b6f * tests: Add missing derivation inputs.
  29164192e9 * linux-container: ‘unprivileged-user-namespace-supported?’ returns #f on non-Linux.
  bdd7b9a45d * daemon: Move comments where they belong.
  0163c732a1 * daemon: Drop Linux ambient capabilities before executing builder.
  a3d6f5ae70 * daemon: Create /var/guix/profiles/per-user unconditionally.
  ae18b3d9e6 * daemon: Allow running as non-root with unprivileged user namespaces.
  40f69b586a * daemon: Remount root directory as read-only.
  93474f9288 * daemon: Remount inputs as read-only.
  550ca89744 * daemon: Bind-mount all the inputs, not just directories.
  5c0b93b244 * daemon: Bind-mount /etc/nsswitch.conf & co. only if it exists.
  7bad04fac0 * daemon: Close the read end of the logging pipe.
  f03e6eff2f * daemon: Use ‘close_range’ where available.

Thanks a *lot*, Reepca.

If you liked this patch series, surely you’ll enjoy this followup:

  https://issues.guix.gnu.org/77288

:-)

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.