GNU bug report logs - #77862
guix-daemon run as non-root sets up /etc/group incorrectly in build container

Previous Next

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: keinflue <keinflue <at> posteo.net>
Cc: 77862 <at> debbugs.gnu.org
Subject: bug#77862: guix-daemon run as non-root sets up /etc/group incorrectly in build container
Date: Thu, 17 Apr 2025 15:30:38 +0200

[Message part 1 (text/plain, inline)]

Hi,

keinflue <keinflue <at> posteo.net> writes:

> When using the new ability of guix-daemon to run as non-root with the
> help of user namespaces, the testsuite of coreutils fails.

Could you include a build log snippet?  (Also useful to have it inline
so that someone searching for discussions about the bug can find it.)

> This is because the daemon incorrectly uses the host GID instead of
> the guest GID in the build container's /etc/group, which the testsuite
> uses to lookup the group's name via id -gn.

I believe the fix you suggest is this:

[Message part 2 (text/x-patch, inline)]

diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
index 4ee4a1ae5f..a1f39d9a8b 100644
--- a/nix/libstore/build.cc
+++ b/nix/libstore/build.cc
@@ -1854,7 +1854,7 @@ void DerivationGoal::startBuilder()
            view of the system (e.g., "id -gn"). */
         writeFile(chrootRootDir + "/etc/group",
             (format("nixbld:!:%1%:\n")
-                % (buildUser.enabled() ? buildUser.getGID() : getgid())).str());
+                % (buildUser.enabled() ? buildUser.getGID() : guestGID)).str());
 
         /* Create /etc/hosts with localhost entry. */
         if (!fixedOutput)

[Message part 3 (text/plain, inline)]

Correct?

Thanks,
Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.