GNU bug report logs - #77900
Unprivileged guix-daemon fails to build in Docker/relocatable pack

Package: guix;

Reported by: Ludovic Courtès <ludovic.courtes <at> inria.fr>

Date: Fri, 18 Apr 2025 14:25:11 UTC

Severity: normal

View this message in rfc822 format

From: David Elsing <david.elsing <at> posteo.net>
To: Ludovic Courtès <ludovic.courtes <at> inria.fr>
Cc: 77900 <at> debbugs.gnu.org, Reepca Russelstein <reepca <at> russelstein.xyz>
Subject: bug#77900: Unprivileged guix-daemon fails to build in Docker/relocatable pack
Date: Thu, 17 Jul 2025 17:09:02 +0000

Hi,

Ludovic Courtès <ludovic.courtes <at> inria.fr> writes:

> So hmm, it looks like in practice we’re left with no choice but to keep
> using ‘--disable-chroot’ in Docker?

Without unprivileged user namespaces being allowed, the situation hasn't
changed I think.

> Do you happen to know what people running Docker-in-Docker (or similar)
> do?

No, but I found this [1] and this [2], so using `--privileged` (or at
least allowing unprivileged user namespaces) seems to be necessary.

Cheers,
David

[1] https://docs.docker.com/engine/security/rootless/#rootless-docker-in-docker
[2] https://github.com/moby/moby/issues/22139

This bug report was last modified 30 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #77900 Unprivileged guix-daemon fails to build in Docker/relocatable pack

GNU bug report logs - #77900
Unprivileged guix-daemon fails to build in Docker/relocatable pack