guix_mirror_bot pushed a commit to branch master
in repository guix.
commit 7b9c30de1fba4ec190ca7fb6f2d85ddc802f7778
Author: Ludovic Courtès <[email protected]>
AuthorDate: Wed Dec 17 18:01:04 2025 +0100
environment: Do not attempt to map GID 0 when invoked as root.
* guix/scripts/environment.scm (launch-environment/container): Set ‘gid’ to
1000 when ‘getgid’ returns zero.
Fixes: guix/guix#4234
Reported-by: Maxim Cournoyer <[email protected]>
Change-Id: I781f2939dfd3cda23373d2fa03e288995bce9eb9
---
guix/scripts/environment.scm | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index 1b3b1312ea..b2e715c6dd 100644
--- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -828,7 +828,13 @@ WHILE-LIST."
(let* ((cwd (getcwd))
(home (getenv "HOME"))
(uid (if user 1000 (getuid)))
- (gid (if user 1000 (getgid)))
+ (gid (if user
+ 1000
+ ;; When running as root, always map a non-zero GID
+ ;; or writing to 'gid_map' would fail with EPERM.
+ (match (getgid)
+ (0 1000)
+ (gid gid))))
;; On a foreign distro, the name service switch might be
;; dysfunctional and 'getpwuid' throws. Don't let that hamper
