Hi Ludo, > The hack below allows ‘guix pack’ to produce wrappers that allow, > through user namespaces, programs to automatically relocate themselves > when you run them unprivileged on a machine that lacks Guix.
This is very cool and very useful! It would make “guix pack” much more useful than it already is. Using a pack like that would require little more than unpacking it and running the application — that’s much less work than setting up Docker, Singularity or Guix itself, which may be impossible in an environment where user privileges are severely restricted. > We could also have wrappers fall back to PRoot when unshare(2) fails. Good idea. Could we use ptrace directly and optimize it for the case of “/gnu/store” paths? I’m just guessing that PRoot may incur a higher performance penalty because it’s so generic compared to a compile-time deterministic use of ptrace – after all, we know all /gnu/store locations in advance. -- Ricardo
