rohit yadav <rohitya...@utexas.edu> skribis: > > On Fri, Jan 6, 2017 at 9:18 AM, Ludovic Courtès <l...@gnu.org> wrote: > > rohit yadav <rohitya...@utexas.edu> skribis: > > > Thanks for the reply. The proot (https://proot-me.github.io/) project > > allows you to map $HOME/gnu/store to /gnu/store etc. However, where I am > > struggling is the guixbuild users and group creation, and running guix > > daemon. > > Yes, though PRoot relies on syscall interception using ptrace(2), which > is inefficient (which may or may not be a problem, depending on the > application). > > I am not greatly familiar with the lower level details of linux kernel yet. > How lot of these useful utilities work is not clear to me. I will probably > work on it sometime (any references?). For now, the performance > is not an issue. However, the main issue how to create guixbuild group and > users?
As I wrote to Tobias, it’s probably OK to use --disable-chroot (which alleviates the need for build users) and ask PRoot to restrict file system access to /gnu/store. Still not as good as what you get by running guix-daemon as root (separate UIDs, access to specific /gnu/store items), but probably “good enough” as a first approximation. > > I am using kernel 4+, which supports namespaces. > > How should I check it? Like this: > Yes, but some distributions compile it out or turn it off by default. > See > > <http://git.savannah.gnu.org/cgit/guix.git/tree/guix/scripts/environment.scm#n517>, > for a way to check whether user namespaces are enabled. HTH! Ludo’.
