Hi, On 13/06/14 08:12, Ertugrul Söylemez wrote:
> The path-rewriting proposal is a very bad idea and will cause a lot of > breakage. For many/enough applications rewriting will not work at all, > because they might encode paths in data structures or be using a > non-UTF8 multi-byte encoding. Packages that store paths in UTF-16 don't work with Nix anyway, independent from hash rewriting, because Nix finds runtime dependencies by scanning for plain ASCII hashes. To my knowledge we've never encountered such a package in Nixpkgs. This paper has a small evaluation of hash rewriting: http://nixos.org/~eelco/pubs/secsharing-ase2005-final.pdf (section 6.1) > One simple and safe way to do this would involve using private mounts > with chrooting: Create a private bind-mount of "/" somewhere, then > bind-mount the Nix store at "/nix/store". Run the application within a > chroot in that directory. To the application the Nix store will appear > to be mounted at "/nix/store". > > The drawback of this method is that it requires the administrator to > allow one SetUID executable for the setup, or perhaps a bunch of entries > in the fstab. After that no further support from the administrator is > required. Or even better, ask the admin to use pam_namespace: http://www.linux-pam.org/Linux-PAM-html/sag-pam_namespace.html And hopefully, one day users won't need to be root to do bind mounts. -- Eelco Dolstra | LogicBlox, Inc. | http://nixos.org/~eelco/ _______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
