Hi Mateusz,
On Fri, Jun 13, 2014 at 7:22 AM, Mateusz Kowalczyk
<[email protected]> wrote:
>
> In environments where one only has regular user rights resources are
> often constrained, be it hard drive space, memory or computational
> power. Incurring the penalty of having to compile everything on top of
> that merely because the store is not sitting at the top of the file
> system is rather sub-optimal so it would be great if there was a solution.
>
BTW, have you tried user namespaces? I.e. in recent kernel you can
create another root
filesystem, even having only regular user permissions.
Here is proof of concept script:
#!/bin/sh -e
dirs="bin etc proc root tmp usr dev nix run sys var home"
mkdir newroot || true
for i in $dirs $cant_mount; do
mkdir newroot/$i || true
mount --rbind /$i newroot/$i
done
exec chroot newroot /bin/sh
Run it with:
lxc-usernsexec -- unshare -m ./newroot.sh
And you'll be in separate root and you don't need any privileges for
that. You probably only need a >= 3.8 kernel. If you don't have
lxc-usernsexec script or newuidmap (which is a dependency of
lxc-usernsexec), it is replaced by simple bash script. unshare utility
is from util-linux so should be everywhere.
I'm running in nix, so I just bind-mount /nix folder. You are probably
going to use the one directly in "newroot".
--
Paul
_______________________________________________
nix-dev mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-dev
