[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Generating wrappers for execution in non-root non-Guix contexts
From: |
Ricardo Wurmus |
Subject: |
Re: Generating wrappers for execution in non-root non-Guix contexts |
Date: |
Thu, 26 Apr 2018 15:39:21 +0200 |
User-agent: |
mu4e 1.0; emacs 25.3.1 |
Hi Ludo,
> The hack below allows ‘guix pack’ to produce wrappers that allow,
> through user namespaces, programs to automatically relocate themselves
> when you run them unprivileged on a machine that lacks Guix.
This is very cool and very useful! It would make “guix pack” much more
useful than it already is. Using a pack like that would require little
more than unpacking it and running the application — that’s much less
work than setting up Docker, Singularity or Guix itself, which may be
impossible in an environment where user privileges are severely
restricted.
> We could also have wrappers fall back to PRoot when unshare(2) fails.
Good idea. Could we use ptrace directly and optimize it for the case of
“/gnu/store” paths? I’m just guessing that PRoot may incur a higher
performance penalty because it’s so generic compared to a compile-time
deterministic use of ptrace – after all, we know all /gnu/store
locations in advance.
--
Ricardo