[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Building, packaging and updating Guix with confidence
From: |
Josselin Poiret |
Subject: |
Re: Building, packaging and updating Guix with confidence |
Date: |
Thu, 21 Jul 2022 18:10:53 +0200 |
Hello,
bokr@bokr.com writes:
> Naively:
>
> Why does "the" guix daemon per se need root access at all?
The main thing is that all files in the store end up being written by
the guix daemon user. So if we want the files to be easily
substitutable, they'd need to have a fixed uid/gid, and the only one we
can guarantee is root. Other than that, it needs to use a bunch of
Linux namespaces to isolate the builds from the rest of the system,
which depending on the kernel build-time configuration might not be
possible when unprivileged.
Best,
--
Josselin Poiret
- Building, packaging and updating Guix with confidence, Josselin Poiret, 2022/07/06
- Re: Building, packaging and updating Guix with confidence, Zhu Zihao, 2022/07/07
- Re: Building, packaging and updating Guix with confidence, Josselin Poiret, 2022/07/07
- Re: Building, packaging and updating Guix with confidence, bokr, 2022/07/17
- Re: Building, packaging and updating Guix with confidence,
Josselin Poiret <=
- Re: Building, packaging and updating Guix with confidence, Maxime Devos, 2022/07/21
- Re: Building, packaging and updating Guix with confidence, Bengt Richter, 2022/07/25
Re: Building, packaging and updating Guix with confidence, Ludovic Courtès, 2022/07/18