Received: (at 77288) by debbugs.gnu.org; 20 Apr 2025 13:57:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sun Apr 20 09:57:00 2025
Received: from localhost ([127.0.0.1]:49767 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u6VAK-0003E5-7R
for submit <at> debbugs.gnu.org; Sun, 20 Apr 2025 09:57:00 -0400
Received: from mail-pl1-x636.google.com ([2607:f8b0:4864:20::636]:50201)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
(Exim 4.84_2) (envelope-from <maxim.cournoyer@HIDDEN>)
id 1u6VAG-0003CS-MA
for 77288 <at> debbugs.gnu.org; Sun, 20 Apr 2025 09:56:57 -0400
Received: by mail-pl1-x636.google.com with SMTP id
d9443c01a7336-22c33e5013aso36630495ad.0
for <77288 <at> debbugs.gnu.org>; Sun, 20 Apr 2025 06:56:56 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20230601; t=1745157410; x=1745762210; darn=debbugs.gnu.org;
h=content-transfer-encoding:mime-version:user-agent:message-id:date
:references:in-reply-to:subject:cc:to:from:from:to:cc:subject:date
:message-id:reply-to;
bh=8TR8K2mBcccxZQItwV02Qo0BhTqneE/Wae6PzMGBPYc=;
b=X7YX+W5TY0gBVqxZ4jeqIWT0kbGjdzORLjeC9TTXWvu14dbffHnD5rvoN+m4pp66lV
VLLhsZ5A6RQFPNDmhIbPf8XDSruJlKCDilptWwSlrMHg6wr12A2OQ5dUrqxJCI3iomb2
D2YBMHCPu/BKIATqLINx1reqdwEko7o+yqn8s1blKyW+g6Ff5prcyyACI7WrY/dlx3BE
/CZDgqwYjbwKVUNXWvU94dI4qFB6OyCsdPLOPJurRhVtsHkmOevy1MzQwWldK4P2mKqq
3KYxGQMrr9oAjKOJ7CoPi+V68OQ9+P7XW5werNkL4j+rd6HECgq1lkxTQTiNAlJ8nAuX
EC8w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20230601; t=1745157410; x=1745762210;
h=content-transfer-encoding:mime-version:user-agent:message-id:date
:references:in-reply-to:subject:cc:to:from:x-gm-message-state:from
:to:cc:subject:date:message-id:reply-to;
bh=8TR8K2mBcccxZQItwV02Qo0BhTqneE/Wae6PzMGBPYc=;
b=enKdwb6zJ7prU17aNa8VFP4/Eey6SigHE5Qf9fNkJ5jGiOpuB99TF6CFjLnHbTeU2L
JDtrn4icueWS3ALyhGjvhehfLhjf35MNo3lIU6BZ3+5/G5b5Dh0MUcl8z4AP++gJylH+
nwlZI9JpfBUflIEdNcuH9INBkXMj2Vdl5Twvwq/bJuKXGJ+oECB9HfAS0ksSrC8YD/vY
fbDSydUYi8AsfTkdeaaFpLw5g6w01+E0D9hL8guwdOY+S5EjztHqOt5Wl1QXhh+HEJJs
WSMJ+cN3/KV5uk1WEe4UvATNe8KaMGBn4wAG2ygKgF/EiRqYkk5kVNMT0w18tszrz50t
ndVA==
X-Gm-Message-State: AOJu0Yxkx/cK9T2CJ0O0ppWYXYbyihNLpK2TC40pI4qhngDkmEvTMuf1
Hs/0BOKl4fdNLcCHiGzmAN2wV7ub0MTZsz370nJ65AsvwA9DwiZwE233Rw==
X-Gm-Gg: ASbGncu7m9j3DDn6phqcVdo6VT0OvkkY9SASEXzs6m49Uti0psNEbwZZIztqd3Od5VO
hoi2LZeQ+0Ubczzx0CaHNKS0jc4CNROEHARrWG+Np+snZess0wGZrj2uHelLzsVG68oCsWLMiJv
YaIu8uuyH3FzrTZgOrvv2JJS2q5+yGHBKqPqwLeE17UgE6R6HSpIZi4nOGNMGIlIfsxiIKeuTuw
q/LMPCBOZ1xmWQqT0v7FCQ79ifCiXrQnmtWXU/+B6biidl6t33uYOsbnXgYhyBY50NWIZcItjVu
hgpZEFItJ9VmQptRTMP+QfJkb5Ty+lpfLqPMDLU=
X-Google-Smtp-Source: AGHT+IG22FMzGkgMcGKngNTQO9WOFeTZtaCf3MQC+asXm6STl5UpLCafKIRKh04KFOpR+59ABRJWDg==
X-Received: by 2002:a17:903:2304:b0:22c:3294:f038 with SMTP id
d9443c01a7336-22c5359e53cmr120311795ad.18.1745157409971;
Sun, 20 Apr 2025 06:56:49 -0700 (PDT)
Received: from terra ([2405:6586:be0:0:83c8:d31d:2cec:f542])
by smtp.gmail.com with ESMTPSA id
d9443c01a7336-22c50bf5398sm48633735ad.90.2025.04.20.06.56.48
(version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
Sun, 20 Apr 2025 06:56:49 -0700 (PDT)
From: Maxim Cournoyer <maxim.cournoyer@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Subject: Re: [bug#77288] [PATCH v2 2/8] doc: Document migration to the
unprivileged daemon.
In-Reply-To: <ae493e8a2441c678c9c20ab74f474984342d45d2.1744899444.git.ludo@HIDDEN>
("Ludovic =?utf-8?Q?Court=C3=A8s=22's?= message of "Thu, 17 Apr 2025
16:21:37 +0200")
References: <cover.1744899444.git.ludo@HIDDEN>
<ae493e8a2441c678c9c20ab74f474984342d45d2.1744899444.git.ludo@HIDDEN>
Date: Sun, 20 Apr 2025 22:56:28 +0900
Message-ID: <87ldrv9bsj.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77288
Cc: 77288 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi Ludovic,
Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
> * doc/guix.texi (Build Environment Setup): Add =E2=80=9CMigrating to the
> Unprivileged Daemon=E2=80=9D section.
> (Upgrading Guix): Link to it.
[...]
It looks good to me, but I was wondering if this wouldn't fit better in
a etc/news.scm entry, or blog post, since it's a section which will
eventually be obsolete, as more and more systems are installed out of the
box with the unprivileged daemon.
A couple of related questions: are Guix Systems already automatically
handled to run the daemon unprivileged now? Is this just for foreign
systems? Is the guix-install.sh script able to setup the daemon for
unprivileged execution now?
--=20
Thanks,
Maxim
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 19 Apr 2025 20:22:15 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Apr 19 16:22:15 2025
Received: from localhost ([127.0.0.1]:38259 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u6Eha-0002xC-BU
for submit <at> debbugs.gnu.org; Sat, 19 Apr 2025 16:22:15 -0400
Received: from relay.yourmailgateway.de ([188.68.63.102]:50055)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <pelzflorian@HIDDEN>)
id 1u6EhV-0002wO-Fc
for 77288 <at> debbugs.gnu.org; Sat, 19 Apr 2025 16:22:11 -0400
Received: from mors-relay-2502.netcup.net (localhost [127.0.0.1])
by mors-relay-2502.netcup.net (Postfix) with ESMTPS id 4Zg32R66J0z64XJ;
Sat, 19 Apr 2025 22:22:07 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pelzflorian.de;
s=key2; t=1745094127;
bh=YwQjVcPSw6VkiH6imWpK5IzWOgYN44KIhkeL/YvOmxo=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
b=VCMnF9lgqGNUF+MjfDs4wl49cL3XT5P8zpxyMUVoMznCyce5qxI4F6Bm4UfqhLZ8M
ZfnayBgq+MIUCn2OL7fkp9YClW02Sb5C7NZwGLMfYYI3qx47aZs88LguOTccFXIRdW
SYhX8QaoatXupehoB5E2oz27TpI1qPg696NUUYFcwGCN2H4yIunacB4BhMAcv9JxO7
y8r7fFxwxbYoDXTfcTGz6dQKK2WfR+IeKNrzlcsoKSY34GJEXHoCQh8qVVxVweWnFl
7wUKhAecDRPj/p85ycL3r2KvUAF3rk1gEuYDiA6lbZOTDwVdH3GrCyO52WnAUT+xkN
U8XmAO5c2A8wg==
Received: from policy01-mors.netcup.net (unknown [46.38.225.35])
by mors-relay-2502.netcup.net (Postfix) with ESMTPS id 4Zg32R5Q2nz4xQS;
Sat, 19 Apr 2025 22:22:07 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at policy01-mors.netcup.net
X-Spam-Flag: NO
X-Spam-Score: -2.897
X-Spam-Level:
X-Spam-Status: No, score=-2.897 required=6.31 tests=[ALL_TRUSTED=-1,
BAYES_00=-1.9, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001,
URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mxe217.netcup.net (unknown [10.243.12.53])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by policy01-mors.netcup.net (Postfix) with ESMTPS id 4Zg32P6M6hz8t4J;
Sat, 19 Apr 2025 22:22:04 +0200 (CEST)
Received: from florianhp (ipb21a5dbf.dynamic.kabel-deutschland.de
[178.26.93.191])
by mxe217.netcup.net (Postfix) with ESMTPSA id 6EE5084616;
Sat, 19 Apr 2025 22:21:58 +0200 (CEST)
From: "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Subject: Re: [bug#77288] [PATCH v3 2/8] doc: Document migration to the
unprivileged daemon.
In-Reply-To: <87ecxoikp5.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?=
=?utf-8?Q?s?= message of "Sat, 19 Apr 2025 11:07:02 +0200")
References: <cover.1745005408.git.ludo@HIDDEN>
<e551a3a7145f24c44e2c764c78930722f32798b3.1745005408.git.ludo@HIDDEN>
<87jz7hdms0.fsf@HIDDEN> <87ecxoikp5.fsf@HIDDEN>
Date: Sat, 19 Apr 2025 22:22:43 +0200
Message-ID: <87ecxn9a0c.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Server: rspamd-worker-8404
X-Rspamd-Queue-Id: 6EE5084616
X-NC-CID: 1OXoFgFwWmWv29VVfVxMCsyHAQW9fu5r8JsvS8tmP28puiDIdy/Lbp+c
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77288
Cc: 77288 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
>> except ownerships of /gnu/store/ files are funny when I guix system
>> roll-back to the time before guix-ownership services existed.
>
> Uh, right. There=E2=80=99s little we can do here, except perhaps adding a
> warning in the doc?
No, I was just trying to provoke an error. No warning in the doc is
needed. Because (privileged #t) remains the default for some time and
guix-ownership already exists, wrong ownership will not affect many
users when they do not provoke it. Also files owned by a user id, group
id that no longer exists can happen on system roll-backs. And it can
obviously be fixed by following the =E2=80=9CMigrating to the Unprivileged
Daemon=E2=80=9D docs with root:root.
What I should have written to you is that I want the command
mount -o remount,rw /gnu/store
to come before the chown for the migrating foreign distro users.
> Users are invited to stop the daemon before doing that, which should
> stop =E2=80=98gnu-store.mount=E2=80=99 as well.[=E2=80=A6]
No. I set up a Debian VM now with Guix from the install script and guix
pulled as root with this patch series. =E2=80=9Csystemctl stop guix-daemon=
=E2=80=9D
does not change the mount command outputting:
=E2=80=9C/dev/sda1 on /gnu/store type ext4 (ro,relatime,errors=3Dremount-ro=
)=E2=80=9D,
And the chown from =E2=80=9CMigrating to the Unprivileged Daemon=E2=80=9D p=
rints lines
like:
chown: changing ownership of '/gnu/store/4ab=E2=80=A6-mpfr-4.2.1-builder':
Read-only file system
Above mount command from the examples in Guix manual section on SELinux
Policy makes chown work.
I would just write down the =E2=80=9Cmount -o remount,rw /gnu/store=E2=80=
=9D command,
even though it is not needed when a user is not on systemd or has not
set up gnu-store.mount.
Another observation; I get errors
guix shell: error: opening global GC lock '/var/guix/gc.lock':
Permission denied
I had to chown guix-daemon:guix-daemon /var/guix/gc.lock as well.
Other than that your docs work well for me. Thanks again!
Regards,
Florian
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 19 Apr 2025 09:32:23 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Sat Apr 19 05:32:23 2025
Received: from localhost ([127.0.0.1]:58031 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u64Yg-0003wj-LC
for submit <at> debbugs.gnu.org; Sat, 19 Apr 2025 05:32:23 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:35470)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u64Yc-0003vp-SS
for 77288 <at> debbugs.gnu.org; Sat, 19 Apr 2025 05:32:19 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u64YU-0005AY-RV; Sat, 19 Apr 2025 05:32:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
From; bh=YxocGjDI5sBL49L//gfwR8qA+sJbLTLvHytA3bFrTnM=; b=LD8+mvkJs08HmLo9LeK+
qrminMTfZiTXGgwR/H8nKpuOkmT2TnM/Ne6F9BOfh73GE6D4mRZyJ3b1IENYJMjXLsKAhw2On/WXw
TnAX64SAdzIvL4JxdpK2qF70NjihAswuyXuQIRziWJbi3CKO9CfdoVahYjFGSTqgz+2vOdnRZPzVO
6aJzQ+Zy0tBjKdTTGH+kmlTJjuJrSq/LEdi5e5XS71rQx7QTop5szcHB86RzOd1HTHbxDkXzI8TLy
lVO/RvnpB2XXkThmp8rGFd9U9z1epZzEIKvTIM418xz8P+UJ7/QHV4DmMhepZ8Cqggg9Yo068uRCk
UkFSOGdVp9/axw==;
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN>
Subject: Re: [bug#77288] [PATCH v3 2/8] doc: Document migration to the
unprivileged daemon.
In-Reply-To: <87jz7hdms0.fsf@HIDDEN> (pelzflorian@HIDDEN's
message of "Sat, 19 Apr 2025 02:21:03 +0200")
References: <cover.1745005408.git.ludo@HIDDEN>
<e551a3a7145f24c44e2c764c78930722f32798b3.1745005408.git.ludo@HIDDEN>
<87jz7hdms0.fsf@HIDDEN>
User-Agent: mu4e 1.12.9; emacs 29.4
X-URL: https://people.bordeaux.inria.fr/lcourtes/
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
X-Revolutionary-Date: =?utf-8?Q?D=C3=A9cadi?= 30 Germinal an 233 de la
=?utf-8?Q?R=C3=A9volution=2C?= jour du Greffoir
Date: Sat, 19 Apr 2025 11:07:02 +0200
Message-ID: <87ecxoikp5.fsf@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: 77288 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hey Florian,
"pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN> writes:
> Works great now. I can now with v3 merrily switch back and forth the
> (privileged? #f) on Guix System,
Good, thanks for testing again!
> except ownerships of /gnu/store/ files are funny when I guix system
> roll-back to the time before guix-ownership services existed.
Uh, right. There=E2=80=99s little we can do here, except perhaps adding a
warning in the doc?
> Then I try the
>
> chown -R root:root \
> /gnu \
> /var/guix/{daemon-socket,db,discover} \
> /var/guix/{gcroots,offload,substitute,temproots} \
> /var/log/guix \
> /etc/guix
>
> from this =E2=80=9CMigrating to the Unprivileged Daemon=E2=80=9D with roo=
t:root instead
> of guix-daemon:guix-daemon. But it does not work unless I mount -o
> remount,rw /gnu/store (a command from the subsequent SELinux section).
>
> While I have not tested this =E2=80=9CMigrating to the Unprivileged Daemo=
n=E2=80=9D
> section on a foreign distro, should not etc/gnu-store.mount require
> remounting on foreign distros, too?
Users are invited to stop the daemon before doing that, which should
stop =E2=80=98gnu-store.mount=E2=80=99 as well. Do you think that needs to=
be
clarified?
Thanks,
Ludo=E2=80=99.
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 19 Apr 2025 00:20:39 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 20:20:39 2025
Received: from localhost ([127.0.0.1]:53444 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5vwk-0000Gx-0U
for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 20:20:39 -0400
Received: from relay.yourmailgateway.de ([188.68.63.170]:41285)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <pelzflorian@HIDDEN>)
id 1u5vwb-0000Eu-4u
for 77288 <at> debbugs.gnu.org; Fri, 18 Apr 2025 20:20:33 -0400
Received: from mors-relay8203.netcup.net (localhost [127.0.0.1])
by mors-relay8203.netcup.net (Postfix) with ESMTPS id 4ZfXMt4pNjz8bFY;
Sat, 19 Apr 2025 00:20:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pelzflorian.de;
s=key2; t=1745022026;
bh=6uOVPb9QQ8ftzwiUIdK/O58c85oOFS2QaaVqcE/X3aU=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
b=dnRaGgjY3mYpC6vAyVeLUqr2FvCrEzg0HcGt4+3DQELs1jeo6jTUswj7WuKK1jt1p
wFn62ZwT3dXJoFqTLD1ngE7vTbaxReR+qIqJ1Iyqd2ilLBYh9S9HNS25kRLh8Ks66z
i1xEltOOyQ1Im0xgQbGSipUuG5dqZPIZneVNNVprRMbzivMIBEZQoAitwYuzJZwLxZ
hvb4M0g7DpPzy+0ETSQ0J+3AX88ywYUavA0HJBVtsyMZtSru4olofxKczBmUaIjHeP
CENax2o9tsXp2sKwJIOEQ9n/rOCLUbQaclBuSqiu4iVHjwhKMSgAt4N7AQMli0fHQv
xReV3r9C3tYkw==
Received: from policy02-mors.netcup.net (unknown [46.38.225.35])
by mors-relay8203.netcup.net (Postfix) with ESMTPS id 4ZfXMt2xtcz8bBT;
Sat, 19 Apr 2025 00:20:26 +0000 (UTC)
Received: from mxe217.netcup.net (unknown [10.243.12.53])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by policy02-mors.netcup.net (Postfix) with ESMTPS id 4ZfXMs1pxkz8sZg;
Sat, 19 Apr 2025 02:20:24 +0200 (CEST)
Received: from florianhp (ipb21a5dbf.dynamic.kabel-deutschland.de
[178.26.93.191])
by mxe217.netcup.net (Postfix) with ESMTPSA id 00D2E851F7;
Sat, 19 Apr 2025 02:20:17 +0200 (CEST)
From: "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Subject: Re: [bug#77288] [PATCH v3 2/8] doc: Document migration to the
unprivileged daemon.
In-Reply-To: <e551a3a7145f24c44e2c764c78930722f32798b3.1745005408.git.ludo@HIDDEN>
("Ludovic =?utf-8?Q?Court=C3=A8s=22's?= message of "Fri, 18 Apr 2025
21:46:47 +0200")
References: <cover.1745005408.git.ludo@HIDDEN>
<e551a3a7145f24c44e2c764c78930722f32798b3.1745005408.git.ludo@HIDDEN>
Date: Sat, 19 Apr 2025 02:21:03 +0200
Message-ID: <87jz7hdms0.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Server: rspamd-worker-8404
X-Rspamd-Queue-Id: 00D2E851F7
X-NC-CID: JclEUzzYPHhpyblcsMI1i7TLLYeTj8vxJna+jeKdP/4Wa5PMJ5nK4frg
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77288
Cc: 77288 <at> debbugs.gnu.org, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Works great now. I can now with v3 merrily switch back and forth the
(privileged? #f) on Guix System, except ownerships of /gnu/store/ files
are funny when I guix system roll-back to the time before guix-ownership
services existed.
Then I try the
chown -R root:root \
/gnu \
/var/guix/{daemon-socket,db,discover} \
/var/guix/{gcroots,offload,substitute,temproots} \
/var/log/guix \
/etc/guix
from this =E2=80=9CMigrating to the Unprivileged Daemon=E2=80=9D with root:=
root instead
of guix-daemon:guix-daemon. But it does not work unless I mount -o
remount,rw /gnu/store (a command from the subsequent SELinux section).
While I have not tested this =E2=80=9CMigrating to the Unprivileged Daemon=
=E2=80=9D
section on a foreign distro, should not etc/gnu-store.mount require
remounting on foreign distros, too?
Regards,
Florian
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 18 Apr 2025 19:48:17 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 15:48:17 2025
Received: from localhost ([127.0.0.1]:52974 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5rh2-0008N4-Gz
for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:48:17 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:46990)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5rgF-0008D9-Jk
for 77288 <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:26 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5rgA-0000W9-2l; Fri, 18 Apr 2025 15:47:14 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=TeaYHy12+V9mlNecR4m93RlQppVhAs0eNAhkDZbalDQ=; b=CFx7e24EYx0HfoxWp923
GWYmzausHgvOTsgdFw+hnyDWEqji3rY+OEbw9E8fIrWfBbx1ZEeaexFNWz0grtPJtD4FGB48I/A77
D/lvjwUBMJUbGJVYXsJDALoAzKIsH+ZDD2ZmDXPHitsfnzWrvaR52AlZv6wwxUOwl9jDcZMfsKURE
ANdM+bXcuT2c6Op/OOzy8JbvwJ8RkD0qxiBG5guQqw6z7iNrGhXR/lY+IrAIu4e7u3KgezSjabNxc
lREsB7Ws0D9fptfsnc3aPHr8MZnmezGgzs6LVJqgnh7Jl4+AjuBzJoUHiKpWfwVXk9gU0N8yZjoGp
I7Xo6Dsj8gl8LQ==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v3 7/8] =?UTF-8?q?services:=20guix:=20Allow=20=E2=80=98gui?=
=?UTF-8?q?x-daemon=E2=80=99=20to=20run=20without=20root=20privileges.?=
Date: Fri, 18 Apr 2025 21:46:52 +0200
Message-ID: <03a37d2a52c3cc6ce42a4e0699ca085cfaeac178.1745005408.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1745005408.git.ludo@HIDDEN>
References: <cover.1745005408.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* gnu/services/base.scm (run-with-writable-store)
(guix-ownership-change-program): New procedures.
(<guix-configuration>)[privileged?]: New field.
(guix-shepherd-service): Rename to…
(guix-shepherd-services): … this. Add the ‘guix-ownership’ service.
Change ‘guix-daemon’ service to depend on it; when unprivileged,
prefix ‘daemon-command’ by ‘run-with-writable-store’ and
omit ‘--build-users-group’; adjust socket activation endpoints.
(guix-accounts): When unprivileged, create the “guix-daemon” user and
group in addition to the others.
(guix-service-type)[extensions]: Adjust to name change.
* gnu/tests/base.scm (run-guix-daemon-test): Add ‘name’ parameter.
(%test-guix-daemon): Adjust accordingly.
(%test-guix-daemon-unprivileged): New test.
* doc/guix.texi (Base Services): Document ‘privileged?’.
(Migrating to the Unprivileged Daemon): Explain that this is automatic
on Guix System.
Change-Id: I28a9a22e617416c551dccb24e43a253b544ba163
---
doc/guix.texi | 38 +++++++++
gnu/services/base.scm | 192 ++++++++++++++++++++++++++++++++++++++----
gnu/tests/base.scm | 47 +++++++++--
3 files changed, 257 insertions(+), 20 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 377cb65326..8243bd0547 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1037,6 +1037,14 @@ Build Environment Setup
files to @code{guix-daemon}, and ensuring that the @command{guix-daemon}
program runs as @code{guix-daemon}.
+On Guix System, these steps are carried out automatically when you set
+the @code{privileged?} field of the @code{guix-configuration} record to
+@code{#f} and reconfigure (@pxref{guix-configuration-type,
+@code{guix-configuration}}).
+
+However, on a foreign distribution, the process is manual. The
+following paragraphs describe what you need to do.
+
@quotation Warning
Follow the instructions below only after making sure you have a recent
version of @command{guix-daemon} with support for unprivileged
@@ -20105,6 +20113,36 @@ Base Services
The Guix package to use. @xref{Customizing the System-Wide Guix} to
learn how to provide a package with a pre-configured set of channels.
+@cindex unprivileged @command{guix-daemon}
+@cindex rootless @command{guix-daemon}
+@item @code{privileged?} (default: @code{#t})
+Whether to run @command{guix-daemon} as root.
+
+When true, @command{guix-daemon} runs with root privileges and build
+processes run under unprivileged user accounts as specified by
+@code{build-group} and @code{build-accounts} (see below); when false,
+@command{guix-daemon} run as the @code{guix-daemon} user, which is
+unprivileged, and so do build processes. The unprivileged or
+``rootless'' mode can reduce the impact of some classes of
+vulnerabilities that could affect the daemon.
+
+The default is currently @code{#t} (@command{guix-daemon} runs with root
+privileges) but may eventually be changed to @code{#f}.
+
+@quotation Warning
+When changing this option, @file{/gnu/store}, @file{/var/guix}, and
+@file{/etc/guix} have their ownership automatically changed by the
+@code{guix-ownership} service to either the @code{guix-daemon} user or
+the @code{root} user (@pxref{unprivileged-daemon-migration}).
+
+This can take a while, especially if @file{/gnu/store} is big; it cannot
+be interrupted and @command{guix-daemon} cannot be used until it has
+completed.
+@end quotation
+
+@xref{Build Environment Setup}, for more information on the two ways to
+run @command{guix-daemon}.
+
@item @code{build-group} (default: @code{"guixbuild"})
Name of the group for build user accounts.
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 490376d446..df44e88b2e 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1918,6 +1918,100 @@ (define (guix-machines-files-installation machines)
#$machines))
machines-file))))
+(define (run-with-writable-store)
+ "Return a wrapper that runs the given command under the specified UID and
+GID in a context where the store is writable, even if it was bind-mounted
+read-only via %IMMUTABLE-STORE (this wrapper must run as root)."
+ (program-file "run-with-writable-store"
+ (with-imported-modules (source-module-closure
+ '((guix build syscalls)))
+ #~(begin
+ (use-modules (guix build syscalls)
+ (ice-9 match))
+
+ (define (ensure-writable-store store)
+ ;; Create a new mount namespace and remount STORE with
+ ;; write permissions if it's read-only.
+ (unshare CLONE_NEWNS)
+ (let ((fs (statfs store)))
+ (unless (zero? (logand (file-system-mount-flags fs)
+ ST_RDONLY))
+ (mount store store "none"
+ (logior MS_BIND MS_REMOUNT)))))
+
+ (match (command-line)
+ ((_ user group command args ...)
+ (ensure-writable-store #$(%store-prefix))
+ (let ((uid (or (string->number user)
+ (passwd:uid (getpwnam user))))
+ (gid (or (string->number group)
+ (group:gid (getgrnam group)))))
+ (setgroups #())
+ (setgid gid)
+ (setuid uid)
+ (apply execl command command args))))))))
+
+(define (guix-ownership-change-program)
+ "Return a program that changes ownership of the store and other data files
+of Guix to the given UID and GID."
+ (program-file "validate-guix-ownership"
+ (with-imported-modules (source-module-closure
+ '((guix build utils)))
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 ftw)
+ (ice-9 match))
+
+ (define (lchown file uid gid)
+ (let ((parent (open (dirname file) O_DIRECTORY)))
+ (chown-at parent (basename file) uid gid
+ AT_SYMLINK_NOFOLLOW)
+ (close-port parent)))
+
+ (define (change-ownership directory uid gid)
+ ;; chown -R UID:GID DIRECTORY
+ (file-system-fold (const #t) ;enter?
+ (lambda (file stat result) ;leaf
+ (if (eq? 'symlink (stat:type stat))
+ (lchown file uid gid)
+ (chown file uid gid)))
+ (const #t) ;down
+ (lambda (directory stat result) ;up
+ (chown directory uid gid))
+ (const #t) ;skip
+ (lambda (file stat errno result)
+ (format (current-error-port) "i/o error: ~a: ~a~%"
+ file (strerror errno))
+ #f)
+ #t ;seed
+ directory
+ lstat))
+
+ (define (claim-data-ownership uid gid)
+ (format #t "Changing file ownership for /gnu/store \
+and data directories to ~a:~a...~%"
+ uid gid)
+ (change-ownership #$(%store-prefix) uid gid)
+ (let ((excluded '("." ".." "profiles" "userpool")))
+ (for-each (lambda (directory)
+ (change-ownership (in-vicinity "/var/guix" directory)
+ uid gid))
+ (scandir "/var/guix"
+ (lambda (file)
+ (not (member file
+ excluded))))))
+ (chown "/var/guix" uid gid)
+ (change-ownership "/etc/guix" uid gid)
+ (mkdir-p "/var/log/guix")
+ (change-ownership "/var/log/guix" uid gid))
+
+ (match (command-line)
+ ((_ (= string->number (? integer? uid))
+ (= string->number (? integer? gid)))
+ (setlocale LC_ALL "C.UTF-8") ;for file name decoding
+ (setvbuf (current-output-port) 'line)
+ (claim-data-ownership uid gid)))))))
+
(define-record-type* <guix-configuration>
guix-configuration make-guix-configuration
guix-configuration?
@@ -1959,6 +2053,8 @@ (define-record-type* <guix-configuration>
(default #f))
(tmpdir guix-tmpdir ;string | #f
(default #f))
+ (privileged? guix-configuration-privileged?
+ (default #t))
(build-machines guix-configuration-build-machines ;list of gexps | '()
(default '()))
(environment guix-configuration-environment ;list of strings
@@ -2021,7 +2117,7 @@ (define shepherd-discover-action
(environ environment)
#t)))))
-(define (guix-shepherd-service config)
+(define (guix-shepherd-services config)
"Return a <shepherd-service> for the Guix daemon service with CONFIG."
(define locales
(let-system (system target)
@@ -2030,16 +2126,57 @@ (define (guix-shepherd-service config)
glibc-utf8-locales)))
(match-record config <guix-configuration>
- (guix build-group build-accounts chroot? authorize-key? authorized-keys
+ (guix privileged?
+ build-group build-accounts chroot? authorize-key? authorized-keys
use-substitutes? substitute-urls max-silent-time timeout
log-compression discover? extra-options log-file
http-proxy tmpdir chroot-directories environment
socket-directory-permissions socket-directory-group
socket-directory-user)
(list (shepherd-service
+ (provision '(guix-ownership))
+ (requirement '(user-processes user-homes))
+ (one-shot? #t)
+ (start #~(lambda ()
+ (let* ((store #$(%store-prefix))
+ (stat (lstat store))
+ (privileged? #$(guix-configuration-privileged?
+ config))
+ (change-ownership #$(guix-ownership-change-program))
+ (with-writable-store #$(run-with-writable-store)))
+ ;; Check whether we're switching from privileged to
+ ;; unprivileged guix-daemon, or vice versa, and adjust
+ ;; file ownership accordingly. Spawn a child process
+ ;; if and only if something needs to be changed.
+ ;;
+ ;; Note: This service remains in 'starting' state for
+ ;; as long as CHANGE-OWNERSHIP is running. That way,
+ ;; 'guix-daemon' starts only once we're done.
+ (cond ((and (not privileged?)
+ (or (zero? (stat:uid stat))
+ (zero? (stat:gid stat))))
+ (let ((user (getpwnam "guix-daemon")))
+ (format #t "Changing to unprivileged guix-daemon.~%")
+ (zero?
+ (system* with-writable-store "0" "0"
+ change-ownership
+ (number->string (passwd:uid user))
+ (number->string (passwd:gid user))))))
+ ((and privileged?
+ (and (not (zero? (stat:uid stat)))
+ (not (zero? (stat:gid stat)))))
+ (format #t "Changing to privileged guix-daemon.~%")
+ (zero? (system* with-writable-store "0" "0"
+ change-ownership "0" "0")))
+ (else #t)))))
+ (documentation "Ensure that the store and other data files used by
+guix-daemon have the right ownership."))
+
+ (shepherd-service
(documentation "Run the Guix daemon.")
(provision '(guix-daemon))
(requirement `(user-processes
+ guix-ownership
,@(if discover? '(avahi-daemon) '())))
(actions (list shepherd-set-http-proxy-action
shepherd-discover-action))
@@ -2063,8 +2200,15 @@ (define (guix-shepherd-service config)
(or (getenv "discover") #$discover?))
(define daemon-command
- (cons* #$(file-append guix "/bin/guix-daemon")
- "--build-users-group" #$build-group
+ (cons* #$@(if privileged?
+ #~()
+ #~(#$(run-with-writable-store)
+ "guix-daemon" "guix-daemon"))
+
+ #$(file-append guix "/bin/guix-daemon")
+ #$@(if privileged?
+ #~("--build-users-group" #$build-group)
+ #~())
"--max-silent-time"
#$(number->string max-silent-time)
"--timeout" #$(number->string timeout)
@@ -2145,9 +2289,11 @@ (define (guix-shepherd-service config)
"/var/guix/daemon-socket/socket")
#:name "socket"
#:socket-owner
- (or #$socket-directory-user 0)
+ (or #$socket-directory-user
+ #$(if privileged? 0 "guix-daemon"))
#:socket-group
- (or #$socket-directory-group 0)
+ (or #$socket-directory-group
+ #$(if privileged? 0 "guix-daemon"))
#:socket-directory-permissions
#$socket-directory-permissions)))
((make-systemd-constructor daemon-command
@@ -2162,15 +2308,31 @@ (define (guix-shepherd-service config)
(define (guix-accounts config)
"Return the user accounts and user groups for CONFIG."
- (cons (user-group
- (name (guix-configuration-build-group config))
- (system? #t)
+ `(,@(if (guix-configuration-privileged? config)
+ '()
+ (list (user-group (name "guix-daemon") (system? #t))
+ (user-account
+ (name "guix-daemon")
+ (group "guix-daemon")
+ (system? #t)
+ (supplementary-groups '("kvm"))
+ (comment "Guix Daemon User")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin")))))
- ;; Use a fixed GID so that we can create the store with the right
- ;; owner.
- (id 30000))
- (guix-build-accounts (guix-configuration-build-accounts config)
- #:group (guix-configuration-build-group config))))
+ ;; When reconfiguring from privileged to unprivileged, the running daemon
+ ;; (privileged) relies on the availability of the build accounts and build
+ ;; group until 'guix system reconfigure' has completed. The simplest way
+ ;; to meet this requirement is to create these accounts unconditionally so
+ ;; they are not removed in the middle of the 'reconfigure' process.
+ ,(user-group
+ (name (guix-configuration-build-group config))
+ (system? #t)
+
+ ;; Use a fixed GID so that we can create the store with the right owner.
+ (id 30000))
+ ,@(guix-build-accounts (guix-configuration-build-accounts config)
+ #:group (guix-configuration-build-group config))))
(define (guix-activation config)
"Return the activation gexp for CONFIG."
@@ -2228,7 +2390,7 @@ (define guix-service-type
(service-type
(name 'guix)
(extensions
- (list (service-extension shepherd-root-service-type guix-shepherd-service)
+ (list (service-extension shepherd-root-service-type guix-shepherd-services)
(service-extension account-service-type guix-accounts)
(service-extension activation-service-type guix-activation)
(service-extension profile-service-type
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 83e047f7e6..12d4e70ee5 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016-2020, 2022, 2024 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2016-2020, 2022, 2024-2025 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2018 Clément Lassieur <clement@HIDDEN>
;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@HIDDEN>
;;; Copyright © 2022 Marius Bakke <marius@HIDDEN>
@@ -63,7 +63,8 @@ (define-module (gnu tests base)
%hello-dependencies-manifest
guix-daemon-test-cases
- %test-guix-daemon))
+ %test-guix-daemon
+ %test-guix-daemon-unprivileged))
(define %simple-os
(simple-operating-system))
@@ -1121,7 +1122,7 @@ (define (guix-daemon-test-cases marionette)
(system-error-errno args)))
#$marionette))))
-(define (run-guix-daemon-test os)
+(define (run-guix-daemon-test os name)
(define test-image
(image (operating-system os)
(format 'compressed-qcow2)
@@ -1161,6 +1162,12 @@ (define (run-guix-daemon-test os)
;; Wait for 'guix-daemon' to be up.
(marionette-eval '(begin
(use-modules (gnu services herd))
+ (start-service 'guix-daemon)
+
+ ;; XXX: Do it a second time to work around
+ ;; <https://issues.guix.gnu.org/77274> and its
+ ;; effect on the 'guix-ownership' service.
+ ;; TODO: Remove when Shepherd 1.0.4 is out.
(start-service 'guix-daemon))
marionette))
@@ -1168,7 +1175,7 @@ (define (run-guix-daemon-test os)
(test-end))))
- (gexp->derivation "guix-daemon-test" test))
+ (gexp->derivation name test))
(define %test-guix-daemon
(system-test
@@ -1190,4 +1197,34 @@ (define %test-guix-daemon
%base-user-accounts)))
#:imported-modules '((gnu services herd)
(guix combinators)))))
- (run-guix-daemon-test os)))))
+ (run-guix-daemon-test os "guix-daemon-test")))))
+
+(define %test-guix-daemon-unprivileged
+ (system-test
+ (name "guix-daemon-unprivileged")
+ (description
+ "Test 'guix-daemon' behavior on a multi-user system, where 'guix-daemon'
+runs unprivileged.")
+ (value
+ (let ((os (marionette-operating-system
+ (let ((base (operating-system-with-gc-roots
+ %daemon-os
+ (list (profile
+ (name "hello-build-dependencies")
+ (content %hello-dependencies-manifest))))))
+ (operating-system
+ (inherit base)
+ (kernel-arguments '("console=ttyS0"))
+ (users (cons (user-account
+ (name "user")
+ (group "users"))
+ %base-user-accounts))
+ (services
+ (modify-services (operating-system-user-services base)
+ (guix-service-type
+ config => (guix-configuration
+ (inherit config)
+ (privileged? #f)))))))
+ #:imported-modules '((gnu services herd)
+ (guix combinators)))))
+ (run-guix-daemon-test os "guix-daemon-unprivileged-test")))))
--
2.49.0
ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 18 Apr 2025 19:48:03 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 15:48:03 2025
Received: from localhost ([127.0.0.1]:52960 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5rgu-0008L3-7z
for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:48:02 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:47006)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5rgG-0008DM-V7
for 77288 <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:25 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5rgB-0000WN-4A; Fri, 18 Apr 2025 15:47:15 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=uqhskkxjhB5Voan1hxxqmujqtPVm+PfXXeOsApJpOiA=; b=hV7Ay3QjTn8cekmSnYDU
qY3VMuKV19rFWxvGKxbAvZdLRLFgTApzcAu43CavhygocaO2rvMHLkrnN+iqopRlMyQP6Pyi/qFk0
EYesMxzgYrpaMil4eSAkBeL7BIZI8lMpRBmbjWrMYLyuGn5G0nKVaOBnBgiW+XiEj8mx8YVKIt8I8
rMciA9sXpucmxRKdpxoRzV5HS6z43E13hPOefVotu01NSbYZqq9QOi+Rq46Bl/NLrGHaOtLBfv62+
O3HPS+ISvEjAFy2GheYwN4Ou5vWmdvIyCQ5j94QhO+cjHP0EDFDDUh0iMrG7hfWGUxr8AdPRPaj4A
auZgthm+kADGDw==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v3 8/8] DRAFT news: Add entry about unprivileged guix-daemon
on Guix System.
Date: Fri, 18 Apr 2025 21:46:53 +0200
Message-ID: <7d2a308296fb34cd6721db06f83922311eacb2d1.1745005408.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1745005408.git.ludo@HIDDEN>
References: <cover.1745005408.git.ludo@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Florian Pelz <pelzflorian@HIDDEN>,
Julien Lepiller <julien@HIDDEN>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>,
Florian Pelz <pelzflorian@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
DRAFT: Temporary commit.
* etc/news.scm: Add it.
Change-Id: I28eae7f7b4305225b13281b99458cbedda3c3b94
Co-authored-by: Florian Pelz <pelzflorian@HIDDEN>
---
etc/news.scm | 88 ++++++++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 88 insertions(+)
diff --git a/etc/news.scm b/etc/news.scm
index 4b3da44540..fcac283636 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -37,6 +37,94 @@
(channel-news
(version 0)
+ (entry (commit "XXX")
+ (title
+ (en "Guix System can run @command{guix-daemon} without root
+privileges")
+ (de "Guix System kann @command{guix-daemon} ohne root-Berechtigungen
+ausführen")
+ (fr "Guix System peut faire tourner @command{guix-daemon} sans
+privilèges"))
+ (body
+ (en "On Guix System, @code{guix-service-type} can now be configured
+to run the build daemon, @command{guix-daemon}, without root privileges. In
+that configuration, the daemon runs with the authority of the
+@code{guix-daemon} user, which we think can reduce the impact of some classes
+of vulnerabilities that could affect it.
+
+For now, this is opt-in: you have to change @code{guix-configuration} to set
+the @code{privileged?} field to @code{#f}. When you do this, all the files in
+@file{/gnu/store}, @file{/var/guix}, etc. will have their ownership changed to
+the @code{guix-daemon} user (instead of @code{root}); this can take a while,
+especially if the store is big. To learn more about it, run:
+
+@example
+info guix --index-search=guix-service-type
+@end example
+
+Running @command{guix-daemon} without root privileges will likely become the
+default in the future.
+
+Users of Guix on other distributions can find information on how to migrate in
+the manual:
+
+@example
+info guix --index-search=migration
+@end example")
+ (de "Auf Guix System kann @code{guix-service-type} jetzt so
+konfiguriert werden, dass der Erstellungs-Daemon @command{guix-daemon} ohne
+root-Berechtigungen ausgeführt wird. In dieser Konfiguration läuft der Daemon
+mit den Berechtigungen des Benutzers @code{guix-daemon}, wovon wir glauben,
+dass es die Auswirkungen mancher Schwachstellen-Kategorien verringert, die ihn
+betreffen könnten.
+
+Fürs Erste bleibt es Ihnen überlassen: Sie müssen @code{guix-configuration}
+anpassen und dort das Feld @code{privileged?} auf @code{#f} setzen. Wenn Sie
+das tun, wird der Besitzer aller Dateien in @file{/gnu/store},
+@file{/var/guix}, usw. auf den Benutzer @code{guix-daemon} geändert (anstelle
+von @code{root}); das kann eine Weile dauern, besonders wenn der Store groß
+ist. Um mehr zu erfahren, führen Sie aus:
+
+@example
+info guix --index-search=guix-service-type
+@end example
+
+Schließlich wird das Ausführen von @command{guix-daemon} ohne
+root-Berechtigungen wahrscheinlich die Vorgabe.
+
+Wer Guix auf anderen Distributionen benutzt, kann sich mit dem Handbuch
+informieren, wie man umsteigt:
+
+@example
+info guix --index-search=migration
+@end example")
+ (fr "Sur Guix System, @code{guix-service-type} peut maintenant être
+configuré pour faire tourner le démon de compilation, @command{guix-daemon},
+sans privilèges ``root''. Dans cette configuration, le démon s'exécute avec
+l'autorité du compte @code{guix-daemon}, ce qui selon nous réduit l'impact de
+certaines classes de vulnérabilités qui pourraient l'affecter.
+
+Pour le moment, c'est à activer explicitement : il faut changer
+@code{guix-configuration} pour mettre le champ @code{privileged?} à @code{#f}.
+Tous les fichiers de @file{/gnu/store}, @file{/var/guix}, etc. voient alors
+leur propriétaire changé pour @code{guix-daemon} (au lieu de @code{root}) ;
+cette opération peut prendre un moment, particulièrement si le dépôt est gros.
+Pour en savoir plus, lancer :
+
+@example
+info guix --index-search=guix-service-type
+@end example
+
+L'exécution de @command{guix-daemon} sans privilèges se fera probablement par
+défaut à l'avenir.
+
+Pour l'utilisation de Guix sur d'autres distributions, des informations sur
+comment migrer se trouver dans le manuel :
+
+@example
+info guix --index-search=migration
+@end example")))
+
(entry (commit "0e51c6547ffdaf91777f7383da4a52a1a07b7286")
(title
(en "Incompatible upgrade of the Syncthing service"))
--
2.49.0
pelzflorian@HIDDEN, julien@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 18 Apr 2025 19:48:00 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 15:48:00 2025
Received: from localhost ([127.0.0.1]:52958 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5rgq-0008KG-7j
for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:48:00 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34326)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5rg9-0008Bu-B8
for 77288 <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:15 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5rg3-0000Ux-Tw; Fri, 18 Apr 2025 15:47:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=gexwjnZR4fw9UYYQljS6pnzdSTm4OAUOYgKKkKiyua8=; b=r9l0PFKz5FRSqmMGB36u
lAxjjUHaK3GcN1oUwGTBpNmAEpFike2DDe//pWx0THq9FP9Jy7GmEoi54E+LoAJHrSgJ0215Ti8gy
ZqKFvR7nFzjqD/b6V3su9zbzXLccS603tihcWFNT355v9fudkFbVGuFYRz4kBVjuksd0zSfdP/LnG
ulAeb/7rFXRlMcQz0VRvD5aANIZPX8IPLn63gbr82nDocUdqZTAr6+uhiPDbD2NOwQVehWx6XF2DK
MisQRc/T2zSPjDTQudw6/YsoWcsmXVGRJ4CeRr24l/P0Y0QEiZMILlFBGNxK56McsN1mNqiUPZ2n7
569BMa0p1YWUuA==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v3 2/8] doc: Document migration to the unprivileged daemon.
Date: Fri, 18 Apr 2025 21:46:47 +0200
Message-ID: <e551a3a7145f24c44e2c764c78930722f32798b3.1745005408.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1745005408.git.ludo@HIDDEN>
References: <cover.1745005408.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* doc/guix.texi (Build Environment Setup): Add “Migrating to the
Unprivileged Daemon” section.
(Upgrading Guix): Link to it.
Change-Id: I2bac3f4419d85b7c718c6c4a3908387b4f6ee582
---
doc/guix.texi | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 67 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 070528667f..377cb65326 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1026,13 +1026,75 @@ Build Environment Setup
In this configuration, @file{/gnu/store} is owned by the
@code{guix-daemon} user.
+@anchor{unprivileged-daemon-migration}
+@unnumberedsubsubsec Migrating to the Unprivileged Daemon
+
+@cindex unprivileged daemon, migration
+@cindex rootless daemon, migration
+To switch an existing installation to the unprivileged execution mode, a
+number of steps must be taken: creating a new dedicated
+@code{guix-daemon} user account, changing ownership of the relevant
+files to @code{guix-daemon}, and ensuring that the @command{guix-daemon}
+program runs as @code{guix-daemon}.
+
+@quotation Warning
+Follow the instructions below only after making sure you have a recent
+version of @command{guix-daemon} with support for unprivileged
+execution.
+@end quotation
+
+File ownership can be changed, after stopping the daemon, by running the
+following commands as root (the @command{chown} can take a while if
+there are many files in @file{/gnu/store}):
+
+@example
+groupadd --system guix-daemon
+useradd -g guix-daemon -G guix-daemon,kvm \
+ -d /var/empty -s $(which nologin) \
+ -c "Guix daemon privilege separation user" \
+ --system guix-daemon
+
+chown -R guix-daemon:guix-daemon \
+ /gnu \
+ /var/guix/@{daemon-socket,db,discover@} \
+ /var/guix/@{gcroots,offload,substitute,temproots@} \
+ /var/log/guix \
+ /etc/guix
+@end example
+
+If your system uses the systemd service manager, running the daemon as
+@code{guix-daemon} will be a matter of copying the relevant
+configuration files---make sure to review any changes you might have
+made in your own @file{.service} files before overwriting them:
+
+@example
+cp /var/guix/profiles/per-user/root/current-guix/lib/systemd/system/*.service \
+ /etc/systemd/system
+systemctl daemon-reload
+systemctl start guix-daemon
+@end example
+
+@quotation Warning
+The commands above assume that @command{guix pull} was run for the root
+user. You can check whether this is the case by running this command:
+
+@example
+grep User=guix-daemon \
+ /var/guix/profiles/per-user/root/current-guix/lib/systemd/system/guix-daemon.service
+@end example
+
+If that command does not show the @code{User=guix-daemon} line, then run
+@command{guix pull} as the root user.
+@end quotation
+
@unnumberedsubsubsec The Isolated Build Environment
@cindex chroot
@cindex build environment isolation
@cindex isolated build environment
@cindex hermetic build environment
-In both cases, the daemon starts build processes without privileges in
+In both cases, privileged and unprivileged,
+the daemon starts build processes without privileges in
an @emph{isolated} or @emph{hermetic} build environment---a ``chroot''.
On GNU/Linux, by default, the build environment contains nothing but:
@@ -2035,6 +2097,10 @@ Upgrading Guix
On Guix System, upgrading the daemon is achieved by reconfiguring the
system (@pxref{Invoking guix system, @code{guix system reconfigure}}).
+To migrate an existing installation to the @emph{unprivileged daemon}
+where @command{guix-daemon} does not run as root,
+@pxref{unprivileged-daemon-migration}.
+
@c TODO What else?
@c *********************************************************************
--
2.49.0
ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 18 Apr 2025 19:47:54 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 15:47:54 2025
Received: from localhost ([127.0.0.1]:52956 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5rgn-0008Jc-Mj
for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:54 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:46978)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5rgD-0008Ce-Gk
for 77288 <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:21 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5rg8-0000Vq-0p; Fri, 18 Apr 2025 15:47:12 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=gKI5dMXI0sDlCCCNGZpFka8Qpc+H6GgunfDTs5URY5s=; b=ECgGffhubijqIW7jXMgh
etoYB6bwZ9g9iZOLNxcSsTPgRyde8ZW5aVsYEu+HnlxONagQblfBGVoVv/piK2/pqXl7uLl9BdfH2
Iksh1novIkjODauan+WqEsX2TTmxDcVdKGkIbLPWF5d9+ZEBeWmaPbL9aI4l5BrbjPNNhQSB9Vmtq
yDaNNRy7biSjDtlg8Ab4ZP22dzuUCagh5bexDvBFTXRcMqdnR5I1FQPMu4udpHIFF7FKIg7zJDrOm
yGOuztM3IDNrgye5X1c42MIphfxJ4FD5ZTBa7rQPPxxR0ORcnI+1rVb7r4d9KlYMrRoch9p33ZC0A
FBxsAk1VUm4TyA==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v3 6/8] =?UTF-8?q?tests:=20guix-daemon:=20Wait=20for=20the?=
=?UTF-8?q?=20=E2=80=98guix-daemon=E2=80=99=20service=20to=20be=20up.?=
Date: Fri, 18 Apr 2025 21:46:51 +0200
Message-ID: <17014000023c59ff457c3f88ccbede408290c495.1745005408.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1745005408.git.ludo@HIDDEN>
References: <cover.1745005408.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* gnu/tests/base.scm (run-guix-daemon-test): Add “guix-daemon service is
up” test.
Change-Id: I4d44a1248599fec45c854c285d4da201c30eb00c
---
gnu/tests/base.scm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 0f7fb543a7..83e047f7e6 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -1157,6 +1157,13 @@ (define (run-guix-daemon-test os)
(test-runner-current (system-test-runner #$output))
(test-begin "guix-daemon")
+ (test-assert "guix-service is running"
+ ;; Wait for 'guix-daemon' to be up.
+ (marionette-eval '(begin
+ (use-modules (gnu services herd))
+ (start-service 'guix-daemon))
+ marionette))
+
#$(guix-daemon-test-cases #~marionette)
(test-end))))
--
2.49.0
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 18 Apr 2025 19:47:49 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 15:47:48 2025
Received: from localhost ([127.0.0.1]:52954 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5rgg-0008Ih-8F
for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:48 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:46976)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5rgC-0008CY-PS
for 77288 <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:19 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5rg7-0000Vd-1w; Fri, 18 Apr 2025 15:47:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=xCCzckKP82CnyuCIo9fuJVhLYLiOCYeDm9GnRHKF0VY=; b=n5tyELHl/YBgL/5LNL37
mK1EC1yTRbHATgFLBZuZnzjclH4q43PMDNsvyV+9pz6t1thMFsSy65YLfUyGopPTx4bmCMs4iP+/i
g4qne6mq74McdApPOWMRIAkmt3F8USKo+/Gv+GWYxrOkojfysgF+LQxKAdIoBStA+LLyGrtaeH897
vgHnawgD8laWkGaqAEo6ZKlJ5gs94l6Aylt1QSF/xoJUI9eTLLemGqg5GF7eqmp5jiwpWS3/JFovR
JChobBDNwp6zenXp70mJ70LzR6w0IDGbqOm1s59ghrOhM/cdOJYmXBdmQvJqrIjI3PkKlj49IOwXd
SeN3z5haRW3ykg==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v3 5/8] tests: guix-daemon: Send system log output to
/dev/console.
Date: Fri, 18 Apr 2025 21:46:50 +0200
Message-ID: <e087d07cb10f0cd85bad08f725ee014012e35a52.1745005408.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1745005408.git.ludo@HIDDEN>
References: <cover.1745005408.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* gnu/tests/base.scm (%daemon-os): New variable.
(%test-guix-daemon): Use it.
Change-Id: Iea31808cc59e94971ea4cbc12d565c94348bf7a4
---
gnu/tests/base.scm | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index a7f8a5bf7c..0f7fb543a7 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -994,6 +994,10 @@ (define %test-activation
;;; Build daemon.
;;;
+(define %daemon-os
+ (operating-system-with-console-syslog
+ (simple-operating-system)))
+
(define (manifest-entry-without-grafts entry)
"Return ENTRY with grafts disabled on its contents."
(manifest-entry
@@ -1168,7 +1172,7 @@ (define %test-guix-daemon
(let ((os (marionette-operating-system
(operating-system
(inherit (operating-system-with-gc-roots
- %simple-os
+ %daemon-os
(list (profile
(name "hello-build-dependencies")
(content %hello-dependencies-manifest)))))
--
2.49.0
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 18 Apr 2025 19:47:47 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 15:47:46 2025
Received: from localhost ([127.0.0.1]:52952 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5rgd-0008I1-D4
for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:46 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:46974)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5rgB-0008CJ-ES
for 77288 <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:19 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5rg6-0000VL-2V; Fri, 18 Apr 2025 15:47:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=CJ/L9kunERGnh6KdCeg3IMWjSzFeEbgPhD2pk3HBqVQ=; b=fPm31IDjig2EOOelQywL
Fi1M2JtGn5QUmix0MAwIcll7Fn0Kry2haQvf2juwlinuU8UTAGGhmseqpa1wrwsyU26X7RRDNdXou
jqRNVCg9gKf4DsToszed+MXXtUaqxqCZpD7VgN93Yld2DRK74KVNlI37w3hquoU861GQogCsLIiL4
CqJfFql9UDqDp6Lh4FzEmP1P8d/GIwgtQogdlu8IrhJgnKrPXSAG1M2hlj1rfxnYuURNfXxQmAXY4
o/JCFp95ejbY53vkffmGoXDlX/O3bK/SDXWNNVYN9G1qm6IBhgGvmH0KUAl09ZrqP0VEzADbmN6Yd
dIDtzQWMqzkO8w==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v3 4/8] services: account: Create
/var/guix/profiles/per-user/$USER.
Date: Fri, 18 Apr 2025 21:46:49 +0200
Message-ID: <eb74f46127be564ca04f27a96a386297cf0c8229.1745005408.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1745005408.git.ludo@HIDDEN>
References: <cover.1745005408.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* gnu/system/shadow.scm (account-shepherd-service): Create
/var/guix/profiles/per-user/$USER in ‘user-homes’ service.
Change-Id: I22e66e8a34d63686df9bae64c68df65c8889e72a
---
gnu/system/shadow.scm | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index b68a818871..d0f1b6b2b1 100644
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013-2020, 2022, 2023 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2013-2020, 2022-2023, 2025 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2016 Alex Griffin <a@HIDDEN>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@HIDDEN>
;;; Copyright © 2020, 2023 Efraim Flashner <efraim@HIDDEN>
@@ -460,6 +460,12 @@ (define (account-shepherd-service accounts+groups)
(define accounts
(filter user-account? accounts+groups))
+ (define regular-account-names
+ (filter-map (lambda (account)
+ (and (not (user-account-system? account))
+ (user-account-name account)))
+ accounts))
+
;; Create home directories only once 'file-systems' is up. This makes sure
;; they are created in the right place if /home lives on a separate
;; partition.
@@ -480,6 +486,17 @@ (define (account-shepherd-service accounts+groups)
(activate-user-home
(map sexp->user-account
(list #$@(map user-account->gexp accounts))))
+
+ ;; Create the user's profile directory upfront:
+ ;; guix-daemon lacks permissions to create it when it is
+ ;; running as an unprivileged user.
+ (for-each (lambda (account)
+ (let ((profile (in-vicinity
+ "/var/guix/profiles/per-user"
+ account))
+ (owner (getpwnam account)))
+ (mkdir-p/perms profile owner #o755)))
+ '#$regular-account-names)
#t))) ;success
(documentation "Create user home directories."))))
--
2.49.0
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 18 Apr 2025 19:47:44 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 15:47:43 2025
Received: from localhost ([127.0.0.1]:52950 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5rgb-0008Hc-S9
for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:43 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34340)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5rgA-0008CC-TZ
for 77288 <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:16 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5rg5-0000V6-3Y; Fri, 18 Apr 2025 15:47:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=pX3LSffILOqR/UkDvibjIkTZohWxhjxg21izy7L/1yo=; b=hE0tvDXgs28XNY4fKuTo
6ESy7k12YbTuqgU0DTd2Wb3v+rQ1ZiKpWZqZ5EWcKFQCJc4+VC9Z8WUZ1y0suAw+CZxJRKvjALwJi
yTjimKKb4igvbnc793MTmDvGtPwCmT1jLKhE3GEnBFIjW+CoBcm86hjOHPv4imAhsTmjOWJyqXBkR
Cn9fRWBvTEwcA8R1hse5Cine3vnUl1p3TFBt6XzqW17PLog8YVtNBfkCJmAjSbqDp3mpv9Jg3eEck
sWbo5umYzG11CXt7qygJA1tLQAZKvuoPG5RD+XQS6XUG17eE/WYVlrbgwZb6d5G8AXpj01qbHuHRg
yY4jGuFCLpWLHQ==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v3 3/8] =?UTF-8?q?syscalls:=20Add=20=E2=80=98unshare?=
=?UTF-8?q?=E2=80=99.?=
Date: Fri, 18 Apr 2025 21:46:48 +0200
Message-ID: <35ccba134d61d8b0d98383d3978fe7984c4d63c5.1745005408.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1745005408.git.ludo@HIDDEN>
References: <cover.1745005408.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* guix/build/syscalls.scm (unshare): New procedure.
Change-Id: I344273b8bdeaa9366334e6e20ee7efc37eb6c8f7
---
guix/build/syscalls.scm | 18 ++++++++++++++++++
tests/syscalls.scm | 9 +++++++++
2 files changed, 27 insertions(+)
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 42232fc7f1..cf09cae3a4 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -145,6 +145,7 @@ (define-module (guix build syscalls)
CLONE_NEWPID
CLONE_NEWNET
clone
+ unshare
setns
kexec-load-file
@@ -1213,6 +1214,23 @@ (define clone
(list err))
ret)))))
+(define unshare
+ (let ((proc (syscall->procedure int "unshare" (list int))))
+ (lambda (flags)
+ "Disassociate the current process from parts of its execution context
+according to FLAGS, which must be a logical or of CLONE_NEW* constants.
+
+Note that CLONE_NEWUSER requires that the calling process be single-threaded,
+which is possible if and only if libgc is running a single marker thread; this
+can be achieved by setting the GC_MARKERS environment variable to 1. If the
+calling process is multi-threaded, this throws to 'system-error' with EINVAL."
+ (let-values (((ret err)
+ (without-automatic-finalization (proc flags))))
+ (unless (zero? ret)
+ (throw 'system-error "unshare" "~a: ~A"
+ (list flags (strerror err))
+ (list err)))))))
+
(define setns
;; Some systems may be using an old (pre-2.14) version of glibc where there
;; is no 'setns' function available.
diff --git a/tests/syscalls.scm b/tests/syscalls.scm
index d2848879d7..879c3e4f25 100644
--- a/tests/syscalls.scm
+++ b/tests/syscalls.scm
@@ -149,6 +149,15 @@ (define perform-container-tests?
((_ . status)
(= 42 (status:exit-val status))))))))
+(test-equal "unshare"
+ EPERM
+ ;; Unless running as root, (unshare CLONE_NEWNS) returns EPERM.
+ (catch 'system-error
+ (lambda ()
+ (unshare CLONE_NEWNS))
+ (lambda args
+ (system-error-errno args))))
+
(unless perform-container-tests?
(test-skip 1))
(test-assert "setns"
--
2.49.0
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 18 Apr 2025 19:47:24 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 15:47:23 2025
Received: from localhost ([127.0.0.1]:52946 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5rgG-0008ES-Pz
for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:23 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34312)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5rg7-0008BR-7t
for 77288 <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:13 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5rg1-0000UY-Ll; Fri, 18 Apr 2025 15:47:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
references; bh=Xx+Z3UQoiYXaCWyqVFW72rfYcio1d+gx0frloKfaptQ=; b=I1Zd7ddpgTFdSq
vR74BoFRImXcYFxz0rAlUwLz47YF+vzLzqjG5MGRZUUxdjqgGaD1kfKBB7jhBI0pXo+xYUAYuKcPM
kvbrFGLGUhmDSd8sfjvbUPhoDifvrOI4dFjY3QMEvx7RyV0TRdBF57vloMurgJvnJd/mJrflpeFyr
t+6tXLLVLcTa7SR3vYLaD+kf/U5TCPHFzHWbO7zbgCzUz/Mag+UlykP1ceM4n0tMrlZPGDL95Fa0K
r2ztIWtlscM5MlsTJFH3hNm5q8Dsbp+J8g9yXj6X0rWZ4uv/GZ21huZ7KGsTsqTsh+K3aLLqBBqOK
y7Bi8QM113EBnjmkm9aQ==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v3 0/8] Rootless guix-daemon on Guix System
Date: Fri, 18 Apr 2025 21:46:45 +0200
Message-ID: <cover.1745005408.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Florian Pelz <pelzflorian@HIDDEN>,
Julien Lepiller <julien@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Changes since v2:
• ‘guix-service-type’ produces the “guixbuild” group and the
build user accounts whether or not ‘privileged?’ is true so
that ‘guix system reconfigure’ can run to completion during
the privileged-to-unprivileged migration.
• News entry includes German translation (by Florian) and
French translation.
Ludo’.
Ludovic Courtès (8):
self: Install systemd ‘.service’ files.
doc: Document migration to the unprivileged daemon.
syscalls: Add ‘unshare’.
services: account: Create /var/guix/profiles/per-user/$USER.
tests: guix-daemon: Send system log output to /dev/console.
tests: guix-daemon: Wait for the ‘guix-daemon’ service to be up.
services: guix: Allow ‘guix-daemon’ to run without root privileges.
DRAFT news: Add entry about unprivileged guix-daemon on Guix System.
doc/guix.texi | 106 +++++++++++++++++++++-
etc/news.scm | 88 ++++++++++++++++++
gnu/services/base.scm | 192 ++++++++++++++++++++++++++++++++++++----
gnu/system/shadow.scm | 19 +++-
gnu/tests/base.scm | 60 +++++++++++--
guix/build/syscalls.scm | 18 ++++
guix/self.scm | 42 ++++++---
tests/syscalls.scm | 9 ++
8 files changed, 501 insertions(+), 33 deletions(-)
base-commit: d14663b94a7428eccbfa27aa620dc3d8ba67d752
--
2.49.0
pelzflorian@HIDDEN, julien@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 18 Apr 2025 19:47:21 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 15:47:20 2025
Received: from localhost ([127.0.0.1]:52938 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5rgC-0008DV-C7
for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:20 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:34322)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5rg7-0008Bc-Sj
for 77288 <at> debbugs.gnu.org; Fri, 18 Apr 2025 15:47:13 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5rg2-0000Un-Gf; Fri, 18 Apr 2025 15:47:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=mtPCkcmWLIjQsjjBWKM0cyrevvUhhUSD9sywJ8G4WU4=; b=q5/2GReV7wLRqOHLcl/t
65q+xusSMuBcJuifewlX7Gy4bauDTZW5L4UqtNnSrZxr3zGe0EIEzfP0K7OEbVVh3RvZ/D04Q1e+O
35XaZkWrO27OKz41Ds94/N7bVqt5xzC4uYHI2p4kyt6Shv4gwHTlXB9jfxQplrUc8Qtsguw7iqZZR
XOn07GXh6LBmCbwbNDQePCLwtrVr138K6PJuqv8XL72RHc6zOhqZ2pHhK0/rUuWXqSDc+WPTIxUEo
KJ8QLpDOORHblXPJMi2CK0ZvaXx2JmjXgTNNAm54M38GjXc7fA0UJIYpeXM/T5dD52BErn/2ZqdBm
l2LoFzqhKW6DdA==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v3 1/8] =?UTF-8?q?self:=20Install=20systemd=20=E2=80=98.se?=
=?UTF-8?q?rvice=E2=80=99=20files.?=
Date: Fri, 18 Apr 2025 21:46:46 +0200
Message-ID: <f5c3502260ed44c753ce41f5607f8e81b91a5d25.1745005408.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1745005408.git.ludo@HIDDEN>
References: <cover.1745005408.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
This is consistent with the ‘guix’ package and will prove helpful when
people want to replace /etc/systemd/system/guix*.service with newer
versions thereof.
* guix/self.scm (parameterized-file): New procedure, based on…
(selinux-policy): … this. Use ‘parameterized-file’.
(systemd-file): New procedure.
(miscellaneous-files): Add systemd files.
Change-Id: Ia489a955347cf648a86000cc1265769d66c3f0e8
---
guix/self.scm | 42 ++++++++++++++++++++++++++++++++----------
1 file changed, 32 insertions(+), 10 deletions(-)
diff --git a/guix/self.scm b/guix/self.scm
index 28239d53f5..2a99765359 100644
--- a/guix/self.scm
+++ b/guix/self.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2017-2023 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2017-2023, 2025 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2020 Martin Becze <mjbecze@HIDDEN>
;;; Copyright © 2023 Janneke Nieuwenhuizen <janneke@HIDDEN>
;;; Copyright © 2024 gemmaro <gemmaro.dev@HIDDEN>
@@ -666,24 +666,40 @@ (define* (guix-command modules
;; Use a 'guile' variant that doesn't complain about locales.
#:guile (quiet-guile guile)))
-(define (selinux-policy source daemon)
- "Return the SELinux policy file taken from SOURCE and adjusted to refer to
-DAEMON and to the current configuration variables."
+(define (parameterized-file source daemon file name)
+ "Return FILE taken from SOURCE (typically a '.in' file) and adjusted to
+refer to DAEMON and to the current configuration variables."
(define build
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
- (copy-file #+(file-append* source "/etc/guix-daemon.cil.in")
- "guix-daemon.cil")
- (substitute* "guix-daemon.cil"
+ (fluid-set! %default-port-encoding "UTF-8")
+ (copy-file #+(file-append* source file) #$name)
+ (substitute* #$name
(("@guix_sysconfdir@") #$%sysconfdir)
(("@guix_localstatedir@") #$%localstatedir)
+ (("@localstatedir@") #$%localstatedir)
(("@storedir@") #$%storedir)
- (("@prefix@") #$daemon))
- (copy-file "guix-daemon.cil" #$output))))
+ (("@prefix@") #$daemon)
+ (("@GUIX_SUBSTITUTE_URLS@")
+ #$(string-join %default-substitute-urls)))
+ (copy-file #$name #$output))))
- (computed-file "guix-daemon.cil" build))
+ (computed-file name build))
+
+(define (selinux-policy source daemon)
+ "Return the SELinux policy file taken from SOURCE and adjusted to refer to
+DAEMON and to the current configuration variables."
+ (parameterized-file source daemon
+ "etc/guix-daemon.cil.in"
+ "guix-daemon.cil"))
+
+(define (systemd-file source daemon file)
+ "Return the given systemd file from SOURCE parameterized for DAEMON."
+ (parameterized-file source daemon
+ (string-append "etc/" file ".in")
+ file))
(define (miscellaneous-files source daemon)
"Return data files taken from SOURCE."
@@ -698,6 +714,12 @@ (define (miscellaneous-files source daemon)
,(file-append* source "/etc/completion/fish/guix.fish"))
("share/selinux/guix-daemon.cil"
,(selinux-policy source daemon))
+ ,@(map (lambda (file)
+ `(,(string-append "lib/systemd/system/" file)
+ ,(systemd-file source daemon file)))
+ '("guix-gc.service"
+ "guix-publish.service"
+ "guix-daemon.service"))
("share/guix/berlin.guix.gnu.org.pub"
,(file-append* source
"/etc/substitutes/berlin.guix.gnu.org.pub"))
--
2.49.0
guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.Received: (at 77288) by debbugs.gnu.org; 18 Apr 2025 17:05:22 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 13:05:21 2025 Received: from localhost ([127.0.0.1]:52725 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1u5p9R-0000fO-Rr for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 13:05:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39488) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5p9M-0000ZT-G5 for 77288 <at> debbugs.gnu.org; Fri, 18 Apr 2025 13:05:15 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1u5p9F-0005MT-1N; Fri, 18 Apr 2025 13:05:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=P20OmLxROR3NWAw/IJgw9TC2uEQYjcx91A395O9mFsY=; b=huzEBjlPztzxYrIheOSs cyl/IzZ/PNc6bcTOIFFRDeuQwjFOC22Egzwf7aD0fjB7ccb/yEdFIzUcPvUGkVGZ+S1mQV1IuUfI7 QJ7QAF9YKPLAITZG0CDog8+Reu9YmJEN++5bwvAmIgd2o8h+BKWhnznZyi5EfvsJogyC8IqBrLXxt aVV/CR1I/H2+vn2n3VPE1sdRKv/pHYo6E7XcKcpMVl5ZwbIVYbhAFR3YPEh14Fci+0Pk7+7mPNMWy MCXEeJF8x6yg27vZewCSKyr/wKSNjy/PSiU2q90bkAuCYjpXCVfvzGscps1y2rz1Sgj0n7x2WYKX4 nQAkaIZPRBDjQg==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN> Subject: Re: [bug#77288] [PATCH v2 8/8] DRAFT news: Add entry about unprivileged guix-daemon on Guix System. In-Reply-To: <87plh9egsd.fsf@HIDDEN> (pelzflorian@HIDDEN's message of "Fri, 18 Apr 2025 15:32:50 +0200") References: <cover.1744899444.git.ludo@HIDDEN> <fdf68baf11107aee8fa657f62a4d53caccbe5926.1744899444.git.ludo@HIDDEN> <87plh9egsd.fsf@HIDDEN> User-Agent: mu4e 1.12.9; emacs 29.4 X-URL: https://people.bordeaux.inria.fr/lcourtes/ X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu X-Revolutionary-Date: Nonidi 29 Germinal an 233 de la =?utf-8?Q?R=C3=A9vol?= =?utf-8?Q?ution=2C?= jour de la Myrtille Date: Fri, 18 Apr 2025 19:04:35 +0200 Message-ID: <87r01pjt98.fsf@HIDDEN> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77288 Cc: Julien Lepiller <julien@HIDDEN>, 77288 <at> debbugs.gnu.org X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hello Florian, "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN> writes: > I try on Guix System the (privileged? #f) and get an error > > florian@florianhp ~/src/guix$ sudo guix system reconfigure /etc/config.sc= m --allow-downgrades > guix system: error: the group `guixbuild' specified in `build-users-group= ' does not exist > > It may have been that there were messages before like > > > The following derivation will be built: > /gnu/store/w2bx5x6ms3drrcpyysc2jj5lzyjnxyf0-grub.cfg.drv > > I temporarily added guixbuild with groupadd, but > > substitute: looking for substitutes on 'https://substitutes.nonguix.org'.= .. 100.0% > substitute: looking for substitutes on 'https://bordeaux.guix.gnu.org'...= 100.0% > substitute: looking for substitutes on 'https://ci.guix.gnu.org'... 100.0% > The following derivations will be built: > /gnu/store/s2xpbc0qy7nkwfca3cjy15ccbinz3lis-provenance.drv > /gnu/store/sl57i03xygqc87q4853n6g3mmys066lm-system.drv > /gnu/store/awwrr72s7z43nvrfp74wgqihr5qsa272-grub.cfg.drv > > guix system: error: the group `guixbuild' specified in `build-users-group= ' does not exist That=E2=80=99s actually a message from guix-daemon (from =E2=80=98build.cc= =E2=80=99). Oh, I see where this is coming from: when running =E2=80=98guix system reconfigure=E2=80=99, the activation snippet creating accounts and groups immediately runs, thereby deleting =E2=80=98guixbuild=E2=80=99 and all the = build users. But at that point, we=E2=80=99re still running the privileged daemon. So w= hen attempting a derivation after that, like =E2=80=98provenance.drv=E2=80=99 a= bove, it errors out because the build group and accounts are gone. Problem is that this happens before the new generation has been added to =E2=80=98grub.cfg=E2=80=99. So if you reboot, you=E2=80=99ll reboot into t= he previous generation. The safest way to work around that is to keep those accounts/groups unconditionally. It=E2=80=99s less pleasant to the eye, but it doesn=E2=80= =99t hurt. I guess I=E2=80=99ll have to send v3! > Anyway. Could you add this German translation? Will do. Thanks for testing & for updating the translation! Ludo=E2=80=99.
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 18 Apr 2025 13:50:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Apr 18 09:50:25 2025
Received: from localhost ([127.0.0.1]:50716 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5m6l-0004kD-Rb
for submit <at> debbugs.gnu.org; Fri, 18 Apr 2025 09:50:24 -0400
Received: from relay.yourmailgateway.de ([46.38.247.119]:49045)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <pelzflorian@HIDDEN>)
id 1u5m6S-0004d2-Vj
for 77288 <at> debbugs.gnu.org; Fri, 18 Apr 2025 09:50:16 -0400
Received: from mors-relay-8404.netcup.net (localhost [127.0.0.1])
by mors-relay-8404.netcup.net (Postfix) with ESMTPS id 4ZfFzz2j3Jz84KT;
Fri, 18 Apr 2025 15:32:15 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pelzflorian.de;
s=key2; t=1744983135;
bh=OhcczWCr9fYvL8Yp4npTwvGF6Y+Niy0qpHz/hnll26c=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
b=KqTSuzhSI9oNPBJ2u/EcrqJPhb9NJ8hA2B+/to7IxJH3IMm09pKduovvXHtXq2t+N
m0oPj5KRcuRAT5dqwZrDCZltHSWezwLDYpVuJRtxhrHdBPQmmrvTYNA7tkd6SYHcfo
Y9nfgLA+aequkYxWK1HO/uSB+l5Bw7oKnF7S09n/1YJaMx97ivFdOKZeZP6pA/4xMp
OfDhWNTB4GmXRg7b4vwCA+WxkmvkQB0wbS1UebBbh1ft2sIamoHQXoU/bN9B/jUMyx
RNweZWVZUlPs80FhlDpc4nOrtzM01FyY7AQTGr2OFiO02ERNjaj2AqZUEQ9up4RNlW
FjnJBrOWORxvA==
Received: from policy01-mors.netcup.net (unknown [46.38.225.35])
by mors-relay-8404.netcup.net (Postfix) with ESMTPS id 4ZfFzz2KT9z4xwy;
Fri, 18 Apr 2025 15:32:15 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at policy01-mors.netcup.net
X-Spam-Flag: NO
X-Spam-Score: -2.897
X-Spam-Level:
X-Spam-Status: No, score=-2.897 required=6.31 tests=[ALL_TRUSTED=-1,
BAYES_00=-1.9, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001,
URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mxe217.netcup.net (unknown [10.243.12.53])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by policy01-mors.netcup.net (Postfix) with ESMTPS id 4ZfFzx4gTrz8tLN;
Fri, 18 Apr 2025 15:32:12 +0200 (CEST)
Received: from florianhp (ipb21a5dbf.dynamic.kabel-deutschland.de
[178.26.93.191])
by mxe217.netcup.net (Postfix) with ESMTPSA id BE58B851E9;
Fri, 18 Apr 2025 15:32:05 +0200 (CEST)
From: "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Subject: Re: [bug#77288] [PATCH v2 8/8] DRAFT news: Add entry about
unprivileged guix-daemon on Guix System.
In-Reply-To: <fdf68baf11107aee8fa657f62a4d53caccbe5926.1744899444.git.ludo@HIDDEN>
("Ludovic =?utf-8?Q?Court=C3=A8s=22's?= message of "Thu, 17 Apr 2025
16:21:43 +0200")
References: <cover.1744899444.git.ludo@HIDDEN>
<fdf68baf11107aee8fa657f62a4d53caccbe5926.1744899444.git.ludo@HIDDEN>
Date: Fri, 18 Apr 2025 15:32:50 +0200
Message-ID: <87plh9egsd.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Rspamd-Server: rspamd-worker-8404
X-Rspamd-Queue-Id: BE58B851E9
X-NC-CID: bA9s9qPowGAysc4VeN4UbzfaW8VjQiYoCZsX5IY8NFhib7kbTgtda7Uy
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77288
Cc: Julien Lepiller <julien@HIDDEN>, 77288 <at> debbugs.gnu.org
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Thank you Ludo for writing =E2=80=9CMigrating to the Unprivileged Daemon=E2=
=80=9D.
I have not tested on a foreign distro yet, though.
I try on Guix System the (privileged? #f) and get an error
florian@florianhp ~/src/guix$ sudo guix system reconfigure /etc/config.scm =
--allow-downgrades
guix system: error: the group `guixbuild' specified in `build-users-group' =
does not exist
It may have been that there were messages before like
The following derivation will be built:
/gnu/store/w2bx5x6ms3drrcpyysc2jj5lzyjnxyf0-grub.cfg.drv
I temporarily added guixbuild with groupadd, but
substitute: looking for substitutes on 'https://substitutes.nonguix.org'...=
100.0%
substitute: looking for substitutes on 'https://bordeaux.guix.gnu.org'... 1=
00.0%
substitute: looking for substitutes on 'https://ci.guix.gnu.org'... 100.0%
The following derivations will be built:
/gnu/store/s2xpbc0qy7nkwfca3cjy15ccbinz3lis-provenance.drv
/gnu/store/sl57i03xygqc87q4853n6g3mmys066lm-system.drv
/gnu/store/awwrr72s7z43nvrfp74wgqihr5qsa272-grub.cfg.drv
guix system: error: the group `guixbuild' specified in `build-users-group' =
does not exist
So the old daemon is still running and needs to build derivations, but its=
=20
build-group is already gone? I roll back for now.
Anyway. Could you add this German translation?
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline; filename=german-news-rootless.scm
Content-Transfer-Encoding: quoted-printable
(entry (commit "XXX")
(title
(en "Guix System can run @command{guix-daemon} without root
privileges")
(de "Guix System kann @command{guix-daemon} ohne root-Berechtigung=
en
ausf=C3=BChren"))
(body
(en "On Guix System, @code{guix-service-type} can now be configured
to run the build daemon, @command{guix-daemon}, without root privileges. In
that configuration, the daemon runs with the authority of the
@code{guix-daemon} user, which we think can reduce the impact of some class=
es
of vulnerabilities that could affect it.
For now, this is opt-in: you have to change @code{guix-configuration} to set
the @code{privileged?} field to @code{#f}. When you do this, all the files=
in
@file{/gnu/store}, @file{/var/guix}, etc. will have their ownership changed=
to
the @code{guix-daemon} user (instead of @code{root}); this can take a while,
especially if the store is big. To learn more about it, run:
@example
info guix --index-search=3Dguix-service-type
@end example
Running @command{guix-daemon} without root privileges will likely become the
default in the future.
Users of Guix on other distributions can find information on how to migrate=
in
the manual:
@example
info guix --index-search=3Dmigration
@end example")
(de "Auf Guix System kann @code{guix-service-type} jetzt so
konfiguriert werden, dass der Erstellungs-Daemon @command{guix-daemon} ohne
root-Berechtigungen ausgef=C3=BChrt wird. In dieser Konfiguration l=C3=A4u=
ft der Daemon
mit den Berechtigungen des Benutzers @code{guix-daemon}, wovon wir glauben,
dass es die Auswirkungen mancher Schwachstellen-Kategorien verringert, die =
ihn
betreffen k=C3=B6nnten.
F=C3=BCrs Erste bleibt es Ihnen =C3=BCberlassen: Sie m=C3=BCssen @code{guix=
-configuration}
anpassen und dort das Feld @code{privileged?} auf @code{#f} setzen. Wenn S=
ie
das tun, wird der Besitzer aller Dateien in @file{/gnu/store},
@file{/var/guix}, usw. auf den Benutzer @code{guix-daemon} ge=C3=A4ndert (a=
nstelle
von @code{root}); das kann eine Weile dauern, besonders wenn der Store gro=
=C3=9F
ist. Um mehr zu erfahren, f=C3=BChren Sie aus:
@example
info guix --index-search=3Dguix-service-type
@end example
Schlie=C3=9Flich wird das Ausf=C3=BChren von @command{guix-daemon} ohne
root-Berechtigungen wahrscheinlich die Vorgabe.
Wer Guix auf anderen Distributionen benutzt, kann sich mit dem Handbuch
informieren, wie man umsteigt:
@example
info guix --index-search=3Dmigration
@end example")))
--=-=-=
Content-Type: text/plain
Regards,
Florian
--=-=-=--
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.Received: (at 77288) by debbugs.gnu.org; 17 Apr 2025 14:25:01 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 17 10:25:01 2025 Received: from localhost ([127.0.0.1]:48041 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1u5QAm-00058V-Tt for submit <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:25:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:53616) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5QAh-00057O-MS for 77288 <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:24:56 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1u5QAZ-0001uO-10; Thu, 17 Apr 2025 10:24:48 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=yztDwgMUBO5mGz684rkEAM93AKPYd/QbH9OF0fCyn2I=; b=rTC02ycLPsDTGRiKd2IA aT4jTl5NIWCFqQnAgMuJ2N0tvBtLPFXcHy++o/N4tmwrcsUgZR6ddbpKn5WFTB/FOEGHJB3CT3lCX nWkJEOkUqPsn6TVbaRPV0UAPg+C0oMGHGfcIDinNVWXWV+xVD3KRgKm1GTbN4y5NO0VY8ZJfnk2MH Vp4BSu4vowaQW4ICUhzxFBfL6CBHUrpPRCbdQ3Vq0S9CON+Gw+9+dfKuMMW7pZciQqMI5VKtAkzja zUtck9znM/O7e7HKA2IL5UJqR28k8DIuxsrZQlDO4PY4zeIWStlEa/Wo1/IG5P2d/FMB+XcxPApmd L0idOyp2YG+rxw==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN> To: "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN> Subject: Re: [bug#77288] [PATCH 6/6] DRAFT news: Add entry about unprivileged guix-daemon on Guix System. In-Reply-To: <87cye1a9jx.fsf@HIDDEN> (pelzflorian@HIDDEN's message of "Fri, 28 Mar 2025 08:39:14 +0100") References: <cover.1743007256.git.ludo@HIDDEN> <2f0e31d6674693e0b785724283cd494dd11fa0f9.1743007256.git.ludo@HIDDEN> <874ize4n96.fsf@HIDDEN> <877c4aioep.fsf@HIDDEN> <87cye1a9jx.fsf@HIDDEN> Date: Thu, 17 Apr 2025 16:24:20 +0200 Message-ID: <87ikn23lyj.fsf@HIDDEN> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 77288 Cc: Julien Lepiller <julien@HIDDEN>, 77288 <at> debbugs.gnu.org, Reepca Russelstein <reepca@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -3.3 (---) Hi Florian, "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN> writes: >> This news item is specifically about Guix System (announced upfront), >> but I guess we can add a sentence toward the end. (Thing is, the >> situation will be simpler on foreign distros: we won=E2=80=99t support s= witching >> between privileged and unprivileged, so either you get one or the >> other.) >> > > Yes, please! That sentence in parentheses explains the situation, but > needs rewording for etc/news.scm of course. In the meantime some asked for instructions on how to migrate to the unprivileged daemon on foreign distros, so I documented it, but that led me to take a detour to ensure that =E2=80=98guix pull=E2=80=99 would instal= l systemd =E2=80=98.service=E2=80=99 files. This is all in v2, which I=E2=80=99ve just sent. Ludo=E2=80=99.
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 17 Apr 2025 14:22:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 17 10:22:33 2025
Received: from localhost ([127.0.0.1]:48007 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5Q8M-0004tG-Ta
for submit <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:33 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:43228)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5Q82-0004pb-PY
for 77288 <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:14 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5Q7x-0001UK-6t; Thu, 17 Apr 2025 10:22:05 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=j/j93npWd2BR74c6RzAdqutCiho7EGIw0BiV6YWsLBc=; b=nprmMLh1b2YE9o1sPLYh
+OdLidp5ejhTJnp3zy1r/y96JwCl8Li5L+J7kJ+QTQQJfZejxGKx/oR7egSMOFlip1EGyLL+KwMLA
8sxAoep8OM120l3+PC/PxvpTVaJ6pAT+KZPZvb9UTLrzTwjA0gb7eouv3iPLAPab/s98guhZB/DmE
NVI4z/+gem4+rmnNkia7/HVTtgJTSC5Y3sOmL4vmB8H7xj21RAdo+BlNUSjhTpI4S2gfmHKqNGjy2
VXyq+KN/gBC5rf4m+ZhLLS54lx6mHppjzA6EdNLwmcACdp9kVtJPfT0+HJYVWSI+zDOZrmmhD0RB6
RdZnQwQ7bOp2QQ==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v2 7/8] =?UTF-8?q?services:=20guix:=20Allow=20=E2=80=98gui?=
=?UTF-8?q?x-daemon=E2=80=99=20to=20run=20without=20root=20privileges.?=
Date: Thu, 17 Apr 2025 16:21:42 +0200
Message-ID: <950845dc7aa91c412d890d0fa6d905c82e5e3bf4.1744899444.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1744899444.git.ludo@HIDDEN>
References: <cover.1744899444.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* gnu/services/base.scm (run-with-writable-store)
(guix-ownership-change-program): New procedures.
(<guix-configuration>)[privileged?]: New field.
(guix-shepherd-service): Rename to…
(guix-shepherd-services): … this. Add the ‘guix-ownership’ service.
Change ‘guix-daemon’ service to depend on it; when unprivileged,
prefix ‘daemon-command’ by ‘run-with-writable-store’ and
omit ‘--build-users-group’; adjust socket activation endpoints.
(guix-accounts): When unprivileged, create the “guix-daemon” user and
group.
(guix-service-type)[extensions]: Adjust to name change.
* gnu/tests/base.scm (run-guix-daemon-test): Add ‘name’ parameter.
(%test-guix-daemon): Adjust accordingly.
(%test-guix-daemon-unprivileged): New test.
* doc/guix.texi (Base Services): Document ‘privileged?’.
(Migrating to the Unprivileged Daemon): Explain that this is automatic
on Guix System.
Change-Id: I28a9a22e617416c551dccb24e43a253b544ba163
---
doc/guix.texi | 38 +++++++++
gnu/services/base.scm | 187 ++++++++++++++++++++++++++++++++++++++----
gnu/tests/base.scm | 47 +++++++++--
3 files changed, 252 insertions(+), 20 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 377cb65326..8243bd0547 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1037,6 +1037,14 @@ Build Environment Setup
files to @code{guix-daemon}, and ensuring that the @command{guix-daemon}
program runs as @code{guix-daemon}.
+On Guix System, these steps are carried out automatically when you set
+the @code{privileged?} field of the @code{guix-configuration} record to
+@code{#f} and reconfigure (@pxref{guix-configuration-type,
+@code{guix-configuration}}).
+
+However, on a foreign distribution, the process is manual. The
+following paragraphs describe what you need to do.
+
@quotation Warning
Follow the instructions below only after making sure you have a recent
version of @command{guix-daemon} with support for unprivileged
@@ -20105,6 +20113,36 @@ Base Services
The Guix package to use. @xref{Customizing the System-Wide Guix} to
learn how to provide a package with a pre-configured set of channels.
+@cindex unprivileged @command{guix-daemon}
+@cindex rootless @command{guix-daemon}
+@item @code{privileged?} (default: @code{#t})
+Whether to run @command{guix-daemon} as root.
+
+When true, @command{guix-daemon} runs with root privileges and build
+processes run under unprivileged user accounts as specified by
+@code{build-group} and @code{build-accounts} (see below); when false,
+@command{guix-daemon} run as the @code{guix-daemon} user, which is
+unprivileged, and so do build processes. The unprivileged or
+``rootless'' mode can reduce the impact of some classes of
+vulnerabilities that could affect the daemon.
+
+The default is currently @code{#t} (@command{guix-daemon} runs with root
+privileges) but may eventually be changed to @code{#f}.
+
+@quotation Warning
+When changing this option, @file{/gnu/store}, @file{/var/guix}, and
+@file{/etc/guix} have their ownership automatically changed by the
+@code{guix-ownership} service to either the @code{guix-daemon} user or
+the @code{root} user (@pxref{unprivileged-daemon-migration}).
+
+This can take a while, especially if @file{/gnu/store} is big; it cannot
+be interrupted and @command{guix-daemon} cannot be used until it has
+completed.
+@end quotation
+
+@xref{Build Environment Setup}, for more information on the two ways to
+run @command{guix-daemon}.
+
@item @code{build-group} (default: @code{"guixbuild"})
Name of the group for build user accounts.
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 490376d446..c48874b0d9 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1918,6 +1918,100 @@ (define (guix-machines-files-installation machines)
#$machines))
machines-file))))
+(define (run-with-writable-store)
+ "Return a wrapper that runs the given command under the specified UID and
+GID in a context where the store is writable, even if it was bind-mounted
+read-only via %IMMUTABLE-STORE (this wrapper must run as root)."
+ (program-file "run-with-writable-store"
+ (with-imported-modules (source-module-closure
+ '((guix build syscalls)))
+ #~(begin
+ (use-modules (guix build syscalls)
+ (ice-9 match))
+
+ (define (ensure-writable-store store)
+ ;; Create a new mount namespace and remount STORE with
+ ;; write permissions if it's read-only.
+ (unshare CLONE_NEWNS)
+ (let ((fs (statfs store)))
+ (unless (zero? (logand (file-system-mount-flags fs)
+ ST_RDONLY))
+ (mount store store "none"
+ (logior MS_BIND MS_REMOUNT)))))
+
+ (match (command-line)
+ ((_ user group command args ...)
+ (ensure-writable-store #$(%store-prefix))
+ (let ((uid (or (string->number user)
+ (passwd:uid (getpwnam user))))
+ (gid (or (string->number group)
+ (group:gid (getgrnam group)))))
+ (setgroups #())
+ (setgid gid)
+ (setuid uid)
+ (apply execl command command args))))))))
+
+(define (guix-ownership-change-program)
+ "Return a program that changes ownership of the store and other data files
+of Guix to the given UID and GID."
+ (program-file "validate-guix-ownership"
+ (with-imported-modules (source-module-closure
+ '((guix build utils)))
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 ftw)
+ (ice-9 match))
+
+ (define (lchown file uid gid)
+ (let ((parent (open (dirname file) O_DIRECTORY)))
+ (chown-at parent (basename file) uid gid
+ AT_SYMLINK_NOFOLLOW)
+ (close-port parent)))
+
+ (define (change-ownership directory uid gid)
+ ;; chown -R UID:GID DIRECTORY
+ (file-system-fold (const #t) ;enter?
+ (lambda (file stat result) ;leaf
+ (if (eq? 'symlink (stat:type stat))
+ (lchown file uid gid)
+ (chown file uid gid)))
+ (const #t) ;down
+ (lambda (directory stat result) ;up
+ (chown directory uid gid))
+ (const #t) ;skip
+ (lambda (file stat errno result)
+ (format (current-error-port) "i/o error: ~a: ~a~%"
+ file (strerror errno))
+ #f)
+ #t ;seed
+ directory
+ lstat))
+
+ (define (claim-data-ownership uid gid)
+ (format #t "Changing file ownership for /gnu/store \
+and data directories to ~a:~a...~%"
+ uid gid)
+ (change-ownership #$(%store-prefix) uid gid)
+ (let ((excluded '("." ".." "profiles" "userpool")))
+ (for-each (lambda (directory)
+ (change-ownership (in-vicinity "/var/guix" directory)
+ uid gid))
+ (scandir "/var/guix"
+ (lambda (file)
+ (not (member file
+ excluded))))))
+ (chown "/var/guix" uid gid)
+ (change-ownership "/etc/guix" uid gid)
+ (mkdir-p "/var/log/guix")
+ (change-ownership "/var/log/guix" uid gid))
+
+ (match (command-line)
+ ((_ (= string->number (? integer? uid))
+ (= string->number (? integer? gid)))
+ (setlocale LC_ALL "C.UTF-8") ;for file name decoding
+ (setvbuf (current-output-port) 'line)
+ (claim-data-ownership uid gid)))))))
+
(define-record-type* <guix-configuration>
guix-configuration make-guix-configuration
guix-configuration?
@@ -1959,6 +2053,8 @@ (define-record-type* <guix-configuration>
(default #f))
(tmpdir guix-tmpdir ;string | #f
(default #f))
+ (privileged? guix-configuration-privileged?
+ (default #t))
(build-machines guix-configuration-build-machines ;list of gexps | '()
(default '()))
(environment guix-configuration-environment ;list of strings
@@ -2021,7 +2117,7 @@ (define shepherd-discover-action
(environ environment)
#t)))))
-(define (guix-shepherd-service config)
+(define (guix-shepherd-services config)
"Return a <shepherd-service> for the Guix daemon service with CONFIG."
(define locales
(let-system (system target)
@@ -2030,16 +2126,57 @@ (define (guix-shepherd-service config)
glibc-utf8-locales)))
(match-record config <guix-configuration>
- (guix build-group build-accounts chroot? authorize-key? authorized-keys
+ (guix privileged?
+ build-group build-accounts chroot? authorize-key? authorized-keys
use-substitutes? substitute-urls max-silent-time timeout
log-compression discover? extra-options log-file
http-proxy tmpdir chroot-directories environment
socket-directory-permissions socket-directory-group
socket-directory-user)
(list (shepherd-service
+ (provision '(guix-ownership))
+ (requirement '(user-processes user-homes))
+ (one-shot? #t)
+ (start #~(lambda ()
+ (let* ((store #$(%store-prefix))
+ (stat (lstat store))
+ (privileged? #$(guix-configuration-privileged?
+ config))
+ (change-ownership #$(guix-ownership-change-program))
+ (with-writable-store #$(run-with-writable-store)))
+ ;; Check whether we're switching from privileged to
+ ;; unprivileged guix-daemon, or vice versa, and adjust
+ ;; file ownership accordingly. Spawn a child process
+ ;; if and only if something needs to be changed.
+ ;;
+ ;; Note: This service remains in 'starting' state for
+ ;; as long as CHANGE-OWNERSHIP is running. That way,
+ ;; 'guix-daemon' starts only once we're done.
+ (cond ((and (not privileged?)
+ (or (zero? (stat:uid stat))
+ (zero? (stat:gid stat))))
+ (let ((user (getpwnam "guix-daemon")))
+ (format #t "Changing to unprivileged guix-daemon.~%")
+ (zero?
+ (system* with-writable-store "0" "0"
+ change-ownership
+ (number->string (passwd:uid user))
+ (number->string (passwd:gid user))))))
+ ((and privileged?
+ (and (not (zero? (stat:uid stat)))
+ (not (zero? (stat:gid stat)))))
+ (format #t "Changing to privileged guix-daemon.~%")
+ (zero? (system* with-writable-store "0" "0"
+ change-ownership "0" "0")))
+ (else #t)))))
+ (documentation "Ensure that the store and other data files used by
+guix-daemon have the right ownership."))
+
+ (shepherd-service
(documentation "Run the Guix daemon.")
(provision '(guix-daemon))
(requirement `(user-processes
+ guix-ownership
,@(if discover? '(avahi-daemon) '())))
(actions (list shepherd-set-http-proxy-action
shepherd-discover-action))
@@ -2063,8 +2200,15 @@ (define (guix-shepherd-service config)
(or (getenv "discover") #$discover?))
(define daemon-command
- (cons* #$(file-append guix "/bin/guix-daemon")
- "--build-users-group" #$build-group
+ (cons* #$@(if privileged?
+ #~()
+ #~(#$(run-with-writable-store)
+ "guix-daemon" "guix-daemon"))
+
+ #$(file-append guix "/bin/guix-daemon")
+ #$@(if privileged?
+ #~("--build-users-group" #$build-group)
+ #~())
"--max-silent-time"
#$(number->string max-silent-time)
"--timeout" #$(number->string timeout)
@@ -2145,9 +2289,11 @@ (define (guix-shepherd-service config)
"/var/guix/daemon-socket/socket")
#:name "socket"
#:socket-owner
- (or #$socket-directory-user 0)
+ (or #$socket-directory-user
+ #$(if privileged? 0 "guix-daemon"))
#:socket-group
- (or #$socket-directory-group 0)
+ (or #$socket-directory-group
+ #$(if privileged? 0 "guix-daemon"))
#:socket-directory-permissions
#$socket-directory-permissions)))
((make-systemd-constructor daemon-command
@@ -2162,15 +2308,26 @@ (define (guix-shepherd-service config)
(define (guix-accounts config)
"Return the user accounts and user groups for CONFIG."
- (cons (user-group
- (name (guix-configuration-build-group config))
- (system? #t)
+ (if (guix-configuration-privileged? config)
+ (cons (user-group
+ (name (guix-configuration-build-group config))
+ (system? #t)
- ;; Use a fixed GID so that we can create the store with the right
- ;; owner.
- (id 30000))
- (guix-build-accounts (guix-configuration-build-accounts config)
- #:group (guix-configuration-build-group config))))
+ ;; Use a fixed GID so that we can create the store with the right
+ ;; owner.
+ (id 30000))
+ (guix-build-accounts (guix-configuration-build-accounts config)
+ #:group (guix-configuration-build-group
+ config)))
+ (list (user-group (name "guix-daemon") (system? #t))
+ (user-account
+ (name "guix-daemon")
+ (group "guix-daemon")
+ (system? #t)
+ (supplementary-groups '("kvm"))
+ (comment "Guix Daemon User")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin"))))))
(define (guix-activation config)
"Return the activation gexp for CONFIG."
@@ -2228,7 +2385,7 @@ (define guix-service-type
(service-type
(name 'guix)
(extensions
- (list (service-extension shepherd-root-service-type guix-shepherd-service)
+ (list (service-extension shepherd-root-service-type guix-shepherd-services)
(service-extension account-service-type guix-accounts)
(service-extension activation-service-type guix-activation)
(service-extension profile-service-type
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 83e047f7e6..12d4e70ee5 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016-2020, 2022, 2024 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2016-2020, 2022, 2024-2025 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2018 Clément Lassieur <clement@HIDDEN>
;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@HIDDEN>
;;; Copyright © 2022 Marius Bakke <marius@HIDDEN>
@@ -63,7 +63,8 @@ (define-module (gnu tests base)
%hello-dependencies-manifest
guix-daemon-test-cases
- %test-guix-daemon))
+ %test-guix-daemon
+ %test-guix-daemon-unprivileged))
(define %simple-os
(simple-operating-system))
@@ -1121,7 +1122,7 @@ (define (guix-daemon-test-cases marionette)
(system-error-errno args)))
#$marionette))))
-(define (run-guix-daemon-test os)
+(define (run-guix-daemon-test os name)
(define test-image
(image (operating-system os)
(format 'compressed-qcow2)
@@ -1161,6 +1162,12 @@ (define (run-guix-daemon-test os)
;; Wait for 'guix-daemon' to be up.
(marionette-eval '(begin
(use-modules (gnu services herd))
+ (start-service 'guix-daemon)
+
+ ;; XXX: Do it a second time to work around
+ ;; <https://issues.guix.gnu.org/77274> and its
+ ;; effect on the 'guix-ownership' service.
+ ;; TODO: Remove when Shepherd 1.0.4 is out.
(start-service 'guix-daemon))
marionette))
@@ -1168,7 +1175,7 @@ (define (run-guix-daemon-test os)
(test-end))))
- (gexp->derivation "guix-daemon-test" test))
+ (gexp->derivation name test))
(define %test-guix-daemon
(system-test
@@ -1190,4 +1197,34 @@ (define %test-guix-daemon
%base-user-accounts)))
#:imported-modules '((gnu services herd)
(guix combinators)))))
- (run-guix-daemon-test os)))))
+ (run-guix-daemon-test os "guix-daemon-test")))))
+
+(define %test-guix-daemon-unprivileged
+ (system-test
+ (name "guix-daemon-unprivileged")
+ (description
+ "Test 'guix-daemon' behavior on a multi-user system, where 'guix-daemon'
+runs unprivileged.")
+ (value
+ (let ((os (marionette-operating-system
+ (let ((base (operating-system-with-gc-roots
+ %daemon-os
+ (list (profile
+ (name "hello-build-dependencies")
+ (content %hello-dependencies-manifest))))))
+ (operating-system
+ (inherit base)
+ (kernel-arguments '("console=ttyS0"))
+ (users (cons (user-account
+ (name "user")
+ (group "users"))
+ %base-user-accounts))
+ (services
+ (modify-services (operating-system-user-services base)
+ (guix-service-type
+ config => (guix-configuration
+ (inherit config)
+ (privileged? #f)))))))
+ #:imported-modules '((gnu services herd)
+ (guix combinators)))))
+ (run-guix-daemon-test os "guix-daemon-unprivileged-test")))))
--
2.49.0
ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 17 Apr 2025 14:22:29 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 17 10:22:29 2025
Received: from localhost ([127.0.0.1]:48002 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5Q8K-0004sz-Jt
for submit <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:29 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:43230)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5Q83-0004pt-OX
for 77288 <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:13 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5Q7y-0001UT-9u; Thu, 17 Apr 2025 10:22:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=NvETS3a7wS7cajId857MOkfgRUdTvu19iavdD7nbxws=; b=MKJqnwyuuXenz2HsCm56
/sPzFtUF1ZXGNUuvQbXfqLyNy9Xx4vDmjIEsJq3whX8/2D/Vitia2y6elAmySlYNfj6Z0Otfjbvyy
8ta4FzA7Ocf9NwYFeeKV7G4Kb3mfPO0fVxuR64KcpZkU8QlGRR0aseKdveccx0lLBQWfshqGGamVt
9oAmtw787oxyhdCA8Z/gfyIxJ2swUdVFep6k6kzLMY1SI0IThPTw9naRnqZOfIfD9krdAS5bdjkt9
EVqMRfi1KKNJ9RHAdXYdp8Z2d9HasdANjlGNhC8/RZjiSi7M5e9QOm6XLQbg0CcFWrRTJoiAuVxS8
QjLhm/HZdHBKow==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v2 8/8] DRAFT news: Add entry about unprivileged guix-daemon
on Guix System.
Date: Thu, 17 Apr 2025 16:21:43 +0200
Message-ID: <fdf68baf11107aee8fa657f62a4d53caccbe5926.1744899444.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1744899444.git.ludo@HIDDEN>
References: <cover.1744899444.git.ludo@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Florian Pelz <pelzflorian@HIDDEN>,
Julien Lepiller <julien@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
DRAFT: Temporary commit.
* etc/news.scm: Add it.
Change-Id: I28eae7f7b4305225b13281b99458cbedda3c3b94
---
etc/news.scm | 31 +++++++++++++++++++++++++++++++
1 file changed, 31 insertions(+)
diff --git a/etc/news.scm b/etc/news.scm
index 4b3da44540..c1f2315e33 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -37,6 +37,37 @@
(channel-news
(version 0)
+ (entry (commit "XXX")
+ (title
+ (en "Guix System can run @command{guix-daemon} without root
+privileges"))
+ (body
+ (en "On Guix System, @code{guix-service-type} can now be configured
+to run the build daemon, @command{guix-daemon}, without root privileges. In
+that configuration, the daemon runs with the authority of the
+@code{guix-daemon} user, which we think can reduce the impact of some classes
+of vulnerabilities that could affect it.
+
+For now, this is opt-in: you have to change @code{guix-configuration} to set
+the @code{privileged?} field to @code{#f}. When you do this, all the files in
+@file{/gnu/store}, @file{/var/guix}, etc. will have their ownership changed to
+the @code{guix-daemon} user (instead of @code{root}); this can take a while,
+especially if the store is big. To learn more about it, run:
+
+@example
+info guix --index-search=guix-service-type
+@end example
+
+Running @command{guix-daemon} without root privileges will likely become the
+default in the future.
+
+Users of Guix on other distributions can find information on how to migrate in
+the manual:
+
+@example
+info guix --index-search=migration
+@end example")))
+
(entry (commit "0e51c6547ffdaf91777f7383da4a52a1a07b7286")
(title
(en "Incompatible upgrade of the Syncthing service"))
--
2.49.0
pelzflorian@HIDDEN, julien@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 17 Apr 2025 14:22:28 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 17 10:22:28 2025
Received: from localhost ([127.0.0.1]:48000 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5Q8J-0004si-8O
for submit <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:28 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:43202)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5Q7z-0004pB-N5
for 77288 <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:13 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5Q7u-0001Tc-41; Thu, 17 Apr 2025 10:22:02 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=CJ/L9kunERGnh6KdCeg3IMWjSzFeEbgPhD2pk3HBqVQ=; b=kEp5I6kKH2he3s5ng8Vu
VPkPFVV/bUIQXKhPjkzUFqYhwwoNHo/5NBTS9zZBJLETH4OeRhxSL3lVTXA3l7l+NWriLfquEgj5A
mRuQX8uoW+OAVci4uudmszzmpxBp6uO4yrcKkMmzFTOC2CQyL2tD1C/oqN8l1/vRfoDMEpQQN7uRA
LnEcWXPKgBaNCrvsjua8nau2ggu8VhsoKP7ngurAB36LJKPeZzRQfZzBM6IctlDgSIRbmN7dSEZkG
hhQA9DnMdIHKQ4Pbf69+NVkDnz5IorGYQiANN86iQlKdY139lxsGchsjFRKRY9L2CEMSnbK1/jhk1
4RiNd7OWvqHYPw==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v2 4/8] services: account: Create
/var/guix/profiles/per-user/$USER.
Date: Thu, 17 Apr 2025 16:21:39 +0200
Message-ID: <0924e8378e0e526aacd04e498e31365b213c0ab0.1744899444.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1744899444.git.ludo@HIDDEN>
References: <cover.1744899444.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* gnu/system/shadow.scm (account-shepherd-service): Create
/var/guix/profiles/per-user/$USER in ‘user-homes’ service.
Change-Id: I22e66e8a34d63686df9bae64c68df65c8889e72a
---
gnu/system/shadow.scm | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index b68a818871..d0f1b6b2b1 100644
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013-2020, 2022, 2023 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2013-2020, 2022-2023, 2025 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2016 Alex Griffin <a@HIDDEN>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@HIDDEN>
;;; Copyright © 2020, 2023 Efraim Flashner <efraim@HIDDEN>
@@ -460,6 +460,12 @@ (define (account-shepherd-service accounts+groups)
(define accounts
(filter user-account? accounts+groups))
+ (define regular-account-names
+ (filter-map (lambda (account)
+ (and (not (user-account-system? account))
+ (user-account-name account)))
+ accounts))
+
;; Create home directories only once 'file-systems' is up. This makes sure
;; they are created in the right place if /home lives on a separate
;; partition.
@@ -480,6 +486,17 @@ (define (account-shepherd-service accounts+groups)
(activate-user-home
(map sexp->user-account
(list #$@(map user-account->gexp accounts))))
+
+ ;; Create the user's profile directory upfront:
+ ;; guix-daemon lacks permissions to create it when it is
+ ;; running as an unprivileged user.
+ (for-each (lambda (account)
+ (let ((profile (in-vicinity
+ "/var/guix/profiles/per-user"
+ account))
+ (owner (getpwnam account)))
+ (mkdir-p/perms profile owner #o755)))
+ '#$regular-account-names)
#t))) ;success
(documentation "Create user home directories."))))
--
2.49.0
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 17 Apr 2025 14:22:27 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 17 10:22:27 2025
Received: from localhost ([127.0.0.1]:47998 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5Q8I-0004sX-7x
for submit <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:27 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:43212)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5Q81-0004pR-12
for 77288 <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:13 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5Q7v-0001Tr-4o; Thu, 17 Apr 2025 10:22:03 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=xCCzckKP82CnyuCIo9fuJVhLYLiOCYeDm9GnRHKF0VY=; b=OGetIkN8zklfZuSZNtIn
SA0gPtuU0Nv/IVdtNnG16anIOK0CyeEuo82zc7phju0m+Ox4dYVduz5gtMVrSpOFFk/MCC7dVD8YF
EJM0d0ifAWPMzlsKwC6LjQmqdLTpoz+ww16GcqDJs7ubDS7eMHIWMvMd1/Y2b5+HGVB4EtzDhwDo9
TdFd81bFeN5l9XnNv/Dv1YYiJ16YPmXu6UxpKvCpZhkYcFDPMX62qsaSXfcgU/YgbAopgD+mMvgbE
tMDkY3d49NG3DExKoLp1c7u28w42sv/a4kAEQI8djHWwIVMSsqgvgZtum95iYWJNZ9JgNaFHx0uwb
EYgdpDrHhynnsQ==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v2 5/8] tests: guix-daemon: Send system log output to
/dev/console.
Date: Thu, 17 Apr 2025 16:21:40 +0200
Message-ID: <1273ef478c23602857023b49cbae0595870abff0.1744899444.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1744899444.git.ludo@HIDDEN>
References: <cover.1744899444.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* gnu/tests/base.scm (%daemon-os): New variable.
(%test-guix-daemon): Use it.
Change-Id: Iea31808cc59e94971ea4cbc12d565c94348bf7a4
---
gnu/tests/base.scm | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index a7f8a5bf7c..0f7fb543a7 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -994,6 +994,10 @@ (define %test-activation
;;; Build daemon.
;;;
+(define %daemon-os
+ (operating-system-with-console-syslog
+ (simple-operating-system)))
+
(define (manifest-entry-without-grafts entry)
"Return ENTRY with grafts disabled on its contents."
(manifest-entry
@@ -1168,7 +1172,7 @@ (define %test-guix-daemon
(let ((os (marionette-operating-system
(operating-system
(inherit (operating-system-with-gc-roots
- %simple-os
+ %daemon-os
(list (profile
(name "hello-build-dependencies")
(content %hello-dependencies-manifest)))))
--
2.49.0
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 17 Apr 2025 14:22:26 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 17 10:22:26 2025
Received: from localhost ([127.0.0.1]:47996 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5Q8H-0004sD-2L
for submit <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:25 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:43226)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5Q81-0004pT-Qi
for 77288 <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:12 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5Q7w-0001U4-36; Thu, 17 Apr 2025 10:22:04 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=gKI5dMXI0sDlCCCNGZpFka8Qpc+H6GgunfDTs5URY5s=; b=cpg8B4X5jZ4lbcEKHGvZ
ywna/IF87pjnm9MsB9bKk9ZNnJadWrxlXyXJOlI2/765DZqBIELczn2LBlSSXXH3AIlnY4jkWd/aA
XPfk9/D18bP5kpgDNEj3+BbGARROBl66XJrOmB2YttdsJHq7j0jhEeQxCUHiIYZX2yiRkTFFk8KV7
Rq7lOZXrAAuopRsW4QHLS/2kxNOx5/zOga0+LxPpoIK2vc1T8aJMqJOlaENrRmWfJb7FisMcAbLTZ
nN+YtNkHzhZRcMQfMKgVnyaQYv2Xzn8iKfoo7eObHq+iUnoJTdWaOM2Vox+9BXxIPYPP2ArKCnHEc
GX3qqDY2SlOnYQ==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v2 6/8] =?UTF-8?q?tests:=20guix-daemon:=20Wait=20for=20the?=
=?UTF-8?q?=20=E2=80=98guix-daemon=E2=80=99=20service=20to=20be=20up.?=
Date: Thu, 17 Apr 2025 16:21:41 +0200
Message-ID: <943d356b935b876fce7177093f0ea78391149482.1744899444.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1744899444.git.ludo@HIDDEN>
References: <cover.1744899444.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* gnu/tests/base.scm (run-guix-daemon-test): Add “guix-daemon service is
up” test.
Change-Id: I4d44a1248599fec45c854c285d4da201c30eb00c
---
gnu/tests/base.scm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 0f7fb543a7..83e047f7e6 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -1157,6 +1157,13 @@ (define (run-guix-daemon-test os)
(test-runner-current (system-test-runner #$output))
(test-begin "guix-daemon")
+ (test-assert "guix-service is running"
+ ;; Wait for 'guix-daemon' to be up.
+ (marionette-eval '(begin
+ (use-modules (gnu services herd))
+ (start-service 'guix-daemon))
+ marionette))
+
#$(guix-daemon-test-cases #~marionette)
(test-end))))
--
2.49.0
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 17 Apr 2025 14:22:25 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 17 10:22:25 2025
Received: from localhost ([127.0.0.1]:47994 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5Q8G-0004s3-23
for submit <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:24 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:43198)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5Q7y-0004p1-H3
for 77288 <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:11 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5Q7t-0001TR-4N; Thu, 17 Apr 2025 10:22:01 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=pX3LSffILOqR/UkDvibjIkTZohWxhjxg21izy7L/1yo=; b=dt5Sl0Xcy7wfhBfPWc3+
4cVdxWhMnzdprRYtq+eGLTlyyVkHIdAeyEVd53i0F1AxcD7mmz/XARN4SfcevdYlwToYSj5DLmpFd
tOhhTACyGZwDhY1+k+0l5MH9TOi+1meNRPGvoBSksvXfzOSQcRUafjRn664dL2+e5ih8IzqhF+lWi
H4aTmHdHqlMQZPShoHPfVaMal1G586oXtvjnXyLTpZcXf0IqZXmNnNsgt8X/YWACwxrFR6ZeigdnE
d2BUFYSYFiOo0mH9xsTSzAwKJ/lM9N5ZDsi+Suw5N+pour9allAL4NIMvwQDp7AyCFkXVN4RQWC5E
gcsaplHBr1hY9Q==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v2 3/8] =?UTF-8?q?syscalls:=20Add=20=E2=80=98unshare?=
=?UTF-8?q?=E2=80=99.?=
Date: Thu, 17 Apr 2025 16:21:38 +0200
Message-ID: <3686350af60a8eb68e7e6453cb258a0f7b747bbf.1744899444.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1744899444.git.ludo@HIDDEN>
References: <cover.1744899444.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* guix/build/syscalls.scm (unshare): New procedure.
Change-Id: I344273b8bdeaa9366334e6e20ee7efc37eb6c8f7
---
guix/build/syscalls.scm | 18 ++++++++++++++++++
tests/syscalls.scm | 9 +++++++++
2 files changed, 27 insertions(+)
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 42232fc7f1..cf09cae3a4 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -145,6 +145,7 @@ (define-module (guix build syscalls)
CLONE_NEWPID
CLONE_NEWNET
clone
+ unshare
setns
kexec-load-file
@@ -1213,6 +1214,23 @@ (define clone
(list err))
ret)))))
+(define unshare
+ (let ((proc (syscall->procedure int "unshare" (list int))))
+ (lambda (flags)
+ "Disassociate the current process from parts of its execution context
+according to FLAGS, which must be a logical or of CLONE_NEW* constants.
+
+Note that CLONE_NEWUSER requires that the calling process be single-threaded,
+which is possible if and only if libgc is running a single marker thread; this
+can be achieved by setting the GC_MARKERS environment variable to 1. If the
+calling process is multi-threaded, this throws to 'system-error' with EINVAL."
+ (let-values (((ret err)
+ (without-automatic-finalization (proc flags))))
+ (unless (zero? ret)
+ (throw 'system-error "unshare" "~a: ~A"
+ (list flags (strerror err))
+ (list err)))))))
+
(define setns
;; Some systems may be using an old (pre-2.14) version of glibc where there
;; is no 'setns' function available.
diff --git a/tests/syscalls.scm b/tests/syscalls.scm
index d2848879d7..879c3e4f25 100644
--- a/tests/syscalls.scm
+++ b/tests/syscalls.scm
@@ -149,6 +149,15 @@ (define perform-container-tests?
((_ . status)
(= 42 (status:exit-val status))))))))
+(test-equal "unshare"
+ EPERM
+ ;; Unless running as root, (unshare CLONE_NEWNS) returns EPERM.
+ (catch 'system-error
+ (lambda ()
+ (unshare CLONE_NEWNS))
+ (lambda args
+ (system-error-errno args))))
+
(unless perform-container-tests?
(test-skip 1))
(test-assert "setns"
--
2.49.0
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 17 Apr 2025 14:22:24 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 17 10:22:23 2025
Received: from localhost ([127.0.0.1]:47992 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5Q8F-0004ru-DN
for submit <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:23 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:43184)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5Q7x-0004p0-RV
for 77288 <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:08 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5Q7s-0001TJ-4p; Thu, 17 Apr 2025 10:22:00 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=gexwjnZR4fw9UYYQljS6pnzdSTm4OAUOYgKKkKiyua8=; b=lrrJ9pwkqw4ojM0ab/PV
7j0UZiFy9h2mAmXwGz9k9XEQT2pQpiWJVKI3GXeGZbPyqnmqkGj4wbsENhaJhgtN+9efovqbYK2ex
acS8mf2CKhBCoxnNGFNyunp3P7TuPZgMd0dGbBOfOzWbC9qO4Ykn3znHE3dWMGjjd2Lwm2iYF2wvB
itEjiIxgOaIiw+R2dsAqUTJRpJ+WXI3vcN0/YTozjFS+7F/Nr1kW3D95TIJv5dYPTQ6sBrB1FiI9a
2IdhmNfFOUAGsR1MzCryzHu79q+bjlOfVsvW/gkDNsuJNpQRQUqBN/fx5/yiIlm6WC4bmCmi+cX7X
rjCTw5W6nJtJCQ==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v2 2/8] doc: Document migration to the unprivileged daemon.
Date: Thu, 17 Apr 2025 16:21:37 +0200
Message-ID: <ae493e8a2441c678c9c20ab74f474984342d45d2.1744899444.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1744899444.git.ludo@HIDDEN>
References: <cover.1744899444.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* doc/guix.texi (Build Environment Setup): Add “Migrating to the
Unprivileged Daemon” section.
(Upgrading Guix): Link to it.
Change-Id: I2bac3f4419d85b7c718c6c4a3908387b4f6ee582
---
doc/guix.texi | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++-
1 file changed, 67 insertions(+), 1 deletion(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 070528667f..377cb65326 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -1026,13 +1026,75 @@ Build Environment Setup
In this configuration, @file{/gnu/store} is owned by the
@code{guix-daemon} user.
+@anchor{unprivileged-daemon-migration}
+@unnumberedsubsubsec Migrating to the Unprivileged Daemon
+
+@cindex unprivileged daemon, migration
+@cindex rootless daemon, migration
+To switch an existing installation to the unprivileged execution mode, a
+number of steps must be taken: creating a new dedicated
+@code{guix-daemon} user account, changing ownership of the relevant
+files to @code{guix-daemon}, and ensuring that the @command{guix-daemon}
+program runs as @code{guix-daemon}.
+
+@quotation Warning
+Follow the instructions below only after making sure you have a recent
+version of @command{guix-daemon} with support for unprivileged
+execution.
+@end quotation
+
+File ownership can be changed, after stopping the daemon, by running the
+following commands as root (the @command{chown} can take a while if
+there are many files in @file{/gnu/store}):
+
+@example
+groupadd --system guix-daemon
+useradd -g guix-daemon -G guix-daemon,kvm \
+ -d /var/empty -s $(which nologin) \
+ -c "Guix daemon privilege separation user" \
+ --system guix-daemon
+
+chown -R guix-daemon:guix-daemon \
+ /gnu \
+ /var/guix/@{daemon-socket,db,discover@} \
+ /var/guix/@{gcroots,offload,substitute,temproots@} \
+ /var/log/guix \
+ /etc/guix
+@end example
+
+If your system uses the systemd service manager, running the daemon as
+@code{guix-daemon} will be a matter of copying the relevant
+configuration files---make sure to review any changes you might have
+made in your own @file{.service} files before overwriting them:
+
+@example
+cp /var/guix/profiles/per-user/root/current-guix/lib/systemd/system/*.service \
+ /etc/systemd/system
+systemctl daemon-reload
+systemctl start guix-daemon
+@end example
+
+@quotation Warning
+The commands above assume that @command{guix pull} was run for the root
+user. You can check whether this is the case by running this command:
+
+@example
+grep User=guix-daemon \
+ /var/guix/profiles/per-user/root/current-guix/lib/systemd/system/guix-daemon.service
+@end example
+
+If that command does not show the @code{User=guix-daemon} line, then run
+@command{guix pull} as the root user.
+@end quotation
+
@unnumberedsubsubsec The Isolated Build Environment
@cindex chroot
@cindex build environment isolation
@cindex isolated build environment
@cindex hermetic build environment
-In both cases, the daemon starts build processes without privileges in
+In both cases, privileged and unprivileged,
+the daemon starts build processes without privileges in
an @emph{isolated} or @emph{hermetic} build environment---a ``chroot''.
On GNU/Linux, by default, the build environment contains nothing but:
@@ -2035,6 +2097,10 @@ Upgrading Guix
On Guix System, upgrading the daemon is achieved by reconfiguring the
system (@pxref{Invoking guix system, @code{guix system reconfigure}}).
+To migrate an existing installation to the @emph{unprivileged daemon}
+where @command{guix-daemon} does not run as root,
+@pxref{unprivileged-daemon-migration}.
+
@c TODO What else?
@c *********************************************************************
--
2.49.0
ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 17 Apr 2025 14:22:23 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 17 10:22:23 2025
Received: from localhost ([127.0.0.1]:47990 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5Q8D-0004rm-OU
for submit <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:23 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:44866)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5Q7w-0004oq-L0
for 77288 <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:09 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5Q7r-0001T3-5T; Thu, 17 Apr 2025 10:21:59 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=mtPCkcmWLIjQsjjBWKM0cyrevvUhhUSD9sywJ8G4WU4=; b=OyCJGmEH1KUvDB6+aO1m
eiSSbMdfp1Xj6GrWz8hF0ElQ9kdFuMBuPw4+S3acFP58aWkUalFsB0LW5BEl+XCPgnnkrNyvvjRmQ
zuQjND4z3csiKDDvdOz088D860s0/hwZsPgpdreQ/FW61PxvGVmFMTIXWCW2g6me/guKnbgDXd+w2
kH72zQC+uWJ03pCRyFgg90ViNYYThqCpAkJqn+h3aOPZ3DErBggArCET02BtSGwohBPOFrfii1PIw
SPARpNyhSprXGjKCltfShLN3YX9Nac/GUlij4GDiiZmUDI3Vw1y1GAB0hFd9nYiNaYi18wiK6wHbG
MV8KTJ+UHmXuaQ==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v2 1/8] =?UTF-8?q?self:=20Install=20systemd=20=E2=80=98.se?=
=?UTF-8?q?rvice=E2=80=99=20files.?=
Date: Thu, 17 Apr 2025 16:21:36 +0200
Message-ID: <20e400054c70809a7a920b0c2167f5b07ca3ee1b.1744899444.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1744899444.git.ludo@HIDDEN>
References: <cover.1744899444.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Christopher Baines <guix@HIDDEN>, Josselin Poiret <dev@HIDDEN>, Ludovic Courtès <ludo@HIDDEN>, Mathieu Othacehe <othacehe@HIDDEN>, Simon Tournier <zimon.toutoune@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
This is consistent with the ‘guix’ package and will prove helpful when
people want to replace /etc/systemd/system/guix*.service with newer
versions thereof.
* guix/self.scm (parameterized-file): New procedure, based on…
(selinux-policy): … this. Use ‘parameterized-file’.
(systemd-file): New procedure.
(miscellaneous-files): Add systemd files.
Change-Id: Ia489a955347cf648a86000cc1265769d66c3f0e8
---
guix/self.scm | 42 ++++++++++++++++++++++++++++++++----------
1 file changed, 32 insertions(+), 10 deletions(-)
diff --git a/guix/self.scm b/guix/self.scm
index 28239d53f5..2a99765359 100644
--- a/guix/self.scm
+++ b/guix/self.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2017-2023 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2017-2023, 2025 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2020 Martin Becze <mjbecze@HIDDEN>
;;; Copyright © 2023 Janneke Nieuwenhuizen <janneke@HIDDEN>
;;; Copyright © 2024 gemmaro <gemmaro.dev@HIDDEN>
@@ -666,24 +666,40 @@ (define* (guix-command modules
;; Use a 'guile' variant that doesn't complain about locales.
#:guile (quiet-guile guile)))
-(define (selinux-policy source daemon)
- "Return the SELinux policy file taken from SOURCE and adjusted to refer to
-DAEMON and to the current configuration variables."
+(define (parameterized-file source daemon file name)
+ "Return FILE taken from SOURCE (typically a '.in' file) and adjusted to
+refer to DAEMON and to the current configuration variables."
(define build
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
- (copy-file #+(file-append* source "/etc/guix-daemon.cil.in")
- "guix-daemon.cil")
- (substitute* "guix-daemon.cil"
+ (fluid-set! %default-port-encoding "UTF-8")
+ (copy-file #+(file-append* source file) #$name)
+ (substitute* #$name
(("@guix_sysconfdir@") #$%sysconfdir)
(("@guix_localstatedir@") #$%localstatedir)
+ (("@localstatedir@") #$%localstatedir)
(("@storedir@") #$%storedir)
- (("@prefix@") #$daemon))
- (copy-file "guix-daemon.cil" #$output))))
+ (("@prefix@") #$daemon)
+ (("@GUIX_SUBSTITUTE_URLS@")
+ #$(string-join %default-substitute-urls)))
+ (copy-file #$name #$output))))
- (computed-file "guix-daemon.cil" build))
+ (computed-file name build))
+
+(define (selinux-policy source daemon)
+ "Return the SELinux policy file taken from SOURCE and adjusted to refer to
+DAEMON and to the current configuration variables."
+ (parameterized-file source daemon
+ "etc/guix-daemon.cil.in"
+ "guix-daemon.cil"))
+
+(define (systemd-file source daemon file)
+ "Return the given systemd file from SOURCE parameterized for DAEMON."
+ (parameterized-file source daemon
+ (string-append "etc/" file ".in")
+ file))
(define (miscellaneous-files source daemon)
"Return data files taken from SOURCE."
@@ -698,6 +714,12 @@ (define (miscellaneous-files source daemon)
,(file-append* source "/etc/completion/fish/guix.fish"))
("share/selinux/guix-daemon.cil"
,(selinux-policy source daemon))
+ ,@(map (lambda (file)
+ `(,(string-append "lib/systemd/system/" file)
+ ,(systemd-file source daemon file)))
+ '("guix-gc.service"
+ "guix-publish.service"
+ "guix-daemon.service"))
("share/guix/berlin.guix.gnu.org.pub"
,(file-append* source
"/etc/substitutes/berlin.guix.gnu.org.pub"))
--
2.49.0
guix@HIDDEN, dev@HIDDEN, ludo@HIDDEN, othacehe@HIDDEN, zimon.toutoune@HIDDEN, me@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 17 Apr 2025 14:22:15 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Apr 17 10:22:15 2025
Received: from localhost ([127.0.0.1]:47988 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1u5Q86-0004rG-Ma
for submit <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:15 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:44852)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1u5Q7w-0004on-CT
for 77288 <at> debbugs.gnu.org; Thu, 17 Apr 2025 10:22:04 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1u5Q7q-0001Su-6N; Thu, 17 Apr 2025 10:21:58 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to:
references; bh=hE/ShDqK3QeVPKvQH05uuklqyZ/8pqzDJEcBcp04Ye4=; b=qMAKlMaQo1j1rO
dxFzbUK2PBE7AcaJjJm28kb64Wn0TteekllyS30lbpf+6+ucmHxtKlPC249I7Y0RMF8VnLJION7E0
DlRotfNxr979wTsY/FGLlSqQ/sbQgvmLcAXayZEv+R6ySjw1Sk8re2IAayLvDoat7aLBByqQt3C+h
E9vRXvwcMnclKiyIBNQ5cI7M7WlKa5kvatxVPllPQ3dJP5Yboaw/oq8Z4eT24/SmfUgfluxc0TTeo
K8ggVh/UtJ0DXo0vKDC7eGt0N4bG1bRJLC0b2YgrTPA8eNrSkIfuxS1EHJHzqgkRkJXG8tfbaX7fb
8AioduVCmG+VW++1mRjQ==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH v2 0/8] Rootless guix-daemon on Guix System
Date: Thu, 17 Apr 2025 16:21:35 +0200
Message-ID: <cover.1744899444.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Florian Pelz <pelzflorian@HIDDEN>,
Julien Lepiller <julien@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>,
"pelzflorian \(Florian Pelz\)" <pelzflorian@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hello Guix,
Changes since v1:
• ‘guix pull’ will now install systemd ‘.service’ files, which
is necessary to ease migration on systemd-based distros.
• Migration to the unprivileged daemon is now documented, for
foreign distros in particular.
• News entry reads “will likely” instead of “may eventually”
and it mentions unprivileged daemon migration for other distros,
as suggested by Florian.
I’d like to push this in the coming days.
Let me know what you think!
Ludo’.
Ludovic Courtès (8):
self: Install systemd ‘.service’ files.
doc: Document migration to the unprivileged daemon.
syscalls: Add ‘unshare’.
services: account: Create /var/guix/profiles/per-user/$USER.
tests: guix-daemon: Send system log output to /dev/console.
tests: guix-daemon: Wait for the ‘guix-daemon’ service to be up.
services: guix: Allow ‘guix-daemon’ to run without root privileges.
DRAFT news: Add entry about unprivileged guix-daemon on Guix System.
doc/guix.texi | 106 ++++++++++++++++++++++-
etc/news.scm | 31 +++++++
gnu/services/base.scm | 187 ++++++++++++++++++++++++++++++++++++----
gnu/system/shadow.scm | 19 +++-
gnu/tests/base.scm | 60 +++++++++++--
guix/build/syscalls.scm | 18 ++++
guix/self.scm | 42 ++++++---
tests/syscalls.scm | 9 ++
8 files changed, 439 insertions(+), 33 deletions(-)
base-commit: 4bd2949cfa7a8bf5dfe66adad1a76472af09708d
--
2.49.0
pelzflorian@HIDDEN, julien@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 28 Mar 2025 07:40:11 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Fri Mar 28 03:40:11 2025
Received: from localhost ([127.0.0.1]:52663 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1ty4K3-0002lG-5d
for submit <at> debbugs.gnu.org; Fri, 28 Mar 2025 03:40:11 -0400
Received: from relay.yourmailgateway.de ([188.68.61.103]:56351)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <pelzflorian@HIDDEN>)
id 1ty4Jy-0002gs-U1
for 77288 <at> debbugs.gnu.org; Fri, 28 Mar 2025 03:40:08 -0400
Received: from mors-relay-8403.netcup.net (localhost [127.0.0.1])
by mors-relay-8403.netcup.net (Postfix) with ESMTPS id 4ZPC9K14J3z87dm;
Fri, 28 Mar 2025 08:40:05 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pelzflorian.de;
s=key2; t=1743147605;
bh=eXusmKOkwpBO8zWcSJBuJeAhBq9al6YQ/GhKqgWYU+8=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
b=dHIwfW3swblt8oG2YVOQ13KxMKLnScOrF2xHPIualJnTd1RXO14tADPLptK0ZuSkc
5c6OfzVEsTLDjhbH0+6bAonh650DPyEzDbQZndGx9DSviTFhmdxDVpAQDjnlQ1GXrr
WK/4OT5EsTEoopUTvnbyfNMRXMRYDqinT+1CdsQTjh8z4StE4dufZM1MyqQz0ioqJx
bivbJTyWsvxQB9H0BLeXk2gvRcjC2oQLD6+cX1anFCVfuP1IPVr2FwmvdfEGVZSFTU
gWlHsAh5AULgqMPOiigi8lnog5qs9DA59JJhYVJOp2YYEnwv+/0Q6kyEqsREvLtPVj
UxwpncWIMA7pA==
Received: from policy01-mors.netcup.net (unknown [46.38.225.35])
by mors-relay-8403.netcup.net (Postfix) with ESMTPS id 4ZPC9K0fVFz87dV;
Fri, 28 Mar 2025 08:40:05 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at policy01-mors.netcup.net
X-Spam-Flag: NO
X-Spam-Score: -2.897
X-Spam-Level:
X-Spam-Status: No, score=-2.897 required=6.31 tests=[ALL_TRUSTED=-1,
BAYES_00=-1.9, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001,
URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mxe217.netcup.net (unknown [10.243.12.53])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by policy01-mors.netcup.net (Postfix) with ESMTPS id 4ZPC9G1STRz8tY2;
Fri, 28 Mar 2025 08:40:01 +0100 (CET)
Received: from florianhp (ipb21a5dbf.dynamic.kabel-deutschland.de
[178.26.93.191])
by mxe217.netcup.net (Postfix) with ESMTPSA id 4E5F984C5E;
Fri, 28 Mar 2025 08:38:40 +0100 (CET)
From: "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Subject: Re: [bug#77288] [PATCH 6/6] DRAFT news: Add entry about
unprivileged guix-daemon on Guix System.
In-Reply-To: <877c4aioep.fsf@HIDDEN> ("Ludovic =?utf-8?Q?Court=C3=A8s=22'?=
=?utf-8?Q?s?= message of "Thu, 27 Mar 2025 14:38:54 +0100")
References: <cover.1743007256.git.ludo@HIDDEN>
<2f0e31d6674693e0b785724283cd494dd11fa0f9.1743007256.git.ludo@HIDDEN>
<874ize4n96.fsf@HIDDEN> <877c4aioep.fsf@HIDDEN>
Date: Fri, 28 Mar 2025 08:39:14 +0100
Message-ID: <87cye1a9jx.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Server: rspamd-worker-8404
X-Rspamd-Queue-Id: 4E5F984C5E
X-NC-CID: kDcA25Mli5cOxO7lPfg3ulG5sgnYv6VtZxtsdwK/0KQGbIg9cjs9l5zD
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77288
Cc: Julien Lepiller <julien@HIDDEN>, 77288 <at> debbugs.gnu.org,
Reepca Russelstein <reepca@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Hi Ludo.
Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
> "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN> skribis:
>> Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
>>> +Eventually running @command{guix-daemon} without root privileges may b=
ecome
>>> +the default.")))
>>> +
>>
>> I dislike the word =E2=80=9Cmay=E2=80=9D in this last sentence. How abo=
ut =E2=80=9Clikely
>> will=E2=80=9D or some such thing, even if we have not reviewed bugfreene=
ss of
>> Linux here?
>
> Sure; I view =E2=80=9Cmay=E2=80=9D and =E2=80=9Clikely will=E2=80=9D as s=
ynonymous, but maybe there are
> subtleties that escape me.
>
I had understood =E2=80=9Clikely=E2=80=9D to be =E2=80=9Cprobably=E2=80=9D.=
With more thinking and
Wiktionary reading, =E2=80=9Clikely=E2=80=9D can also mean =E2=80=9Cplausib=
ly=E2=80=9D, though not in
this context, I think.
The word =E2=80=9Cmay=E2=80=9D you had used means =E2=80=9Cpossibly=E2=80=
=9D, which sounds
indecisive/uncommitted and if even Guix does not know yet if rootless is
a good idea, how should a news-reading user know? I thought you wrote
it for this purpose, because distros had been wary of USERNS some time
ago, or something.
This is why I translated to German as =E2=80=9Evielleicht=E2=80=9D (maybe).
Apparently some people want to banish the word =E2=80=9Cmay=E2=80=9D for it=
s suppossed
ambiguity; it can mean =E2=80=9Cpossibly=E2=80=9D and =E2=80=9Chave permiss=
ion to=E2=80=9D, according to
Wiktionary. This subtlety is news to me; I think context makes clear
what =E2=80=9Cmay=E2=80=9D means.
But perhaps it really is better to use unambiguous adverbs, adjectives
like =E2=80=9Cprobably=E2=80=9D.
In case you write this =E2=80=9Cprobably=E2=80=9D or =E2=80=9Clikely=E2=80=
=9D, I would translate in
German as =E2=80=9Ewahrscheinlich=E2=80=9D (probably).
>> Can you tell foreign distro users about their rootless options in the
>> news, too?
>
> This news item is specifically about Guix System (announced upfront),
> but I guess we can add a sentence toward the end. (Thing is, the
> situation will be simpler on foreign distros: we won=E2=80=99t support sw=
itching
> between privileged and unprivileged, so either you get one or the
> other.)
>
Yes, please! That sentence in parentheses explains the situation, but
needs rewording for etc/news.scm of course.
> Thanks for the comments and for the translation!
>
> Ludo=E2=80=99.
:)
I also now notice it is impossible to translate
info guix --index-search=3Dguix-service-type
as
info guix.de --index-search=3Dguix-service-type
although
info guix.fr --index-search=3Dguix-service-type
works fine. No idea why; both texi files look the same here. But since
the rootless documentation is not translated yet anyway, please leave
info guix --index-search=3Dguix-service-type
Regards,
Florian
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 27 Mar 2025 13:39:23 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 09:39:22 2025
Received: from localhost ([127.0.0.1]:48259 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1txnS4-0008WV-Fi
for submit <at> debbugs.gnu.org; Thu, 27 Mar 2025 09:39:22 -0400
Received: from hera.aquilenet.fr ([185.233.100.1]:58118)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1txnRo-0008Tp-TL
for 77288 <at> debbugs.gnu.org; Thu, 27 Mar 2025 09:39:13 -0400
Received: from localhost (localhost [127.0.0.1])
by hera.aquilenet.fr (Postfix) with ESMTP id 4AE1A297;
Thu, 27 Mar 2025 14:38:57 +0100 (CET)
Authentication-Results: hera.aquilenet.fr;
none
X-Virus-Scanned: Debian amavis at hera.aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
by localhost (hera.aquilenet.fr [127.0.0.1]) (amavis, port 10024) with ESMTP
id PNrkEwPkd0kg; Thu, 27 Mar 2025 14:38:56 +0100 (CET)
Received: from ribbon (91-160-117-201.subs.proxad.net [91.160.117.201])
by hera.aquilenet.fr (Postfix) with ESMTPSA id DCCBDC4;
Thu, 27 Mar 2025 14:38:55 +0100 (CET)
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@HIDDEN>
To: "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN>
Subject: Re: [bug#77288] [PATCH 6/6] DRAFT news: Add entry about
unprivileged guix-daemon on Guix System.
In-Reply-To: <874ize4n96.fsf@HIDDEN> (pelzflorian@HIDDEN's
message of "Thu, 27 Mar 2025 14:27:33 +0100")
References: <cover.1743007256.git.ludo@HIDDEN>
<2f0e31d6674693e0b785724283cd494dd11fa0f9.1743007256.git.ludo@HIDDEN>
<874ize4n96.fsf@HIDDEN>
Date: Thu, 27 Mar 2025 14:38:54 +0100
Message-ID: <877c4aioep.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: 4AE1A297
X-Spamd-Result: default: False [4.90 / 15.00]; SPAM_FLAG(5.00)[];
BAYES_HAM(-3.00)[99.99%]; NEURAL_SPAM(3.00)[1.000];
MIME_GOOD(-0.10)[text/plain]; MIME_TRACE(0.00)[0:+];
RCVD_COUNT_TWO(0.00)[2]; FROM_EQ_ENVFROM(0.00)[];
ARC_NA(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
TO_DN_SOME(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[];
RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[];
RCPT_COUNT_THREE(0.00)[4]; MID_RHS_MATCH_FROM(0.00)[]
X-Spam-Level: ****
X-Rspamd-Action: no action
X-Spamd-Bar: ++++
X-Rspamd-Server: hera
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: 77288
Cc: Julien Lepiller <julien@HIDDEN>, 77288 <at> debbugs.gnu.org,
Reepca Russelstein <reepca@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -0.0 (/)
Hi Florian,
"pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN> skribis:
> Rootless daemon is an important change, though I have not tested yet...
>
> Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
>> +Eventually running @command{guix-daemon} without root privileges may be=
come
>> +the default.")))
>> +
>
> I dislike the word =E2=80=9Cmay=E2=80=9D in this last sentence. How abou=
t =E2=80=9Clikely
> will=E2=80=9D or some such thing, even if we have not reviewed bugfreenes=
s of
> Linux here?
Sure; I view =E2=80=9Cmay=E2=80=9D and =E2=80=9Clikely will=E2=80=9D as syn=
onymous, but maybe there are
subtleties that escape me.
> Can you tell foreign distro users about their rootless options in the
> news, too?
This news item is specifically about Guix System (announced upfront),
but I guess we can add a sentence toward the end. (Thing is, the
situation will be simpler on foreign distros: we won=E2=80=99t support swit=
ching
between privileged and unprivileged, so either you get one or the
other.)
Thanks for the comments and for the translation!
Ludo=E2=80=99.
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 27 Mar 2025 13:27:22 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Thu Mar 27 09:27:22 2025
Received: from localhost ([127.0.0.1]:48221 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1txnGS-0006w9-NF
for submit <at> debbugs.gnu.org; Thu, 27 Mar 2025 09:27:22 -0400
Received: from relay.yourmailgateway.de ([188.68.63.166]:37609)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <pelzflorian@HIDDEN>)
id 1txnGM-0006v5-W4
for 77288 <at> debbugs.gnu.org; Thu, 27 Mar 2025 09:27:17 -0400
Received: from mors-relay-8202.netcup.net (localhost [127.0.0.1])
by mors-relay-8202.netcup.net (Postfix) with ESMTPS id 4ZNkwK0Ht7z409B;
Thu, 27 Mar 2025 14:27:13 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=pelzflorian.de;
s=key2; t=1743082033;
bh=kvyFg0JnMiBXNHLl/5rcEvUBf3I7WUgY9r3lwDnzALo=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
b=P57oFhcSo1Oej4DCuX6CeNVijRrf2M+CDRqRzTvBWQ/mM2zCLu0kKlNszReX8hCpB
kmgKcEWEhq3GTcZrqxqsECgaQk7bHSRuZLt9a8mKi4y7wGyBHjeIAAIqe/55GXEq/E
SlGEOhtvPyv4oqO4hKvKGM/EsNZXJOr/aMZ6a7bcQBBo+8kUS9AOvyRHVW1/sreWo4
WoHJ+tsNc2OuY85+nvHlRV3Jb1vu4OEhaQKC/20M5e0dmENvSIfR3fN+6qRO/9eSDq
LwHHKWdyqoj5j0eWIdEIo7t6tjFwOOzC5BiaEDXaqN6F8mYcy3HtC3CyMtTVp70MZk
IRtT53C+t8o+w==
Received: from policy01-mors.netcup.net (unknown [46.38.225.35])
by mors-relay-8202.netcup.net (Postfix) with ESMTPS id 4ZNkwJ6ghcz3xvR;
Thu, 27 Mar 2025 14:27:12 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at policy01-mors.netcup.net
X-Spam-Flag: NO
X-Spam-Score: -2.897
X-Spam-Level:
X-Spam-Status: No, score=-2.897 required=6.31 tests=[ALL_TRUSTED=-1,
BAYES_00=-1.9, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001,
URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mxe217.netcup.net (unknown [10.243.12.53])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by policy01-mors.netcup.net (Postfix) with ESMTPS id 4ZNkwF3DPbz8t3x;
Thu, 27 Mar 2025 14:27:08 +0100 (CET)
Received: from florianhp (ipb21a5dbf.dynamic.kabel-deutschland.de
[178.26.93.191])
by mxe217.netcup.net (Postfix) with ESMTPSA id 0BDED8473A;
Thu, 27 Mar 2025 14:26:59 +0100 (CET)
From: "pelzflorian (Florian Pelz)" <pelzflorian@HIDDEN>
To: Ludovic =?utf-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Subject: Re: [bug#77288] [PATCH 6/6] DRAFT news: Add entry about
unprivileged guix-daemon on Guix System.
In-Reply-To: <2f0e31d6674693e0b785724283cd494dd11fa0f9.1743007256.git.ludo@HIDDEN>
("Ludovic =?utf-8?Q?Court=C3=A8s=22's?= message of "Wed, 26 Mar 2025
17:51:07 +0100")
References: <cover.1743007256.git.ludo@HIDDEN>
<2f0e31d6674693e0b785724283cd494dd11fa0f9.1743007256.git.ludo@HIDDEN>
Date: Thu, 27 Mar 2025 14:27:33 +0100
Message-ID: <874ize4n96.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="=-=-="
X-Rspamd-Server: rspamd-worker-8404
X-Rspamd-Queue-Id: 0BDED8473A
X-NC-CID: LASEONaFkZm4yqO5FnPoen2clAGECR5xzsJktK42062EcYbR8V2hq/+E
X-Spam-Score: 0.0 (/)
X-Debbugs-Envelope-To: 77288
Cc: Julien Lepiller <julien@HIDDEN>, 77288 <at> debbugs.gnu.org,
Reepca Russelstein <reepca@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Rootless daemon is an important change, though I have not tested yet...
Ludovic Court=C3=A8s <ludo@HIDDEN> writes:
> +Eventually running @command{guix-daemon} without root privileges may bec=
ome
> +the default.")))
> +
I dislike the word =E2=80=9Cmay=E2=80=9D in this last sentence. How about =
=E2=80=9Clikely
will=E2=80=9D or some such thing, even if we have not reviewed bugfreeness =
of
Linux here?
Can you tell foreign distro users about their rootless options in the
news, too?
Could you add this German translation?
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline; filename=german-rootless-news.scm
Content-Transfer-Encoding: quoted-printable
(entry (commit "XXX")
(title
(en "Guix System can run @command{guix-daemon} without root
privileges")
(de "Guix System kann @command{guix-daemon} ohne root-Berechtigung=
en
ausf=C3=BChren"))
(body
(en "On Guix System, @code{guix-service-type} can now be configured
to run the build daemon, @command{guix-daemon}, without root privileges. In
that configuration, the daemon runs with the authority of the
@code{guix-daemon} user, which we think can reduce the impact of some class=
es
of vulnerabilities that could affect it.
For now, this is opt-in: you have to change @code{guix-configuration} to set
the @code{privileged?} field to @code{#f}. When you do this, all the files=
in
@file{/gnu/store}, @file{/var/guix}, etc. will have their ownership changed=
to
the @code{guix-daemon} user (instead of @code{root}); this can take a while,
especially if the store is big. To learn more about it, run:
@example
info guix --index-search=3Dguix-service-type
@end example
Eventually running @command{guix-daemon} without root privileges may become
the default.")
(de "Auf Guix System kann @code{guix-service-type} jetzt so
konfiguriert werden, dass der Erstellungs-Daemon @command{guix-daemon} ohne
root-Berechtigungen ausgef=C3=BChrt wird. In dieser Konfiguration l=C3=A4u=
ft der Daemon
mit den Berechtigungen des Benutzers @code{guix-daemon}, wovon wir glauben,
dass es die Auswirkungen mancher Schwachstellen-Kategorien verringert, die =
ihn
betreffen k=C3=B6nnten.
F=C3=BCrs Erste bleibt es Ihnen =C3=BCberlassen: Sie m=C3=BCssen @code{guix=
-configuration}
anpassen und dort das Feld @code{privileged?} auf @code{#f} setzen. Wenn Sie
das tun, wird der Besitzer aller Dateien in @file{/gnu/store},
@file{/var/guix}, usw.@: auf den Benutzer @code{guix-daemon} ge=C3=A4ndert =
(anstelle
von @code{root}); das kann eine Weile dauern, besonders wenn der Store gro=
=C3=9F
ist. Um mehr zu erfahren, f=C3=BChren Sie aus:
@example
info guix --index-search=3Dguix-service-type
@end example
Schlie=C3=9Flich wird das Ausf=C3=BChren von @command{guix-daemon} ohne
root-Berechtigungen vielleicht die Vorgabe werden.")))
--=-=-=
Content-Type: text/plain
Regards,
Florian
--=-=-=--
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 26 Mar 2025 16:51:57 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 12:51:57 2025
Received: from localhost ([127.0.0.1]:44151 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1txTyu-0000aI-A5
for submit <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:51:57 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58070)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1txTyY-0000YZ-G4
for 77288 <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:51:35 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1txTyS-0007Lh-7a; Wed, 26 Mar 2025 12:51:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=qYYVNgb+ThfS8s8i9+Nb3/LexlVoe5V9LNmeKUHcJo0=; b=EqT6zJTQ3MgOm8Hm9rZC
2obHZofEXKfaXprA4H22M22MBkq7efMsIEMYfPguPPyElMHAXQJ4rJEmVv9Ie70HSpoBcktNKNyQn
HYiEr0r/UzmYgQxMuN/0xv/NXlYucQ3DMzb3mdyvxYhyeq8eKoPfzx6Z1HOF0AwqwTTfVahqz7TGi
id7t90uLuYukqoJ/Ukl9oaj4RzQGYUF1fs5FqjjLcXwk4ZynEUfgY3AjkA1pHPXE3KoBhrSDxGHl2
C4p6Qo+DnB9arxfWP5tfL9sIZo6OX+FlGQAkKcr41565ZwdJL9I6jFbYAJZBgry834ujRNzBSXrq3
jEqGn8imdeTJSg==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH 5/6] =?UTF-8?q?services:=20guix:=20Allow=20=E2=80=98guix-d?=
=?UTF-8?q?aemon=E2=80=99=20to=20run=20without=20root=20privileges.?=
Date: Wed, 26 Mar 2025 17:51:06 +0100
Message-ID: <e9ae6efd47c7098671c96a694a1b221c5511c6a4.1743007256.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1743007256.git.ludo@HIDDEN>
References: <cover.1743007256.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-Debbugs-Cc: Ludovic Courtès <ludo@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* gnu/services/base.scm (run-with-writable-store)
(guix-ownership-change-program): New procedures.
(<guix-configuration>)[privileged?]: New field.
(guix-shepherd-service): Rename to…
(guix-shepherd-services): … this. Add the ‘guix-ownership’ service.
Change ‘guix-daemon’ service to depend on it; when unprivileged,
prefix ‘daemon-command’ by ‘run-with-writable-store’ and
omit ‘--build-users-group’; adjust socket activation endpoints.
(guix-accounts): When unprivileged, create the “guix-daemon” user and
group.
(guix-service-type)[extensions]: Adjust to name change.
* gnu/tests/base.scm (run-guix-daemon-test): Add ‘name’ parameter.
(%test-guix-daemon): Adjust accordingly.
(%test-guix-daemon-unprivileged): New test.
* doc/guix.texi (Base Services): Document ‘privileged?’.
Change-Id: I28a9a22e617416c551dccb24e43a253b544ba163
---
doc/guix.texi | 30 +++++++
gnu/services/base.scm | 187 ++++++++++++++++++++++++++++++++++++++----
gnu/tests/base.scm | 47 +++++++++--
3 files changed, 244 insertions(+), 20 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 5af41830ca..f58688f57a 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -20046,6 +20046,36 @@ Base Services
The Guix package to use. @xref{Customizing the System-Wide Guix} to
learn how to provide a package with a pre-configured set of channels.
+@cindex unprivileged @command{guix-daemon}
+@cindex rootless @command{guix-daemon}
+@item @code{privileged?} (default: @code{#t})
+Whether to run @command{guix-daemon} as root.
+
+When true, @command{guix-daemon} runs with root privileges and build
+processes run under unprivileged user accounts as specified by
+@code{build-group} and @code{build-accounts} (see below); when false,
+@command{guix-daemon} run as the @code{guix-daemon} user, which is
+unprivileged, and so do build processes. The unprivileged or
+``rootless'' mode can reduce the impact of some classes of
+vulnerabilities that could affect the daemon.
+
+The default is currently @code{#t} (@command{guix-daemon} runs with root
+privileges) but may eventually be changed to @code{#f}.
+
+@quotation Warning
+When changing this option, @file{/gnu/store}, @file{/var/guix}, and
+@file{/etc/guix} have their ownership automatically changed by the
+@code{guix-ownership} service to either the @code{guix-daemon} user or
+the @code{root} user.
+
+This can take a while, especially if @file{/gnu/store} is big; it cannot
+be interrupted and @command{guix-daemon} cannot be used until it has
+completed.
+@end quotation
+
+@xref{Build Environment Setup}, for more information on the two ways to
+run @command{guix-daemon}.
+
@item @code{build-group} (default: @code{"guixbuild"})
Name of the group for build user accounts.
diff --git a/gnu/services/base.scm b/gnu/services/base.scm
index 9a9dfdb304..8f66f54e74 100644
--- a/gnu/services/base.scm
+++ b/gnu/services/base.scm
@@ -1917,6 +1917,100 @@ (define (guix-machines-files-installation machines)
#$machines))
machines-file))))
+(define (run-with-writable-store)
+ "Return a wrapper that runs the given command under the specified UID and
+GID in a context where the store is writable, even if it was bind-mounted
+read-only via %IMMUTABLE-STORE (this wrapper must run as root)."
+ (program-file "run-with-writable-store"
+ (with-imported-modules (source-module-closure
+ '((guix build syscalls)))
+ #~(begin
+ (use-modules (guix build syscalls)
+ (ice-9 match))
+
+ (define (ensure-writable-store store)
+ ;; Create a new mount namespace and remount STORE with
+ ;; write permissions if it's read-only.
+ (unshare CLONE_NEWNS)
+ (let ((fs (statfs store)))
+ (unless (zero? (logand (file-system-mount-flags fs)
+ ST_RDONLY))
+ (mount store store "none"
+ (logior MS_BIND MS_REMOUNT)))))
+
+ (match (command-line)
+ ((_ user group command args ...)
+ (ensure-writable-store #$(%store-prefix))
+ (let ((uid (or (string->number user)
+ (passwd:uid (getpwnam user))))
+ (gid (or (string->number group)
+ (group:gid (getgrnam group)))))
+ (setgroups #())
+ (setgid gid)
+ (setuid uid)
+ (apply execl command command args))))))))
+
+(define (guix-ownership-change-program)
+ "Return a program that changes ownership of the store and other data files
+of Guix to the given UID and GID."
+ (program-file "validate-guix-ownership"
+ (with-imported-modules (source-module-closure
+ '((guix build utils)))
+ #~(begin
+ (use-modules (guix build utils)
+ (ice-9 ftw)
+ (ice-9 match))
+
+ (define (lchown file uid gid)
+ (let ((parent (open (dirname file) O_DIRECTORY)))
+ (chown-at parent (basename file) uid gid
+ AT_SYMLINK_NOFOLLOW)
+ (close-port parent)))
+
+ (define (change-ownership directory uid gid)
+ ;; chown -R UID:GID DIRECTORY
+ (file-system-fold (const #t) ;enter?
+ (lambda (file stat result) ;leaf
+ (if (eq? 'symlink (stat:type stat))
+ (lchown file uid gid)
+ (chown file uid gid)))
+ (const #t) ;down
+ (lambda (directory stat result) ;up
+ (chown directory uid gid))
+ (const #t) ;skip
+ (lambda (file stat errno result)
+ (format (current-error-port) "i/o error: ~a: ~a~%"
+ file (strerror errno))
+ #f)
+ #t ;seed
+ directory
+ lstat))
+
+ (define (claim-data-ownership uid gid)
+ (format #t "Changing file ownership for /gnu/store \
+and data directories to ~a:~a...~%"
+ uid gid)
+ (change-ownership #$(%store-prefix) uid gid)
+ (let ((excluded '("." ".." "profiles" "userpool")))
+ (for-each (lambda (directory)
+ (change-ownership (in-vicinity "/var/guix" directory)
+ uid gid))
+ (scandir "/var/guix"
+ (lambda (file)
+ (not (member file
+ excluded))))))
+ (chown "/var/guix" uid gid)
+ (change-ownership "/etc/guix" uid gid)
+ (mkdir-p "/var/log/guix")
+ (change-ownership "/var/log/guix" uid gid))
+
+ (match (command-line)
+ ((_ (= string->number (? integer? uid))
+ (= string->number (? integer? gid)))
+ (setlocale LC_ALL "C.UTF-8") ;for file name decoding
+ (setvbuf (current-output-port) 'line)
+ (claim-data-ownership uid gid)))))))
+
(define-record-type* <guix-configuration>
guix-configuration make-guix-configuration
guix-configuration?
@@ -1958,6 +2052,8 @@ (define-record-type* <guix-configuration>
(default #f))
(tmpdir guix-tmpdir ;string | #f
(default #f))
+ (privileged? guix-configuration-privileged?
+ (default #t))
(build-machines guix-configuration-build-machines ;list of gexps | '()
(default '()))
(environment guix-configuration-environment ;list of strings
@@ -2020,7 +2116,7 @@ (define shepherd-discover-action
(environ environment)
#t)))))
-(define (guix-shepherd-service config)
+(define (guix-shepherd-services config)
"Return a <shepherd-service> for the Guix daemon service with CONFIG."
(define locales
(let-system (system target)
@@ -2029,16 +2125,57 @@ (define (guix-shepherd-service config)
glibc-utf8-locales)))
(match-record config <guix-configuration>
- (guix build-group build-accounts chroot? authorize-key? authorized-keys
+ (guix privileged?
+ build-group build-accounts chroot? authorize-key? authorized-keys
use-substitutes? substitute-urls max-silent-time timeout
log-compression discover? extra-options log-file
http-proxy tmpdir chroot-directories environment
socket-directory-permissions socket-directory-group
socket-directory-user)
(list (shepherd-service
+ (provision '(guix-ownership))
+ (requirement '(user-processes user-homes))
+ (one-shot? #t)
+ (start #~(lambda ()
+ (let* ((store #$(%store-prefix))
+ (stat (lstat store))
+ (privileged? #$(guix-configuration-privileged?
+ config))
+ (change-ownership #$(guix-ownership-change-program))
+ (with-writable-store #$(run-with-writable-store)))
+ ;; Check whether we're switching from privileged to
+ ;; unprivileged guix-daemon, or vice versa, and adjust
+ ;; file ownership accordingly. Spawn a child process
+ ;; if and only if something needs to be changed.
+ ;;
+ ;; Note: This service remains in 'starting' state for
+ ;; as long as CHANGE-OWNERSHIP is running. That way,
+ ;; 'guix-daemon' starts only once we're done.
+ (cond ((and (not privileged?)
+ (or (zero? (stat:uid stat))
+ (zero? (stat:gid stat))))
+ (let ((user (getpwnam "guix-daemon")))
+ (format #t "Changing to unprivileged guix-daemon.~%")
+ (zero?
+ (system* with-writable-store "0" "0"
+ change-ownership
+ (number->string (passwd:uid user))
+ (number->string (passwd:gid user))))))
+ ((and privileged?
+ (and (not (zero? (stat:uid stat)))
+ (not (zero? (stat:gid stat)))))
+ (format #t "Changing to privileged guix-daemon.~%")
+ (zero? (system* with-writable-store "0" "0"
+ change-ownership "0" "0")))
+ (else #t)))))
+ (documentation "Ensure that the store and other data files used by
+guix-daemon have the right ownership."))
+
+ (shepherd-service
(documentation "Run the Guix daemon.")
(provision '(guix-daemon))
(requirement `(user-processes
+ guix-ownership
,@(if discover? '(avahi-daemon) '())))
(actions (list shepherd-set-http-proxy-action
shepherd-discover-action))
@@ -2062,8 +2199,15 @@ (define (guix-shepherd-service config)
(or (getenv "discover") #$discover?))
(define daemon-command
- (cons* #$(file-append guix "/bin/guix-daemon")
- "--build-users-group" #$build-group
+ (cons* #$@(if privileged?
+ #~()
+ #~(#$(run-with-writable-store)
+ "guix-daemon" "guix-daemon"))
+
+ #$(file-append guix "/bin/guix-daemon")
+ #$@(if privileged?
+ #~("--build-users-group" #$build-group)
+ #~())
"--max-silent-time"
#$(number->string max-silent-time)
"--timeout" #$(number->string timeout)
@@ -2144,9 +2288,11 @@ (define (guix-shepherd-service config)
"/var/guix/daemon-socket/socket")
#:name "socket"
#:socket-owner
- (or #$socket-directory-user 0)
+ (or #$socket-directory-user
+ #$(if privileged? 0 "guix-daemon"))
#:socket-group
- (or #$socket-directory-group 0)
+ (or #$socket-directory-group
+ #$(if privileged? 0 "guix-daemon"))
#:socket-directory-permissions
#$socket-directory-permissions)))
((make-systemd-constructor daemon-command
@@ -2161,15 +2307,26 @@ (define (guix-shepherd-service config)
(define (guix-accounts config)
"Return the user accounts and user groups for CONFIG."
- (cons (user-group
- (name (guix-configuration-build-group config))
- (system? #t)
+ (if (guix-configuration-privileged? config)
+ (cons (user-group
+ (name (guix-configuration-build-group config))
+ (system? #t)
- ;; Use a fixed GID so that we can create the store with the right
- ;; owner.
- (id 30000))
- (guix-build-accounts (guix-configuration-build-accounts config)
- #:group (guix-configuration-build-group config))))
+ ;; Use a fixed GID so that we can create the store with the right
+ ;; owner.
+ (id 30000))
+ (guix-build-accounts (guix-configuration-build-accounts config)
+ #:group (guix-configuration-build-group
+ config)))
+ (list (user-group (name "guix-daemon") (system? #t))
+ (user-account
+ (name "guix-daemon")
+ (group "guix-daemon")
+ (system? #t)
+ (supplementary-groups '("kvm"))
+ (comment "Guix Daemon User")
+ (home-directory "/var/empty")
+ (shell (file-append shadow "/sbin/nologin"))))))
(define (guix-activation config)
"Return the activation gexp for CONFIG."
@@ -2227,7 +2384,7 @@ (define guix-service-type
(service-type
(name 'guix)
(extensions
- (list (service-extension shepherd-root-service-type guix-shepherd-service)
+ (list (service-extension shepherd-root-service-type guix-shepherd-services)
(service-extension account-service-type guix-accounts)
(service-extension activation-service-type guix-activation)
(service-extension profile-service-type
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 83e047f7e6..12d4e70ee5 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2016-2020, 2022, 2024 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2016-2020, 2022, 2024-2025 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2018 Clément Lassieur <clement@HIDDEN>
;;; Copyright © 2022 Maxim Cournoyer <maxim.cournoyer@HIDDEN>
;;; Copyright © 2022 Marius Bakke <marius@HIDDEN>
@@ -63,7 +63,8 @@ (define-module (gnu tests base)
%hello-dependencies-manifest
guix-daemon-test-cases
- %test-guix-daemon))
+ %test-guix-daemon
+ %test-guix-daemon-unprivileged))
(define %simple-os
(simple-operating-system))
@@ -1121,7 +1122,7 @@ (define (guix-daemon-test-cases marionette)
(system-error-errno args)))
#$marionette))))
-(define (run-guix-daemon-test os)
+(define (run-guix-daemon-test os name)
(define test-image
(image (operating-system os)
(format 'compressed-qcow2)
@@ -1161,6 +1162,12 @@ (define (run-guix-daemon-test os)
;; Wait for 'guix-daemon' to be up.
(marionette-eval '(begin
(use-modules (gnu services herd))
+ (start-service 'guix-daemon)
+
+ ;; XXX: Do it a second time to work around
+ ;; <https://issues.guix.gnu.org/77274> and its
+ ;; effect on the 'guix-ownership' service.
+ ;; TODO: Remove when Shepherd 1.0.4 is out.
(start-service 'guix-daemon))
marionette))
@@ -1168,7 +1175,7 @@ (define (run-guix-daemon-test os)
(test-end))))
- (gexp->derivation "guix-daemon-test" test))
+ (gexp->derivation name test))
(define %test-guix-daemon
(system-test
@@ -1190,4 +1197,34 @@ (define %test-guix-daemon
%base-user-accounts)))
#:imported-modules '((gnu services herd)
(guix combinators)))))
- (run-guix-daemon-test os)))))
+ (run-guix-daemon-test os "guix-daemon-test")))))
+
+(define %test-guix-daemon-unprivileged
+ (system-test
+ (name "guix-daemon-unprivileged")
+ (description
+ "Test 'guix-daemon' behavior on a multi-user system, where 'guix-daemon'
+runs unprivileged.")
+ (value
+ (let ((os (marionette-operating-system
+ (let ((base (operating-system-with-gc-roots
+ %daemon-os
+ (list (profile
+ (name "hello-build-dependencies")
+ (content %hello-dependencies-manifest))))))
+ (operating-system
+ (inherit base)
+ (kernel-arguments '("console=ttyS0"))
+ (users (cons (user-account
+ (name "user")
+ (group "users"))
+ %base-user-accounts))
+ (services
+ (modify-services (operating-system-user-services base)
+ (guix-service-type
+ config => (guix-configuration
+ (inherit config)
+ (privileged? #f)))))))
+ #:imported-modules '((gnu services herd)
+ (guix combinators)))))
+ (run-guix-daemon-test os "guix-daemon-unprivileged-test")))))
--
2.49.0
ludo@HIDDEN, maxim.cournoyer@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 26 Mar 2025 16:51:50 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 12:51:50 2025
Received: from localhost ([127.0.0.1]:44149 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1txTyk-0000Zn-37
for submit <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:51:50 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58074)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1txTyY-0000Ya-Hj
for 77288 <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:51:34 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1txTyT-0007Lp-19; Wed, 26 Mar 2025 12:51:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=LrIFOEsQySI3Oe8HQ/hFoGK6VvBjDCeJDCpRfvTGvV8=; b=S/qyUSFkB+P3knZWfXHd
TTnDWt89dEQClTw0+qrRT2DarbzhPoUvepSKam8lDoKvtIEKmVU+iy/+1KeJkyGO3jHshloHI0XDZ
OwtI2gB1WRUC3nd1a7O4AtvAAiX8CGp1CkL5TGAxn1YS0Ji+dpAWocCNJQ7f92mA0siJR5HBTiSzP
/VmaWhTK64L+oSDOxHzfLK0XZfBQccFZBtaJImyvgmvkI5xZYZcQZHUPMHla+bzzrVs7bajXCE9Jg
d0/GX9Y4fSTHBnPolQ5bubc4a5P8BV6xXCzxh40N+UNPUqGYEUqqBn5irW+NotyMu2mOpG0w01nHh
EvVY7iirj+kgDQ==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH 6/6] DRAFT news: Add entry about unprivileged guix-daemon on
Guix System.
Date: Wed, 26 Mar 2025 17:51:07 +0100
Message-ID: <2f0e31d6674693e0b785724283cd494dd11fa0f9.1743007256.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1743007256.git.ludo@HIDDEN>
References: <cover.1743007256.git.ludo@HIDDEN>
MIME-Version: 1.0
X-Debbugs-Cc: Florian Pelz <pelzflorian@HIDDEN>,
Julien Lepiller <julien@HIDDEN>
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
DRAFT: Temporary commit.
* etc/news.scm: Add it.
Change-Id: I28eae7f7b4305225b13281b99458cbedda3c3b94
---
etc/news.scm | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/etc/news.scm b/etc/news.scm
index 4b3da44540..840f5cea53 100644
--- a/etc/news.scm
+++ b/etc/news.scm
@@ -37,6 +37,30 @@
(channel-news
(version 0)
+ (entry (commit "XXX")
+ (title
+ (en "Guix System can run @command{guix-daemon} without root
+privileges"))
+ (body
+ (en "On Guix System, @code{guix-service-type} can now be configured
+to run the build daemon, @command{guix-daemon}, without root privileges. In
+that configuration, the daemon runs with the authority of the
+@code{guix-daemon} user, which we think can reduce the impact of some classes
+of vulnerabilities that could affect it.
+
+For now, this is opt-in: you have to change @code{guix-configuration} to set
+the @code{privileged?} field to @code{#f}. When you do this, all the files in
+@file{/gnu/store}, @file{/var/guix}, etc. will have their ownership changed to
+the @code{guix-daemon} user (instead of @code{root}); this can take a while,
+especially if the store is big. To learn more about it, run:
+
+@example
+info guix --index-search=guix-service-type
+@end example
+
+Eventually running @command{guix-daemon} without root privileges may become
+the default.")))
+
(entry (commit "0e51c6547ffdaf91777f7383da4a52a1a07b7286")
(title
(en "Incompatible upgrade of the Syncthing service"))
--
2.49.0
pelzflorian@HIDDEN, julien@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 26 Mar 2025 16:51:46 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 12:51:46 2025
Received: from localhost ([127.0.0.1]:44147 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1txTyj-0000Zg-Nh
for submit <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:51:46 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58056)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1txTyW-0000YX-IF
for 77288 <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:51:32 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1txTyQ-0007LV-UK; Wed, 26 Mar 2025 12:51:27 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=gKI5dMXI0sDlCCCNGZpFka8Qpc+H6GgunfDTs5URY5s=; b=XGGZ3pdrQdJhVLNKdgnE
40JHK2xPElvs4JKrwocE9Xz0nc1otqFaxl7nhlvt+bHy/p0HzFwrWmFKc7rkMXZVHKAdPE9H2DFf2
73lZ38UEErgG20BWQK5T8n4oR4CRdOG4M4exKJGKPo52PTPqw1jE8APvhRe7qsa3AQiDLegkOGwO1
rz20eTiEgZerCSG9Q5HIXDL+IlGZ3itbXcW41ohpvqGu5CYfqMeW9eK4Jsa6u0o87ut4BnlRkbuEP
T0iOChkbX088nz+08SnPBWsNvwYqKKEZJylUq6jK80PIGldIbKXhJsjnM6hAedApptH/PGFy0/9BA
0yMNiHxjxaF/Rg==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH 4/6] =?UTF-8?q?tests:=20guix-daemon:=20Wait=20for=20the=20?=
=?UTF-8?q?=E2=80=98guix-daemon=E2=80=99=20service=20to=20be=20up.?=
Date: Wed, 26 Mar 2025 17:51:05 +0100
Message-ID: <cb0bbe4cda9a8289bd7f2449f80ecfdd444db522.1743007256.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1743007256.git.ludo@HIDDEN>
References: <cover.1743007256.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* gnu/tests/base.scm (run-guix-daemon-test): Add “guix-daemon service is
up” test.
Change-Id: I4d44a1248599fec45c854c285d4da201c30eb00c
---
gnu/tests/base.scm | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index 0f7fb543a7..83e047f7e6 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -1157,6 +1157,13 @@ (define (run-guix-daemon-test os)
(test-runner-current (system-test-runner #$output))
(test-begin "guix-daemon")
+ (test-assert "guix-service is running"
+ ;; Wait for 'guix-daemon' to be up.
+ (marionette-eval '(begin
+ (use-modules (gnu services herd))
+ (start-service 'guix-daemon))
+ marionette))
+
#$(guix-daemon-test-cases #~marionette)
(test-end))))
--
2.49.0
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 26 Mar 2025 16:51:45 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 12:51:45 2025
Received: from localhost ([127.0.0.1]:44145 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1txTyj-0000Ze-9S
for submit <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:51:45 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58050)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1txTyV-0000YV-6S
for 77288 <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:51:31 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1txTyP-0007LO-TM; Wed, 26 Mar 2025 12:51:25 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=xCCzckKP82CnyuCIo9fuJVhLYLiOCYeDm9GnRHKF0VY=; b=lPYRnG6m976S/6LfbrzV
0bZq+p2QUD8qjo4qjbiUkFtvR9RFcw2V7Q/rQJuYlnEsYlwwWaNoKsh0neIiKgMWC3cJ7TCn51Pd0
Mvnp7Eft5zBpLAlMwzh37CJ2kc3rqtwiMruC2h8+vr+4XFE2GMTonyiiLwkWFHRCGHIjNOGu3hjzU
CJRMIcUECsmh3WJ/Z4k7/if/JKNJ9T3qNoJwpCctyS/noYEtm/GkHTlRh5k6Aovckqd/+1v8HACVt
seXqwrE4cwBkkgOLxFKKUxbKUVgasOwnJg+WId1f7Wt1FkekOkxDow2vpsskBp7xq0T/+jYhrMIRr
9LM60OBCTI3mGw==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH 3/6] tests: guix-daemon: Send system log output to
/dev/console.
Date: Wed, 26 Mar 2025 17:51:04 +0100
Message-ID: <1d864f493260f758050b5a39668b3aed8c79466b.1743007256.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1743007256.git.ludo@HIDDEN>
References: <cover.1743007256.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* gnu/tests/base.scm (%daemon-os): New variable.
(%test-guix-daemon): Use it.
Change-Id: Iea31808cc59e94971ea4cbc12d565c94348bf7a4
---
gnu/tests/base.scm | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/gnu/tests/base.scm b/gnu/tests/base.scm
index a7f8a5bf7c..0f7fb543a7 100644
--- a/gnu/tests/base.scm
+++ b/gnu/tests/base.scm
@@ -994,6 +994,10 @@ (define %test-activation
;;; Build daemon.
;;;
+(define %daemon-os
+ (operating-system-with-console-syslog
+ (simple-operating-system)))
+
(define (manifest-entry-without-grafts entry)
"Return ENTRY with grafts disabled on its contents."
(manifest-entry
@@ -1168,7 +1172,7 @@ (define %test-guix-daemon
(let ((os (marionette-operating-system
(operating-system
(inherit (operating-system-with-gc-roots
- %simple-os
+ %daemon-os
(list (profile
(name "hello-build-dependencies")
(content %hello-dependencies-manifest)))))
--
2.49.0
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 26 Mar 2025 16:51:34 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 12:51:34 2025
Received: from localhost ([127.0.0.1]:44139 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1txTyX-0000Z1-ML
for submit <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:51:34 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58030)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1txTyU-0000YQ-AV
for 77288 <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:51:30 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1txTyN-0007L8-VC; Wed, 26 Mar 2025 12:51:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=pX3LSffILOqR/UkDvibjIkTZohWxhjxg21izy7L/1yo=; b=QqOzJW/sKkFZ/rkpCSHj
UJFKphlQs6I+v/y9h8P9/OH1AbzmqTKVX5dQcVGpgbawlPcuwCwQY7ng5ELtQK4WX+nmlrheC7vKr
v8N/umwn5qzCz1SEPLRgsfAVejz/JLkBAHZ7iUOoeRm5Me2JX0AnBTq2IdMlVhSL/DoSiDauKAJwf
YhSVX/0VitsPoYuKF7WwT5zC1hnYQuT3594UAklOw9jnTeF3dYDEeDXMf3z471hR/VS4oDv/sdtDj
HTjlmmQzOW/njV+iV4/NrC/k7PqwpjB/eZq00/rFnJrZIDpfESuD4VwdFrRpkq+1C17To9kj9GJat
SqQn08zR97II7A==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH 1/6] =?UTF-8?q?syscalls:=20Add=20=E2=80=98unshare=E2=80=99?=
=?UTF-8?q?.?=
Date: Wed, 26 Mar 2025 17:51:02 +0100
Message-ID: <cebcab1f748134ca795992b946fff23cbe66cecc.1743007256.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1743007256.git.ludo@HIDDEN>
References: <cover.1743007256.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* guix/build/syscalls.scm (unshare): New procedure.
Change-Id: I344273b8bdeaa9366334e6e20ee7efc37eb6c8f7
---
guix/build/syscalls.scm | 18 ++++++++++++++++++
tests/syscalls.scm | 9 +++++++++
2 files changed, 27 insertions(+)
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 42232fc7f1..cf09cae3a4 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -145,6 +145,7 @@ (define-module (guix build syscalls)
CLONE_NEWPID
CLONE_NEWNET
clone
+ unshare
setns
kexec-load-file
@@ -1213,6 +1214,23 @@ (define clone
(list err))
ret)))))
+(define unshare
+ (let ((proc (syscall->procedure int "unshare" (list int))))
+ (lambda (flags)
+ "Disassociate the current process from parts of its execution context
+according to FLAGS, which must be a logical or of CLONE_NEW* constants.
+
+Note that CLONE_NEWUSER requires that the calling process be single-threaded,
+which is possible if and only if libgc is running a single marker thread; this
+can be achieved by setting the GC_MARKERS environment variable to 1. If the
+calling process is multi-threaded, this throws to 'system-error' with EINVAL."
+ (let-values (((ret err)
+ (without-automatic-finalization (proc flags))))
+ (unless (zero? ret)
+ (throw 'system-error "unshare" "~a: ~A"
+ (list flags (strerror err))
+ (list err)))))))
+
(define setns
;; Some systems may be using an old (pre-2.14) version of glibc where there
;; is no 'setns' function available.
diff --git a/tests/syscalls.scm b/tests/syscalls.scm
index d2848879d7..879c3e4f25 100644
--- a/tests/syscalls.scm
+++ b/tests/syscalls.scm
@@ -149,6 +149,15 @@ (define perform-container-tests?
((_ . status)
(= 42 (status:exit-val status))))))))
+(test-equal "unshare"
+ EPERM
+ ;; Unless running as root, (unshare CLONE_NEWNS) returns EPERM.
+ (catch 'system-error
+ (lambda ()
+ (unshare CLONE_NEWNS))
+ (lambda args
+ (system-error-errno args))))
+
(unless perform-container-tests?
(test-skip 1))
(test-assert "setns"
--
2.49.0
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
Received: (at 77288) by debbugs.gnu.org; 26 Mar 2025 16:51:33 +0000
From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 12:51:33 2025
Received: from localhost ([127.0.0.1]:44137 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1txTyX-0000Yz-8X
for submit <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:51:33 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:58046)
by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1txTyU-0000YT-8K
for 77288 <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:51:30 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1txTyO-0007LF-VN; Wed, 26 Mar 2025 12:51:24 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To:
From; bh=CJ/L9kunERGnh6KdCeg3IMWjSzFeEbgPhD2pk3HBqVQ=; b=Lu/jLpEy+jtFYcMxYx29
OEOKG83VFVDT1EGILU4Omei7V2Ty7+Myr33G+EjlMFw3iyTOYwn3QX3vRdOvJgeWRK4xgv20+obFF
Toa+0QLvy4DvuEZ+ah/oc++ZRfa15KJqaVfwEtoCqwOai7gmzAFc6dqA5vChtwIcH7hzZS2O/wta+
+3dLqlpY4+bAxtDG6icO1ynbBmnd54X/qqFN2FAhwlLm5r+SPiiNMmwzv5bNdyLIdfO530HhDpA+u
yoEH/d055bfDt3aBTl9thnHp7SKpPmjwPdWN6EjFMdZTzlvmY19UnVLYrblivnRkzN+SGjFG2jszQ
wKlR6bzjihXDgA==;
From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
To: 77288 <at> debbugs.gnu.org
Subject: [PATCH 2/6] services: account: Create
/var/guix/profiles/per-user/$USER.
Date: Wed, 26 Mar 2025 17:51:03 +0100
Message-ID: <d34e83217dd0a8f076dde438247f940894fb05cf.1743007256.git.ludo@HIDDEN>
X-Mailer: git-send-email 2.49.0
In-Reply-To: <cover.1743007256.git.ludo@HIDDEN>
References: <cover.1743007256.git.ludo@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: -2.3 (--)
X-Debbugs-Envelope-To: 77288
Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
* gnu/system/shadow.scm (account-shepherd-service): Create
/var/guix/profiles/per-user/$USER in ‘user-homes’ service.
Change-Id: I22e66e8a34d63686df9bae64c68df65c8889e72a
---
gnu/system/shadow.scm | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/gnu/system/shadow.scm b/gnu/system/shadow.scm
index b68a818871..d0f1b6b2b1 100644
--- a/gnu/system/shadow.scm
+++ b/gnu/system/shadow.scm
@@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013-2020, 2022, 2023 Ludovic Courtès <ludo@HIDDEN>
+;;; Copyright © 2013-2020, 2022-2023, 2025 Ludovic Courtès <ludo@HIDDEN>
;;; Copyright © 2016 Alex Griffin <a@HIDDEN>
;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@HIDDEN>
;;; Copyright © 2020, 2023 Efraim Flashner <efraim@HIDDEN>
@@ -460,6 +460,12 @@ (define (account-shepherd-service accounts+groups)
(define accounts
(filter user-account? accounts+groups))
+ (define regular-account-names
+ (filter-map (lambda (account)
+ (and (not (user-account-system? account))
+ (user-account-name account)))
+ accounts))
+
;; Create home directories only once 'file-systems' is up. This makes sure
;; they are created in the right place if /home lives on a separate
;; partition.
@@ -480,6 +486,17 @@ (define (account-shepherd-service accounts+groups)
(activate-user-home
(map sexp->user-account
(list #$@(map user-account->gexp accounts))))
+
+ ;; Create the user's profile directory upfront:
+ ;; guix-daemon lacks permissions to create it when it is
+ ;; running as an unprivileged user.
+ (for-each (lambda (account)
+ (let ((profile (in-vicinity
+ "/var/guix/profiles/per-user"
+ account))
+ (owner (getpwnam account)))
+ (mkdir-p/perms profile owner #o755)))
+ '#$regular-account-names)
#t))) ;success
(documentation "Create user home directories."))))
--
2.49.0
guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.Received: (at submit) by debbugs.gnu.org; 26 Mar 2025 16:49:27 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Wed Mar 26 12:49:27 2025 Received: from localhost ([127.0.0.1]:44118 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1txTwU-0000O0-Oc for submit <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:49:27 -0400 Received: from lists.gnu.org ([2001:470:142::17]:35688) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@HIDDEN>) id 1txTwR-0000Nj-Sz for submit <at> debbugs.gnu.org; Wed, 26 Mar 2025 12:49:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1txTw5-0002or-GL for guix-patches@HIDDEN; Wed, 26 Mar 2025 12:49:15 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@HIDDEN>) id 1txTw2-0006zf-G1; Wed, 26 Mar 2025 12:48:58 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=aFmmRy+HlVyt/e6KG6sz9L/1zXIk5BHQ47HMYuYANCs=; b=OjvLW9AVKewWCE wRFKw5+9o/mRbMwbFEpcj3rnEgqPSD1B1xDNKstMYpd4Q7VVzUas7RPBR51uz6AnPG1uB8Um9l8Oa itpcRvBYO8cHHMvfWD4/6pLoZwqDWiaLlyTQvZovmagCygxmyf93JG8DrFnEoMCdv3VaE6hCNW5qv 4+CMyQivBqWfexCs1zt3j5flYer/1K5doFkshO7Pdyvn4Cl3PPF3xR8oUesgrzyjkP2LvJP3VubZF LSqMIOGA5ci/IlTsU4uT/UIwshLS550o4G0criYS7y+S4Gl3XzJmv9z/s1FJvstghDkREelo/hGiw WfExrGXkzFv6VBFvuTfw==; From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN> To: guix-patches@HIDDEN Subject: [PATCH 0/6] Rootless guix-daemon on Guix System Date: Wed, 26 Mar 2025 17:48:38 +0100 Message-ID: <cover.1743007256.git.ludo@HIDDEN> X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 X-Debbugs-Cc: Florian Pelz <pelzflorian@HIDDEN>, Julien Lepiller <julien@HIDDEN> Content-Transfer-Encoding: 8bit X-Spam-Score: -0.0 (/) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@HIDDEN>, Reepca Russelstein <reepca@HIDDEN> X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) Hello Guix, This is a followup to <https://issues.guix.gnu.org/75810>, which also depends on <https://issues.guix.gnu.org/77189>, allowing us to run ‘guix-daemon’ without root privileges on Guix System. It is the second step of the migration path outlined in <https://issues.guix.gnu.org/75810#111-lineno40>. This is made difficult by the fact that all this is stateful: if I switch my system to unprivileged mode, then the store and all the data files of the daemon must have their owner changed to ‘guix-daemon’. This is implemented by an intermediate ‘guix-ownership’ one-shot service, which completes instantaneously in the normal case and chowns if when switching from privileged to unprivileged and vice versa. This service remains in ‘starting’ state until it is done. Another complication is that of /gnu/store being mounted read-only. To provide the ‘guix-ownership’ and ‘guix-daemon’ processes write access to the store, they are started by a wrapper that creates a new mount namespace and remounts the store read-write (similar to ‘makeStoreWritable’ in the daemon). An open issue is ‘--keep-failed’: currently /tmp/guix-build-* directories will remain owned by ‘guix-daemon’ as was discussed in the initial message at <https://issues.guix.gnu.org/75810>. It’s a regression, but maybe it’s acceptable if we consider that this feature is primarily used on single-user machines. For now, the installation procedure creates /gnu/store, /var/guix, etc. with root:root ownership. Eventually, if/when we settle on unprivileged guix-daemon, we should change that code to have guix-daemon:guix-daemon as the owner. Ludovic Courtès (6): syscalls: Add ‘unshare’. services: account: Create /var/guix/profiles/per-user/$USER. tests: guix-daemon: Send system log output to /dev/console. tests: guix-daemon: Wait for the ‘guix-daemon’ service to be up. services: guix: Allow ‘guix-daemon’ to run without root privileges. DRAFT news: Add entry about unprivileged guix-daemon on Guix System. doc/guix.texi | 30 +++++++ etc/news.scm | 24 ++++++ gnu/services/base.scm | 187 ++++++++++++++++++++++++++++++++++++---- gnu/system/shadow.scm | 19 +++- gnu/tests/base.scm | 60 +++++++++++-- guix/build/syscalls.scm | 18 ++++ tests/syscalls.scm | 9 ++ 7 files changed, 325 insertions(+), 22 deletions(-) base-commit: 1a69acce515de9be9b95df04c553a47a808e5034 -- 2.49.0
Ludovic Courtès <ludo@HIDDEN>:pelzflorian@HIDDEN, julien@HIDDEN, guix-patches@HIDDEN.
Full text available.pelzflorian@HIDDEN, julien@HIDDEN, guix-patches@HIDDEN:bug#77288; Package guix-patches.
Full text available.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.