| Message ID | cover.1741973869.git.ludo@gnu.org |
|---|---|
| Headers |
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 9D4D027BBE9; Fri, 14 Mar 2025 17:51:31 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 5578627BBE2 for <patchwork@mira.cbaines.net>; Fri, 14 Mar 2025 17:51:31 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces@gnu.org>) id 1tt9Aq-00058Y-15; Fri, 14 Mar 2025 13:50:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tt9Ac-00051d-4p for guix-patches@gnu.org; Fri, 14 Mar 2025 13:50:06 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tt9Aa-00021X-RT for guix-patches@gnu.org; Fri, 14 Mar 2025 13:50:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:In-Reply-To:References:Subject; bh=bCaK0d/HiPtBq1zMzQwCfvjTWkFpAA0DcHPTXIeecUQ=; b=jm6aLROoo0wpvN+4vSB1SwZqeOUy6/3aZm4+DncScSzWjUAo1aJEyBTY5hB03ndF1y/G8OeZpcUu0FnZ6vtR+80Zcn1204U7G4AHWsWHOf/x/x4/PWefqyWWY3dC9GQq/BQ1ZbigzlNNSLL5bdCusAKV+A2AOGdKjAnMknWl2uPpLqUJu5P+DElJMWo3La0KZpR0Hkx/Eb3qXV9w5VF3PoVS7vTUN458lAb593Znp9XpDT/6jslt558SQlpVRNSTttUDu7JfBWrnAPOc3bhMYidP1pdk8f10U08+0wr1HWjva5fxY94GvBzZ16xf8kOAXrGoXJMCHx4Kw/dgW5k4KQ==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1tt9AY-0004Ql-DK for guix-patches@gnu.org; Fri, 14 Mar 2025 13:50:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#75810] [PATCH v5 00/14] Rootless guix-daemon References: <cover.1737738362.git.ludo@gnu.org> In-Reply-To: <cover.1737738362.git.ludo@gnu.org> Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 14 Mar 2025 17:50:02 +0000 Resent-Message-ID: <handler.75810.B75810.174197458816929@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 75810 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 75810@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>, Reepca Russelstein <reepca@russelstein.xyz> Received: via spool by 75810-submit@debbugs.gnu.org id=B75810.174197458816929 (code B ref 75810); Fri, 14 Mar 2025 17:50:02 +0000 Received: (at 75810) by debbugs.gnu.org; 14 Mar 2025 17:49:48 +0000 Received: from localhost ([127.0.0.1]:35995 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1tt9AG-0004Oh-SN for submit@debbugs.gnu.org; Fri, 14 Mar 2025 13:49:48 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:44248) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@gnu.org>) id 1tt9AA-0004O5-IW for 75810@debbugs.gnu.org; Fri, 14 Mar 2025 13:49:42 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1tt9A2-0001xR-S4; Fri, 14 Mar 2025 13:49:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=bCaK0d/HiPtBq1zMzQwCfvjTWkFpAA0DcHPTXIeecUQ=; b=NTJO3xgFiwkMbE Jug0QaiAgx9QpsPVWGwyder5J9UFYH4fti09i9kpnfZqy6Vy9Acb1MFdt8ow6aEI/KkP1Zdvd1SvK g4D39D8LmbEHD+GJvzpL/Vrxt4Wify0aLwBtdNeLVu4GSarBMEUtnz9gQg1zYs03YYgVGlSiD1TiA wPKNt+pPAbLjqc4YnKHoocppmmGu7JYA9ODOYmoX0Rde8lPlI8e31uilF7Rc8qZDDjh3dt+DioILP lDmd6W8IA+mzgZwRjS0VGBScpIIjdsuyFZrDDAxvRqzaNFv3V5u4fb/0imeoddXufF3SBx9A0s/vs oAhnghN1GRApHdNUAi5w==; From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org> Date: Fri, 14 Mar 2025 18:47:57 +0100 Message-ID: <cover.1741973869.git.ludo@gnu.org> X-Mailer: git-send-email 2.48.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches |
| Series |
Rootless guix-daemon
|
|
Message
Ludovic Courtès
March 14, 2025, 5:47 p.m. UTC
Hello Guix!
Changes since v4:
• Remove qualifiers such as “new” from the documentation
and clarify that unprivileged guix-daemon is the option
chosen by default in some cases (Simon, Maxim).
• Change ‘deleteTmpDir’ to deal with the case where
CAP_SYS_CHOWN is available but ‘--disable-chroot’ is used
(Reepca).
• Add ‘unshare’ call in the build process before ‘execve’
to create new user and mount namespaces, thereby locking
together all the previous mounts; check by calling
‘umount’ and ensuring that it returns EINVAL that mounts
are indeed locked (Reepca).
• In ‘guix-install.sh’, keep /var/guix/profiles/per-user/root
root-owned (previously it was chowned to ‘guix-daemon’).
• In ‘guix-install.sh’, start ‘gnu-store.mount’ explicitly
since it is no longer a dependency of ‘guix-daemon.service’.
• In ‘guix-daemon.service.in’, set
‘GUIX_DATABASE_DIRECTORY=/var/guix’ for forward compatibility
(I’m thinking of eventually changing the default database
location when not running as root).
With these changes, the ‘debian-install’ and ‘guix-daemon’
system tests both pass.
I think we’ve never been this close to completion. :-)
Thoughts?
Thanks a lot for your feedback, comrades.
Ludo’.
Ludovic Courtès (14):
daemon: Use ‘close_range’ where available.
daemon: Bind-mount /etc/nsswitch.conf & co. only if it exists.
daemon: Bind-mount all the inputs, not just directories.
daemon: Remount inputs as read-only.
daemon: Remount root directory as read-only.
daemon: Allow running as non-root with unprivileged user namespaces.
daemon: Create /var/guix/profiles/per-user unconditionally.
daemon: Drop Linux ambient capabilities before executing builder.
daemon: Move comments where they belong.
tests: Add missing derivation inputs.
tests: Run in a chroot and unprivileged user namespaces.
etc: systemd services: Run ‘guix-daemon’ as an unprivileged user.
guix-install.sh: Support the unprivileged daemon where possible.
DRAFT gnu: guix: Update to 00562be.
build-aux/test-env.in | 16 +-
config-daemon.ac | 5 +-
doc/guix.texi | 102 +++++++++---
etc/gnu-store.mount.in | 3 +-
etc/guix-daemon.service.in | 22 ++-
etc/guix-install.sh | 109 +++++++++---
gnu/packages/package-management.scm | 6 +-
guix/substitutes.scm | 2 +-
nix/libstore/build.cc | 247 ++++++++++++++++++++-------
nix/libstore/local-store.cc | 26 ++-
nix/libutil/util.cc | 23 ++-
tests/derivations.scm | 24 ++-
tests/packages.scm | 13 +-
tests/processes.scm | 9 +-
tests/store.scm | 250 ++++++++++++++++++++++++----
15 files changed, 675 insertions(+), 182 deletions(-)
base-commit: 519fc51b6ecfe9ac9f2fa2f4ae052ab1984eed22