Re: Running guix-daemon as an unprivileged user (Was: [PATCH] syscalls: setns: Skip binding if there is no such C function.)

[韋嘉誠]

On Mon, Aug 17, 2015 at 4:34 PM, Thompson, David
<address@hidden> wrote:
> On Mon, Aug 17, 2015 at 4:33 AM, Eric Bavier <address@hidden> wrote:
>> On Mon, 17 Aug 2015 14:45:28 +0200
>> Claes Wallin (韋嘉誠) <address@hidden> wrote:

>>> https://www.gnu.org/software/guix/manual/guix.html#Build-Environment-Setup
>>>
>>> "If you are installing Guix as an unprivileged user, it is still
>>> possible to run guix-daemon provided you pass --disable-chroot."
>>>
>>
>> I have experimented with this a bit lately.  It works to some extent,
>> but I have had to apply a few patches to some package recipes.  Some
>> packages have failing tests (where presumably they would pass or be
>> skipped in the chroot), which I have disabled for the time being just
>> to move along.
>
> I think that to really make unprivileged use of Guix work acceptably,
> we need to use the user namespaces feature first introduced in Linux
> 3.8.  This would allow unprivileged users to build software in the
> same type of isolated environments that are used when running the
> daemon as root.


Working at all is acceptable to me.

Do namespaces really work for non-root? That's more awesome than I
expected. But without being able to point out how, it sounds to me
like it could easily be a privilege escalation waiting to happen,
unless you do it as compartmentalized as the Hurd does it ... which
Linux won't.

-- 
   /c