[prev in list] [next in list] [prev in thread] [next in thread]
List: nix-dev
Subject: Re: [Nix-dev] Binary packages for custom store path installs
From: Paul Colomiets <paul () colomiets ! name>
Date: 2014-06-29 13:38:14
Message-ID: CAA0gF6re1YJ+mVmQP_hQSJYpnq4vMhQCGALSbR2xrT3SQymhZg () mail ! gmail ! com
[Download RAW message or body]
Hi Mateusz,
On Fri, Jun 13, 2014 at 7:22 AM, Mateusz Kowalczyk
<fuuzetsu@fuuzetsu.co.uk> wrote:
>
> In environments where one only has regular user rights resources are
> often constrained, be it hard drive space, memory or computational
> power. Incurring the penalty of having to compile everything on top of
> that merely because the store is not sitting at the top of the file
> system is rather sub-optimal so it would be great if there was a solution.
>
BTW, have you tried user namespaces? I.e. in recent kernel you can
create another root
filesystem, even having only regular user permissions.
Here is proof of concept script:
#!/bin/sh -e
dirs="bin etc proc root tmp usr dev nix run sys var home"
mkdir newroot || true
for i in $dirs $cant_mount; do
mkdir newroot/$i || true
mount --rbind /$i newroot/$i
done
exec chroot newroot /bin/sh
Run it with:
lxc-usernsexec -- unshare -m ./newroot.sh
And you'll be in separate root and you don't need any privileges for
that. You probably only need a >= 3.8 kernel. If you don't have
lxc-usernsexec script or newuidmap (which is a dependency of
lxc-usernsexec), it is replaced by simple bash script. unshare utility
is from util-linux so should be everywhere.
I'm running in nix, so I just bind-mount /nix folder. You are probably
going to use the one directly in "newroot".
--
Paul
_______________________________________________
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic