summaryrefslogtreecommitdiff
path: root/guix
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2019-04-02 10:57:24 +0200
committerLudovic Courtès <ludo@gnu.org>2019-04-02 18:15:37 +0200
commit1ccc0f807d3f22fa9ade1c607c112e04df833a72 (patch)
tree4b63fa9c0aa1b658b126ff14858f4be6f21f8503 /guix
parentaf76c020bf19de5fe2e92f31d8b85cbd55c481de (diff)
environment: '-C' creates namespaces where the user is not root.
* guix/scripts/environment.scm (launch-environment/container): Add UID and GID. Use them in PASSWD and GROUPS. Pass them as #:guest-uid and #:guest-gid to 'call-with-container'. * tests/guix-environment-container.sh: Test the inner UID. In '--user' test, replace hard-coded 0 with 1000. * doc/guix.texi (Invoking guix environment): Adjust accordingly.
Diffstat (limited to 'guix')
-rw-r--r--guix/scripts/environment.scm8
1 files changed, 6 insertions, 2 deletions
diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index c27edc7982..2d1ba4c938 100644
--- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -459,17 +459,19 @@ will be used for the passwd entry. LINK-PROFILE? creates a symbolic link from
(return
(let* ((cwd (getcwd))
(home (getenv "HOME"))
+ (uid (if user 1000 (getuid)))
+ (gid (if user 1000 (getgid)))
(passwd (let ((pwd (getpwuid (getuid))))
(password-entry
(name (or user (passwd:name pwd)))
(real-name (if user
""
(passwd:gecos pwd)))
- (uid 0) (gid 0) (shell bash)
+ (uid uid) (gid gid) (shell bash)
(directory (if user
(string-append "/home/" user)
(passwd:dir pwd))))))
- (groups (list (group-entry (name "users") (gid 0))
+ (groups (list (group-entry (name "users") (gid gid))
(group-entry (gid 65534) ;the overflow GID
(name "overflow"))))
(home-dir (password-entry-directory passwd))
@@ -541,6 +543,8 @@ will be used for the passwd entry. LINK-PROFILE? creates a symbolic link from
;; A container's environment is already purified, so no need to
;; request it be purified again.
(launch-environment command profile manifest #:pure? #f)))
+ #:guest-uid uid
+ #:guest-gid gid
#:namespaces (if network?
(delq 'net %namespaces) ; share host network
%namespaces)))))))