From 1ccc0f807d3f22fa9ade1c607c112e04df833a72 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Tue, 2 Apr 2019 10:57:24 +0200 Subject: environment: '-C' creates namespaces where the user is not root. * guix/scripts/environment.scm (launch-environment/container): Add UID and GID. Use them in PASSWD and GROUPS. Pass them as #:guest-uid and #:guest-gid to 'call-with-container'. * tests/guix-environment-container.sh: Test the inner UID. In '--user' test, replace hard-coded 0 with 1000. * doc/guix.texi (Invoking guix environment): Adjust accordingly. --- guix/scripts/environment.scm | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'guix') diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm index c27edc7982..2d1ba4c938 100644 --- a/guix/scripts/environment.scm +++ b/guix/scripts/environment.scm @@ -459,17 +459,19 @@ will be used for the passwd entry. LINK-PROFILE? creates a symbolic link from (return (let* ((cwd (getcwd)) (home (getenv "HOME")) + (uid (if user 1000 (getuid))) + (gid (if user 1000 (getgid))) (passwd (let ((pwd (getpwuid (getuid)))) (password-entry (name (or user (passwd:name pwd))) (real-name (if user "" (passwd:gecos pwd))) - (uid 0) (gid 0) (shell bash) + (uid uid) (gid gid) (shell bash) (directory (if user (string-append "/home/" user) (passwd:dir pwd)))))) - (groups (list (group-entry (name "users") (gid 0)) + (groups (list (group-entry (name "users") (gid gid)) (group-entry (gid 65534) ;the overflow GID (name "overflow")))) (home-dir (password-entry-directory passwd)) @@ -541,6 +543,8 @@ will be used for the passwd entry. LINK-PROFILE? creates a symbolic link from ;; A container's environment is already purified, so no need to ;; request it be purified again. (launch-environment command profile manifest #:pure? #f))) + #:guest-uid uid + #:guest-gid gid #:namespaces (if network? (delq 'net %namespaces) ; share host network %namespaces))))))) -- cgit v1.2.3