New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
coreutils: fix unprivileged sandbox build #52672
Conversation
I have 72 cores I would like to use. |
I'm very much in favor of enabling this sort of usage!! However for something as absolutely critical as coreutils, I'm reluctant to disable so many tests. On one hand, AFAIK we've never had a problem with coreutils that a)was a build env/configuration problem and not just the fallout of intentional coreutils behavior change across version, AND/OR b)tests would have caught. On the other hand, we really don't want avoidable problems in these tools.
I'm not entirely against this if we can't find other solutions, but seems worth at least brainstorming other ways first :). |
Follow-up: is there a way to test this-- either to avoid regressions in the future once it's fixed, or more immediately to explore alternatives? :) |
Changing the
|
In usernamespaces some POSIX assumptions break, which make some coreutils fail when running with sandbox but without a nix-deamon. With this pull request it is possible to bootstrap stdenv without root-permission, which is quiet useful in HPC environments.
295e3ce
to
0a35c5c
Compare
I updated the test list. Now it is only 5 out of 600 tests for coreutils that are disabled and are all related to Does this sound acceptable? |
On Sun, 23 Dec 2018 01:50:47 -0800, Jörg Thalheim ***@***.***> wrote:
I updated the test list. Now it is only 5 out of 600 tests for coreutils that are disabled and are all related to `chgrp`, where the problem is that only one of the two groups in the sandbox are usable by the build user and 3 tests in gnulib, also related to ownership. If we would ever have a problem with those very basic commands, where are likely to catch this in other packages/nixos tests.
Does this sound acceptable?
Yes, thank you!
… --
You are receiving this because your review was requested.
Reply to this email directly or view it on GitHub:
#52672 (comment) part: text/html
|
In usernamespaces some POSIX assumptions break, which
make some coreutils fail when running with sandbox but without a nix-deamon.
With this pull request it is possible to bootstrap stdenv without root-permission,
which is quiet useful in HPC environments.
Motivation for this change
Things done
sandbox
innix.conf
on non-NixOS)nix-shell -p nox --run "nox-review wip"
./result/bin/
)nix path-info -S
before and after)