Hello! Reepca Russelstein <ree...@russelstein.xyz> writes:
> So if you'll bear with the extreme awkwardness, we could fork a helper > process immediately prior to calling unshare, which, upon receiving a > notification, will initialize the parent process's user namespace. Note > that the naming here is going to be inverted for process ancestry and > user namespace ancestry: the child process is in the parent user > namespace, and the parent process is in the child user namespace. User namespaces seem to be an infinite supply of awkwardness! I pushed a branch that implements those changes and actually works: https://codeberg.org/guix/guix/pulls/452 I marked it as WIP because I’m still in the process of updating the ‘guix’ package so I can actually run all the guix-daemon system tests and there may be some adjustments to be made, such as ensuring that ‘newgidmap’ is found both on Guix System and on Debian. Next step would be to run the test suites of Coreutils, Go, and Python as keinflue did but I don’t have a good setup for that. Thanks, Ludo’.