[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Code sharing between system and home services (was Re: On the naming
|
From: |
Ludovic Courtès |
|
Subject: |
Re: Code sharing between system and home services (was Re: On the naming of System and Home services modules.) |
|
Date: |
Tue, 28 Sep 2021 14:21:33 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) |
Hi,
Joshua Branson <jbranso@dismail.de> skribis:
> Apologies if I'm speaking for something I know very little
> about...Wouldn't it be nice if guix home services would accept a user
> and a group field? For the syncthing service, perhaps the user wants to
> limit Syncthing's runtime permissions. So instead of running as the
> user, the user would run synthing as a different user with less permissions?
That’s not possible unless the calling user is root, since you’d need
the ability to switch users somehow.
> Please note it may be much better to just container-ize the synthing
> service. Does guix home have that ability?
>
> https://guix.gnu.org/en/blog/2017/running-system-services-in-containers/
It can gain that availability without doing anything actually: service
implementations “just” need to use ‘make-forkexec-constructor/container’
instead of ‘make-forkexec-constructor’.
However, that would only work on systems where unprivileged user
namespaces are enabled, so we’d need a way to turn it off.
Ludo’.
- Re: On the naming of System and Home services modules., (continued)
- Re: On the naming of System and Home services modules., Ludovic Courtès, 2021/09/23
- Code sharing between system and home services (was Re: On the naming of System and Home services modules.), Xinglu Chen, 2021/09/24
- Re: Code sharing between system and home services (was Re: On the naming of System and Home services modules.), Maxime Devos, 2021/09/24
- Re: Code sharing between system and home services (was Re: On the naming of System and Home services modules.), Xinglu Chen, 2021/09/24
- Re: Code sharing between system and home services (was Re: On the naming of System and Home services modules.), Maxime Devos, 2021/09/24
- Re: Code sharing between system and home services (was Re: On the naming of System and Home services modules.), Ludovic Courtès, 2021/09/28
- Re: Code sharing between system and home services (was Re: On the naming of System and Home services modules.), Andrew Tropin, 2021/09/28
- Re: Code sharing between system and home services (was Re: On the naming of System and Home services modules.), Joshua Branson, 2021/09/24
- Re: Code sharing between system and home services (was Re: On the naming of System and Home services modules.),
Ludovic Courtès <=
- Re: Code sharing between system and home services (was Re: On the naming of System and Home services modules.), Maxime Devos, 2021/09/29
- Re: Code sharing between system and home services (was Re: On the naming of System and Home services modules.), Maxim Cournoyer, 2021/09/27
Re: On the naming of System and Home services modules., Ryan Prior, 2021/09/15
Re: On the naming of System and Home services modules., Ludovic Courtès, 2021/09/23