guix-install.sh: Add the “kvm” GID to /etc/subgid.

* etc/guix-install.sh (SYSTEMD_REQUIRE): New variable.
(sys_create_build_user): Populate /etc/subgid.

Change-Id: I989c3ff682453d8d65e313c89fb751a20aa48bb8

etc/guix-install.sh

@@ -91,6 +91,11 @@ SYSV_INIT_REQUIRE=(
     "daemonize"
 )
 
+# Unprivileged guix-daemon requires 'newgidmap'.
+SYSTEMD_REQUIRE=(
+    "newgidmap"
+)
+
 PAS=$'[ \033[32;1mPASS\033[0m ] '
 ERR=$'[ \033[31;1mFAIL\033[0m ] '
 WAR=$'[ \033[33;1mWARN\033[0m ] '
@@ -516,6 +521,13 @@ sys_create_build_user()
 		       guix-daemon"$KVMGROUP"		\
 		       "Unprivileged Guix Daemon User"
 
+	if getent group kvm > /dev/null; then
+	    # Allow 'newgidmap' to map the "kvm" group.
+	    local kvmgid="$(getent group kvm | cut -f3 -d:)"
+	    _msg_info "allowing kvm mapping (GID $kvmgid) for unprivileged guix-daemon"
+	    echo "guix-daemon:$kvmgid:1" >> /etc/subgid
+	fi
+
 	# ‘tar xf’ creates root:root files.  Change that.
 	chown -R guix-daemon:guix-daemon /gnu /var/guix
 	chown -R root:root /var/guix/profiles/per-user/root