Ludovic Courtès a92d98a7fa daemon: Attempt to map the “kvm” group inside the build user namespace. ... Fixes <https://issues.guix.gnu.org/77862>. Previously, the ‘guix-daemon’ account (for unprivileged execution) would typically have “kvm” as a supplementary group, but that group would not be mapped in the build user namespace. Consequently, attempts to ‘chown’ a file to that supplementary group would fail with EINVAL. The test suites of Coreutils, Python, and Go (among others) exercise this chown-to-supplementary-group behavior, so they would all fail when started by the unprivileged ‘guix-daemon’ even though they succeed when started by ‘guix-daemon’ running as root. Thanks to keinflue <keinflue@posteo.net> and Reepca Russelstein <reepca@russelstein.xyz> for helping out. * nix/libstore/build.cc (initializeUserNamespace): Add ‘extraGIDs’ and ‘haveCapSetGID’ parameters. Invoke ‘newgidmap’ when ‘extraGIDs’ is non-empty and ‘haveCapSetGID’ is false. Honor ‘extraGIDs’ when ‘haveCapSetGID’ is true. (maxGroups, guestKVMGID): New variables. (kvmGIDMapping): New function. (DerivationGoal::startBuilder): Set ‘ctx.lockMountsMapAll’ in the CLONE_NEWUSER case. Pass ‘extraGIDs’ to ‘initializeUserNamespace’. * tests/store.scm ("kvm GID is mapped"): New test. Change-Id: I10ba710fc1b9ca1e3cd3122be1ec8ede5df18b40		2025-10-16 15:14:37 +02:00
..
import	import: gem: Move tests to tests/import/gem.scm.	2025-10-08 10:57:00 +02:00
keys
machine	machine: hetzner: Allow attaching existing public IPs.	2025-04-21 23:55:50 +02:00
services	Reapply "Update Maxim's email address."	2025-09-18 13:44:12 +09:00
accounts.scm	accounts: Add /etc/subid and /etc/subgid allocation logic.	2024-12-18 18:32:40 +01:00
base16.scm
base32.scm
base64.scm
boot-parameters.scm
bournish.scm
build-emacs-utils.scm
build-utils.scm	Reapply "Update Maxim's email address."	2025-09-18 13:44:12 +09:00
builders.scm	tests: don't use 'file://...' URIs for testing git downloads.	2025-10-12 22:22:01 +02:00
cache.scm	cache: Avoid cache cleanup storms from concurrent processes.	2024-08-21 00:52:39 +02:00
challenge.scm
channels.scm	channels: Adjust tests for new #:verify-certificate? parameter.	2024-12-30 11:01:54 +01:00
combinators.scm
containers.scm	linux-container: Remove #:lock-mounts? and related code.	2025-10-13 14:48:26 +02:00
cpio.scm	utils: Don’t re-export ‘call-with-temporary-output-file’.	2024-04-15 22:36:42 +02:00
cve-sample.json	cve: Upgrade to JSON 2.0 feeds.	2025-08-31 12:39:24 +02:00
cve.scm	cve: Upgrade to JSON 2.0 feeds.	2025-08-31 12:39:24 +02:00
debug-link.scm
derivations.scm	tests: don't use 'file://...' URIs for testing git downloads.	2025-10-12 22:22:01 +02:00
discovery.scm
file-systems.scm	Reapply "Update Maxim's email address."	2025-09-18 13:44:12 +09:00
gexp.scm	gexp: ‘local-file’ expands its argument only once.	2025-04-06 11:23:07 +02:00
git-authenticate.scm	tests: Assume ‘git’ is always available.	2023-09-26 17:36:59 +02:00
git.scm	git: Remove untracked files from cached checkouts.	2024-07-18 17:31:19 +02:00
glob.scm
gnu-maintenance.scm	Reapply "Update Maxim's email address."	2025-09-18 13:44:12 +09:00
grafts.scm	grafts: Always depend on all the outputs of the original derivation.	2025-10-05 20:30:45 +02:00
graph.scm	tests: Adjust 'node-back-edges' test for 'bag' to system-dependent glibc.	2023-08-21 16:16:47 +02:00
gremlin.scm	tests: Fix gremlin.scm for GCC 14	2024-11-12 23:40:39 +01:00
guix-archive.sh
guix-authenticate.sh
guix-build-branch.sh
guix-build.sh	Reapply "Update Maxim's email address."	2025-09-18 13:44:12 +09:00
guix-daemon.sh
guix-describe.sh
guix-download.sh	tests: Remove interference from the user’s Git config.	2024-05-13 16:31:35 +02:00
guix-environment-container.sh	tests: Pass ‘--timeout’ for builds with the host store.	2025-09-03 12:34:13 +02:00
guix-environment.sh
guix-gc.sh
guix-git-authenticate.sh	git authenticate: Gracefully handle passing an annotated tag to ‘--end’.	2025-06-22 23:45:36 +02:00
guix-graph.sh	tests: Adjust ‘guix graph --path’ test to latest Emacs changes.	2023-09-26 17:36:57 +02:00
guix-hash.sh
guix-home.sh	tests: Pass ‘--timeout’ for builds with the host store.	2025-09-03 12:34:13 +02:00
guix-lint.sh
guix-locate.sh	locate: Accept ‘--clear’ without additional arguments.	2023-11-15 18:29:37 +01:00
guix-pack-localstatedir.sh	tests: Pass ‘--timeout’ for builds with the host store.	2025-09-03 12:34:13 +02:00
guix-pack-relocatable.sh	tests: Pass ‘--timeout’ for builds with the host store.	2025-09-03 12:34:13 +02:00
guix-pack.sh	tests: Adjust to cope with glibc graft.	2023-10-28 01:30:37 +02:00
guix-package-aliases.sh
guix-package-net.sh
guix-package.sh	tests: guix-package: Fix guix package --search test.	2024-12-14 00:34:28 +01:00
guix-refresh.sh	refresh: Allow specifying a partial version via the version specification.	2025-05-19 10:07:24 +09:00
guix-repl.sh
guix-shell-export-manifest.sh	tests: guix-shell-export-manifest: Fix pyproject-build-system python test.	2024-12-14 01:28:49 +01:00
guix-shell.sh	shell: ‘--development’ honors ‘--system’.	2023-12-06 23:50:04 +01:00
guix-style.sh	scripts: style: Sort more kinds of package definitions.	2025-02-09 18:20:41 +01:00
guix-system.sh	tests: guix-system: Add test for 'guix system container'.	2025-10-11 21:57:59 +09:00
guix-time-machine.sh	Reapply "Update Maxim's email address."	2025-09-18 13:44:12 +09:00
home-import.scm	home: Define ‘%base-home-services’.	2025-01-16 22:32:11 +01:00
home-services.scm
http-client.scm
inferior.scm
ipfs.scm
lint.scm	guix: lint: Check for misplaced argument flags.	2025-07-28 10:34:36 +03:00
modules.scm	build-systems: gnu: Export %default-gnu-imported-modules and %default-gnu-modules.	2024-08-31 10:42:16 +02:00
monads.scm	gexp: ‘with-parameters’ properly handles ‘%graft?’.	2025-03-05 00:28:49 +01:00
nar.scm
networking.scm	Reapply "Update Maxim's email address."	2025-09-18 13:44:12 +09:00
offload.scm	Reapply "Update Maxim's email address."	2025-09-18 13:44:12 +09:00
openpgp.scm
pack.scm	tests/pack: Fix rpm tests.	2025-09-30 16:52:07 +09:00
packages.scm	tests: Adjust ‘package-transitive-supported-systems’ test.	2025-09-23 14:53:36 +02:00
pki.scm
processes.scm	tests: Run in a chroot and unprivileged user namespaces.	2025-03-26 17:57:44 +01:00
profiles.scm	profiles: Use C.UTF-8 instead of ‘glibc-utf8-locales’ where possible.	2024-08-31 10:42:49 +02:00
publish.scm	Revert "publish: Prevent publication of non-substitutable derivation outputs."	2025-09-21 18:47:23 +02:00
read-print.scm	read-print: Adjust test for keyword alignment.	2025-02-24 23:33:51 +01:00
records.scm
rpm.scm	Reapply "Update Maxim's email address."	2025-09-18 13:44:12 +09:00
scripts.scm
search-paths.scm
services.scm	services: ‘shepherd-service-upgrade’ handles canonical name changes.	2025-03-05 00:28:49 +01:00
sets.scm
size.scm
status.scm
store-database.scm	utils: Don’t re-export ‘call-with-temporary-output-file’.	2024-04-15 22:36:42 +02:00
store-deadlock.scm	daemon: Explicitly unlock output path in the has-become-valid case.	2024-12-30 00:51:57 +01:00
store-deduplication.scm	tests: Fix ‘store-deduplication.scm’ on systems with large blocks.	2025-10-06 10:42:08 +02:00
store-roots.scm	tests: store-roots: Remove bogus test.	2023-08-18 16:10:08 +02:00
store.scm	daemon: Attempt to map the “kvm” group inside the build user namespace.	2025-10-16 15:14:37 +02:00
style.scm	style: Fix conversion of ‘unquote-splicing’ by ‘-S arguments’.	2024-06-03 22:58:52 +02:00
substitute.scm	substitute: Do not exit when failing to find a nar.	2023-12-04 22:26:36 +01:00
swh.scm	swh: ‘lookup-origin-revision’ handles branches pointing to directories.	2024-03-09 18:55:49 +01:00
syscalls.scm	syscalls: Add ‘unshare’.	2025-04-20 18:50:51 +02:00
system.scm
test.drv
toml.scm	guix: toml: Fix evaluation of empty inline tables.	2025-01-20 21:37:36 +01:00
transformations.scm	transformations: Git source transformations honour RECURSIVE?.	2025-05-05 12:15:47 +02:00
ui.scm
union.scm
upstream.scm	upstream: Define ‘preferred-upstream-source’.	2025-01-08 23:03:04 +01:00
utils.scm	utils: Don’t re-export ‘call-with-temporary-output-file’.	2024-04-15 22:36:42 +02:00
uuid.scm
workers.scm