| 3 Mar 2026 |
 eveeifyeve | Is this for msys2 mingw? | 02:19:04 |
| eveeifyeve | Because I am happy to look at it, once you have pushed the code, tonight as I am currently in my lunch break at school. | 02:19:34 |
 puffnfresh | yeah that's already on master, and I just noticed I posted in the wrong room, was meant for #windows:nixos.org | 02:25:41 |
|  sodiboo changed their profile picture. | 19:19:25 |
|  Moon Burst joined the room. | 20:08:02 |
|  Aaron Hall joined the room. | 23:42:32 |
| 5 Mar 2026 |
 pveierland | When using nix eval --eval-store /some/path - will any GC nominally be involved such that GC roots are still important - or would the eval store normally not be GCd? | 01:26:39 |
|  Markus Theil (SCS) changed their display name from Markus Theil to Markus Theil (SCS). | 09:34:09 |
|  focu5 joined the room. | 14:17:05 |
|  @kintrix:matrix.org left the room. | 17:12:14 |
 ysndr | When using a shell with a chroot store, it seems we’re loosing some uid information preventing eg sudo from working properly:
nix shell nixpkgs#hello --store ./test -c sudo whoami
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
I also noticed that using —store inside a chroot shell isn’t working either fwiw and am trying to connect the dots here | 17:45:17 |
 Sergei Zimmerman (xokdvium) | In reply to @ysndr:matrix.org
When using a shell with a chroot store, it seems we’re loosing some uid information preventing eg sudo from working properly:
nix shell nixpkgs#hello --store ./test -c sudo whoami
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
I also noticed that using —store inside a chroot shell isn’t working either fwiw and am trying to connect the dots here Hm worth a chroot store nix sets up a mounts | 17:49:24 |
| Sergei Zimmerman (xokdvium) | In reply to @ysndr:matrix.org
When using a shell with a chroot store, it seems we’re loosing some uid information preventing eg sudo from working properly:
nix shell nixpkgs#hello --store ./test -c sudo whoami
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
I also noticed that using —store inside a chroot shell isn’t working either fwiw and am trying to connect the dots here * Hm worth a chroot store nix sets up a mountns | 17:49:31 |
| Sergei Zimmerman (xokdvium) | worth -> with | 17:49:51 |
| Sergei Zimmerman (xokdvium) | The mounts there are quite messed up probably | 17:50:58 |
| Sergei Zimmerman (xokdvium) | I’m no Linux guru though and haven’t looked at that code too closely, so I’m not sure how to go about fixing it. I think there was a fixme about using overlayfs for the relocated store IIRC | 17:53:00 |
| ysndr | Yea it’s user / mount namespace all the way.
At least root seems to not be mapper correctly (sudo is owned by nobody, as opposed to root) | 17:57:42 |
| ysndr | * Yea it’s user / mount namespace all the way.
At least root seems to not be mapped correctly (sudo is owned by nobody, as opposed to root) | 17:57:47 |
| Sergei Zimmerman (xokdvium) | Ah do we not set up a proper uid_map? | 18:07:34 |
| 6 Mar 2026 |
|  gilligan (he/him) joined the room. | 01:45:50 |
|  Azosion joined the room. | 03:32:29 |
 dramforever | there's no way to do this without running nix shell with root permissions | 05:01:17 |
| dramforever | see https://man7.org/linux/man-pages/man7/user_namespaces.7.html "In order for a process to write to the /proc/pid/uid_map", currently bullet 5, (b), bullet 1 | 05:02:16 |
| dramforever | * see https://man7.org/linux/man-pages/man7/user_namespaces.7.html "In order for a process to write to the /proc/pid/uid_map ...", currently bullet 5, (b), bullet 1 | 05:02:25 |
| dramforever | and we have to be in a new user namespace to create a mount namespace and start mounting stuff | 05:03:36 |
| dramforever | * see https://man7.org/linux/man-pages/man7/user_namespaces.7.html "In order for a process to write to the /proc/pid/uid_map ...", currently bullet 5, (b), bullet 1
The data written to uid_map (gid_map) must consist of a single line that maps the writing process's effective user ID (group ID) in the parent user namespace to a user ID (group ID) in the user namespace.
| 05:04:37 |
| dramforever | side note, don't you love it when all you need to understand is 1 and 2 and 3 and ( 4(a) or 4(b) ) and ( 5(a) or ( 5(b)1 and 5(b)2 and 5(b)3 ) ) | 05:06:11 |
| dramforever | so just, to clarify, putting aside everything else, 5(b)1 says that if you don't have CAP_SETUID, then you can only map yourself in the parent userns to any uid in the child userns. everyone else in the parent userns becomes nobody in the child | 05:07:56 |
| dramforever | * so just, to clarify, putting aside everything else, 5(b)1 says that if you don't have CAP_SETUID, then you can only map yourself in the parent userns to any uid in the child userns. everyone else in the parent userns becomes nobody in the child userns | 05:08:26 |
| dramforever | * so just, to clarify, putting aside everything else, 5(b)1 says that if you don't have CAP_SETUID in the parent userns, then you can only map yourself in the parent userns to any uid in the child userns. everyone else in the parent userns becomes nobody in the child userns | 05:08:36 |
