| 3 Mar 2026 |
 Bonus | Hello, could someone point me in the right direction here: https://github.com/NixOS/nix/pull/15131#issuecomment-3901665950 | 01:05:48 |
 eveeifyeve | Is this for msys2 mingw? | 02:19:04 |
| eveeifyeve | Because I am happy to look at it, once you have pushed the code, tonight as I am currently in my lunch break at school. | 02:19:34 |
 puffnfresh | yeah that's already on master, and I just noticed I posted in the wrong room, was meant for #windows:nixos.org | 02:25:41 |
|  sodiboo changed their profile picture. | 19:19:25 |
|  Moon Burst joined the room. | 20:08:02 |
|  Aaron Hall joined the room. | 23:42:32 |
| 5 Mar 2026 |
 pveierland | When using nix eval --eval-store /some/path - will any GC nominally be involved such that GC roots are still important - or would the eval store normally not be GCd? | 01:26:39 |
|  @mtheil:scs.ems.host changed their display name from Markus Theil to Markus Theil (SCS). | 09:34:09 |
|  focu5 joined the room. | 14:17:05 |
|  @kintrix:matrix.org left the room. | 17:12:14 |
 ysndr | When using a shell with a chroot store, it seems we’re loosing some uid information preventing eg sudo from working properly:
nix shell nixpkgs#hello --store ./test -c sudo whoami
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
I also noticed that using —store inside a chroot shell isn’t working either fwiw and am trying to connect the dots here | 17:45:17 |
 Sergei Zimmerman (xokdvium) | In reply to @ysndr:matrix.org
When using a shell with a chroot store, it seems we’re loosing some uid information preventing eg sudo from working properly:
nix shell nixpkgs#hello --store ./test -c sudo whoami
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
I also noticed that using —store inside a chroot shell isn’t working either fwiw and am trying to connect the dots here Hm worth a chroot store nix sets up a mounts | 17:49:24 |
| Sergei Zimmerman (xokdvium) | In reply to @ysndr:matrix.org
When using a shell with a chroot store, it seems we’re loosing some uid information preventing eg sudo from working properly:
nix shell nixpkgs#hello --store ./test -c sudo whoami
sudo: /usr/bin/sudo must be owned by uid 0 and have the setuid bit set
I also noticed that using —store inside a chroot shell isn’t working either fwiw and am trying to connect the dots here * Hm worth a chroot store nix sets up a mountns | 17:49:31 |
| Sergei Zimmerman (xokdvium) | worth -> with | 17:49:51 |
| Sergei Zimmerman (xokdvium) | The mounts there are quite messed up probably | 17:50:58 |
| Sergei Zimmerman (xokdvium) | I’m no Linux guru though and haven’t looked at that code too closely, so I’m not sure how to go about fixing it. I think there was a fixme about using overlayfs for the relocated store IIRC | 17:53:00 |
| ysndr | Yea it’s user / mount namespace all the way.
At least root seems to not be mapper correctly (sudo is owned by nobody, as opposed to root) | 17:57:42 |
| ysndr | * Yea it’s user / mount namespace all the way.
At least root seems to not be mapped correctly (sudo is owned by nobody, as opposed to root) | 17:57:47 |
| Sergei Zimmerman (xokdvium) | Ah do we not set up a proper uid_map? | 18:07:34 |
| 6 Mar 2026 |
|  gilligan (he/him) joined the room. | 01:45:50 |
|  Azosion joined the room. | 03:32:29 |
 dramforever | there's no way to do this without running nix shell with root permissions | 05:01:17 |
| dramforever | see https://man7.org/linux/man-pages/man7/user_namespaces.7.html "In order for a process to write to the /proc/pid/uid_map", currently bullet 5, (b), bullet 1 | 05:02:16 |
| dramforever | * see https://man7.org/linux/man-pages/man7/user_namespaces.7.html "In order for a process to write to the /proc/pid/uid_map ...", currently bullet 5, (b), bullet 1 | 05:02:25 |
| dramforever | and we have to be in a new user namespace to create a mount namespace and start mounting stuff | 05:03:36 |
| dramforever | * see https://man7.org/linux/man-pages/man7/user_namespaces.7.html "In order for a process to write to the /proc/pid/uid_map ...", currently bullet 5, (b), bullet 1
The data written to uid_map (gid_map) must consist of a single line that maps the writing process's effective user ID (group ID) in the parent user namespace to a user ID (group ID) in the user namespace.
| 05:04:37 |
| dramforever | side note, don't you love it when all you need to understand is 1 and 2 and 3 and ( 4(a) or 4(b) ) and ( 5(a) or ( 5(b)1 and 5(b)2 and 5(b)3 ) ) | 05:06:11 |
| dramforever | so just, to clarify, putting aside everything else, 5(b)1 says that if you don't have CAP_SETUID, then you can only map yourself in the parent userns to any uid in the child userns. everyone else in the parent userns becomes nobody in the child | 05:07:56 |
| dramforever | * so just, to clarify, putting aside everything else, 5(b)1 says that if you don't have CAP_SETUID, then you can only map yourself in the parent userns to any uid in the child userns. everyone else in the parent userns becomes nobody in the child userns | 05:08:26 |
