| 19 May 2026 |
 Tails | Yay! lol | 13:09:54 |
|  todo joined the room. | 15:40:59 |
|  amadaluzia changed their profile picture. | 20:56:36 |
| 20 May 2026 |
|  Tickle set a profile picture. | 10:03:21 |
 Mic92 | Any negative downside if we namespace binfmt inside nix builds? https://github.com/lxc/lxc/issues/4520 could be very useful to work around partially broken cross builds. | 14:37:35 |
 K900 | This will break people intentionally using qemu-user or similar system wide | 14:39:23 |
 dramforever | tbh i don't like "work around partially broken cross builds" | 14:42:09 |
| Mic92 | Okay but than you can actually make this implicit behaviour explicit | 14:42:21 |
| dramforever | buuuuuut i made this for the other way around, un-working-around broken cross builds if you have global binfmt_misc https://github.com/NixOS/nix/pull/15539 | 14:43:27 |
| Mic92 | In reply to @dramforever:matrix.org
tbh i don't like "work around partially broken cross builds" Live is too short to have to patch all kinds of broken perl packages | 14:43:34 |
| dramforever | the annoying thing is you have to be root to write to binfmt_misc, because the thing is hard coded to be owned by 0:0 in its userns | 14:44:59 |
| dramforever | but also, if you want to, you can just mount your own binfmt_misc | 14:47:47 |
| dramforever | without nix even knowing it | 14:47:55 |
| Mic92 | In reply to @dramforever:matrix.org
the annoying thing is you have to be root to write to binfmt_misc, because the thing is hard coded to be owned by 0:0 in its userns I think we already have this for container enabled builds... But it is a bit annoying if we would have to rely on it | 14:48:03 |
| dramforever | as in, if you want to modify derivations | 14:48:11 |
| dramforever | you can just do the cursed dance to get yourself into a user namespace with a binfmt_misc you manage | 14:48:54 |
| dramforever | ... actually let me check something brb | 14:51:46 |
| Mic92 | @dramforever:matrix.org: I put it on my review list but let me know if I don't get back in a week | 14:55:47 |
| Mic92 | It looks mostly fine I did just want to read the double userns stuff again on a bigger screen | 14:56:46 |
| dramforever | Mic92: so i don't know how to do it with https://man7.org/linux/man-pages/man1/unshare.1.html, might try later, but what i did in #15539 shows that you can definitely give yourself binfmt_misc without privileges | 15:06:04 |
| dramforever | * Mic92: so i don't know how to do it with https://man7.org/linux/man-pages/man1/unshare.1.html, might try later, but what i did in #15539 shows that you can definitely give yourself a binfmt_misc without privileges | 15:06:11 |
| dramforever | as said in the pr description #15539 works even on rootless nix | 15:06:29 |
| dramforever | so if you're willing to do surgery on the bad perl stuff, i think you can get away with not touching nix at all | 15:07:08 |
| dramforever | * so if you're willing to do derivation surgery on the bad perl stuff, i think you can get away with not touching nix at all | 15:07:17 |
| dramforever | i'm thinking about the implications of a more literal "Allow write access to binfmt_misc when using Linux kernel >= 6.7", as in the title of that lxc issue, but currently i'm inclined to think we don't want that | 15:08:48 |
| dramforever | you might also want to know that there's no way to add binfmt_misc interpreters for a userns, only fully replace, so theoretically you can run into problems with an inner binfmt_misc on an binfmt_misc-emulated-cross build but at that point you're stretching everything too hard | 15:14:56 |
| dramforever | * you might also want to know that there's no way to add binfmt_misc interpreters for a userns, only fully replace, so theoretically you can run into problems with an inner binfmt_misc on an binfmt_misc-emulated-cross build but at that point you're stretching everything too hard (does qemu user even work for this? maybe there are less strech scenarios. idk.) | 15:15:21 |
| dramforever | okay i read the actual man page and you can do the double userns dance with
unshare --map-root-user --pid --fork --load-interp ":py:E::py::$(which python3):" unshare --map-user "$(id -u)" --map-group "$(id -g)" bash | 15:38:02 |
| dramforever | * okay i read the actual man page and you can do the double userns dance with something like
unshare --map-root-user --pid --fork --load-interp ":py:E::py::$(which python3):" unshare --map-user "$(id -u)" --map-group "$(id -g)" bash | 15:38:13 |
| dramforever | make of that what you will | 15:41:57 |
