| 2 Jun 2024 |
 @irenes:matrix.org | chroot is the more general mechanism I think? it allows more than one of those to coexist | 21:08:28 |
| @irenes:matrix.org | but I don't know the details of pam_mount | 21:08:34 |
| @irenes:matrix.org | I can definitely think of cases involving testing or bring-up of other machines where I'd want more than one store, though it's ALMOST never needed | 21:09:02 |
 ⚠️ eldritch horrors operating in this area ⚠️ | you can combine pam_mount and pam_namespace to do what the chroot helper thing does, but for an entire user session | 21:11:24 |
| @irenes:matrix.org | oh neat! | 21:11:51 |
| @irenes:matrix.org | hm | 21:11:54 |
| @irenes:matrix.org | should it be tied to user sessions? | 21:11:58 |
| ⚠️ eldritch horrors operating in this area ⚠️ | this is just unnecessary complexity that is rarely if ever used, and only supported on linux to begin with | 21:11:59 |
| @irenes:matrix.org | isn't being able to do it per-invocation more flexible? | 21:12:09 |
| ⚠️ eldritch horrors operating in this area ⚠️ | In reply to @irenes:matrix.org
should it be tied to user sessions? it doesn't hurt since every session gets the same mounts anyway | 21:12:16 |
| ⚠️ eldritch horrors operating in this area ⚠️ | In reply to @irenes:matrix.org
isn't being able to do it per-invocation more flexible? not if the setup is always the same | 21:12:27 |
| @irenes:matrix.org | oh I see, the pam_mount way wouldn't require lix support | 21:12:34 |
| @irenes:matrix.org | right but what if the setup isn't always the same | 21:12:47 |
| @irenes:matrix.org | I just want to understand the argument, I'm not advocating for any particular position | 21:12:59 |
| ⚠️ eldritch horrors operating in this area ⚠️ | the thing lix inherits from nix is just actively breaking certain things by trying to support stuff on its own that's better done elseways | 21:13:15 |
| @irenes:matrix.org | I see, yeah | 21:13:25 |
| ⚠️ eldritch horrors operating in this area ⚠️ | check src/nix/run.cpp L37 ff for a comment explaining just how much fuckery this is currently <,< | 21:14:10 |
| ⚠️ eldritch horrors operating in this area ⚠️ | this is specia-cased in nix {shell,run} specifically for some reason | 21:14:31 |
| ⚠️ eldritch horrors operating in this area ⚠️ | * this is special-cased in nix {shell,run} specifically for some reason | 21:14:34 |
| ⚠️ eldritch horrors operating in this area ⚠️ | anyway, issue: https://git.lix.systems/lix-project/lix/issues/372 | 21:16:08 |
| @irenes:matrix.org | thanks - I'll look in more detail at some point when I have actual time | 21:19:47 |
| ⚠️ eldritch horrors operating in this area ⚠️ | no rush :3 | 21:21:06 |
|  dadada changed their profile picture. | 23:02:41 |
| dadada changed their profile picture. | 23:04:20 |
| dadada changed their profile picture. | 23:09:17 |
| 3 Jun 2024 |
 aloisw | In reply to @pennae:matrix.eno.space
honest question: why should we support, in lix itself, store relocation via chroot as is done now (ie, single-user instances placing the store in eg ~/.nix-store but substituting/building for it being at /nix/store and "fixing" that at runtime with linux namespace fuckery)
we'd argue this should be a "just pam_mount it" type deal pam_mount requires setup by the system administrator. | 04:48:17 |
| aloisw | That said, bubblewrap doesn't and work quite well. | 04:48:35 |
 jade_ | 
Download image.png | 08:07:55 |
| jade_ | (this is a sneak peek, it still needs some operationalizing) | 08:08:18 |
| jade_ | i have done a backfill run. i now need to actually deploy it properly | 09:57:07 |
