aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2014-01-18 16:48:29 +0100
committerLudovic Courtès <ludo@gnu.org>2014-01-18 22:32:50 +0100
commitd43eb499a6c112af609118803c6cd33fbcedfa43 (patch)
tree666deede607f0d64ad1266a60317bd6a2ee48a2c /doc
parentb97c95eb3c4894bbbe7b645b163147e3f837e754 (diff)
downloadgnu-guix-d43eb499a6c112af609118803c6cd33fbcedfa43.tar
gnu-guix-d43eb499a6c112af609118803c6cd33fbcedfa43.tar.gz
Update 'nix-upstream' sub-module; adjust build system, doc, and substituter.
* nix-upstream: Update sub-module. * daemon.am (libutil_a_SOURCES): Add affinity.cc. (libutil_headers): Add affinity.hh. (libexec_PROGRAMS, nix_setuid_helper_SOURCES, nix_setuid_helper_CPPFLAGS, nix_setuid_helper_LDADD): Remove. * doc/guix.texi (Setting Up the Daemon): Remove paragraph about 'nix-setuid-helper'. * guix/scripts/substitute-binary.scm (guix-substitute-binary): Exit 0 when %CACHE-URL has an HTTP scheme and looking up its host fails. Always print a newline to stdout when starting.
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi16
1 files changed, 1 insertions, 15 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 2081dd13ad..2c40fa83f3 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -245,21 +245,7 @@ archive}):
# guix archive --generate-key
@end example
-Guix may also be used in a single-user setup, with @command{guix-daemon}
-running as an unprivileged user. However, to maximize non-interference
-of build processes, the daemon still needs to perform certain operations
-that are restricted to @code{root} on GNU/Linux: it should be able to
-run build processes in a chroot, and to run them under different UIDs.
-To that end, the @command{nix-setuid-helper} program is provided; it is
-a small C program (less than 300 lines) that, if it is made setuid
-@code{root}, can be executed by the daemon to perform these operations
-on its behalf. The @code{root}-owned @file{/etc/nix-setuid.conf} file
-is read by @command{nix-setuid-helper}; it should contain exactly two
-words: the user name under which the authorized @command{guix-daemon}
-runs, and the name of the build users group.
-
-If you are installing Guix as an unprivileged user and do not have the
-ability to make @file{nix-setuid-helper} setuid-@code{root}, it is still
+If you are installing Guix as an unprivileged user, it is still
possible to run @command{guix-daemon}. However, build processes will
not be isolated from one another, and not from the rest of the system.
Thus, build processes may interfere with each other, and may access