diff options
author | Mike Gerwitz <mtg@gnu.org> | 2018-01-25 22:29:32 -0500 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2018-03-02 11:55:43 +0100 |
commit | e37944d8270cdca5729e3583136c4fe9d487779c (patch) | |
tree | 4763f4f0857f140d6082c4ebd4633cefb42811a9 /doc/guix.texi | |
parent | 07ec349229eeae9f733fe92a300c7cfa4cf8e321 (diff) | |
download | patches-e37944d8270cdca5729e3583136c4fe9d487779c.tar patches-e37944d8270cdca5729e3583136c4fe9d487779c.tar.gz |
environment: Add --user.
This change allows overriding the home directory of all filesystem mappings to
help hide the identity of the calling user in a container.
* doc/guix.texi (Invoking guix environment)[--container]: Mention --user.
[--user]: Add item.
* guix/scripts/environment.scm (show-help): Add --user.
(%options): Add --user.
(launch-environment/container) Add 'user' parameter. Update doc. Override
'user-mappings' using 'override-user-mappings'. Consider override for chdir.
(mock-passwd, user-override-home, overrid-euser-dir): New procedures.
(guix-environment): Disallow --user without --container. Provide user to
'launch-environment/container'.
* tests/guix-environment.sh: Add user test.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'doc/guix.texi')
-rw-r--r-- | doc/guix.texi | 34 |
1 files changed, 30 insertions, 4 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 826f924d22..d35ce0e26b 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -7286,10 +7286,11 @@ Attempt to build for @var{system}---e.g., @code{i686-linux}. @cindex container Run @var{command} within an isolated container. The current working directory outside the container is mapped inside the container. -Additionally, a dummy home directory is created that matches the current -user's home directory, and @file{/etc/passwd} is configured accordingly. -The spawned process runs as the current user outside the container, but -has root privileges in the context of the container. +Additionally, unless overridden with @code{--user}, a dummy home +directory is created that matches the current user's home directory, and +@file{/etc/passwd} is configured accordingly. The spawned process runs +as the current user outside the container, but has root privileges in +the context of the container. @item --network @itemx -N @@ -7313,6 +7314,31 @@ example, the @code{fontconfig} package inspects @code{--link-profile} allows these programs to behave as expected within the environment. +@item --user=@var{user} +@itemx -u @var{user} +For containers, use the username @var{user} in place of the current +user. The generated @file{/etc/passwd} entry within the container will +contain the name @var{user}; the home directory will be +@file{/home/USER}; and no user GECOS data will be copied. @var{user} +need not exist on the system. + +Additionally, any shared or exposed path (see @code{--share} and +@code{--expose} respectively) whose target is within the current user's +home directory will be remapped relative to @file{/home/USER}; this +includes the automatic mapping of the current working directory. + +@example +# will expose paths as /home/foo/wd, /home/foo/test, and /home/foo/target +cd $HOME/wd +guix environment --container --user=foo \ + --expose=$HOME/test \ + --expose=/tmp/target=$HOME/target +@end example + +While this will limit the leaking of user identity through home paths +and each of the user fields, this is only one useful component of a +broader privacy/anonymity solution---not one in and of itself. + @item --expose=@var{source}[=@var{target}] For containers, expose the file system @var{source} from the host system as the read-only file system @var{target} within the container. If |