summaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorMike Gerwitz <mtg@gnu.org>2018-01-25 22:29:32 -0500
committerLudovic Courtès <ludo@gnu.org>2018-03-02 11:55:43 +0100
commite37944d8270cdca5729e3583136c4fe9d487779c (patch)
tree4763f4f0857f140d6082c4ebd4633cefb42811a9 /doc
parent07ec349229eeae9f733fe92a300c7cfa4cf8e321 (diff)
downloadpatches-e37944d8270cdca5729e3583136c4fe9d487779c.tar
patches-e37944d8270cdca5729e3583136c4fe9d487779c.tar.gz
environment: Add --user.
This change allows overriding the home directory of all filesystem mappings to help hide the identity of the calling user in a container. * doc/guix.texi (Invoking guix environment)[--container]: Mention --user. [--user]: Add item. * guix/scripts/environment.scm (show-help): Add --user. (%options): Add --user. (launch-environment/container) Add 'user' parameter. Update doc. Override 'user-mappings' using 'override-user-mappings'. Consider override for chdir. (mock-passwd, user-override-home, overrid-euser-dir): New procedures. (guix-environment): Disallow --user without --container. Provide user to 'launch-environment/container'. * tests/guix-environment.sh: Add user test. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi34
1 files changed, 30 insertions, 4 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 826f924d22..d35ce0e26b 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7286,10 +7286,11 @@ Attempt to build for @var{system}---e.g., @code{i686-linux}.
@cindex container
Run @var{command} within an isolated container. The current working
directory outside the container is mapped inside the container.
-Additionally, a dummy home directory is created that matches the current
-user's home directory, and @file{/etc/passwd} is configured accordingly.
-The spawned process runs as the current user outside the container, but
-has root privileges in the context of the container.
+Additionally, unless overridden with @code{--user}, a dummy home
+directory is created that matches the current user's home directory, and
+@file{/etc/passwd} is configured accordingly. The spawned process runs
+as the current user outside the container, but has root privileges in
+the context of the container.
@item --network
@itemx -N
@@ -7313,6 +7314,31 @@ example, the @code{fontconfig} package inspects
@code{--link-profile} allows these programs to behave as expected within
the environment.
+@item --user=@var{user}
+@itemx -u @var{user}
+For containers, use the username @var{user} in place of the current
+user. The generated @file{/etc/passwd} entry within the container will
+contain the name @var{user}; the home directory will be
+@file{/home/USER}; and no user GECOS data will be copied. @var{user}
+need not exist on the system.
+
+Additionally, any shared or exposed path (see @code{--share} and
+@code{--expose} respectively) whose target is within the current user's
+home directory will be remapped relative to @file{/home/USER}; this
+includes the automatic mapping of the current working directory.
+
+@example
+# will expose paths as /home/foo/wd, /home/foo/test, and /home/foo/target
+cd $HOME/wd
+guix environment --container --user=foo \
+ --expose=$HOME/test \
+ --expose=/tmp/target=$HOME/target
+@end example
+
+While this will limit the leaking of user identity through home paths
+and each of the user fields, this is only one useful component of a
+broader privacy/anonymity solution---not one in and of itself.
+
@item --expose=@var{source}[=@var{target}]
For containers, expose the file system @var{source} from the host system
as the read-only file system @var{target} within the container. If