Mark H Weaver <m...@netris.org> writes: […] > Ricardo Wurmus <rek...@elephly.net> writes: […] >> I see. Unfortunately you will end up having to compile everything from >> source, C library, GCC,… — all of it. When using a different store >> location it is impossible to use pre-built binaries, unfortunately. > > If one is able to obtain write access to any directory accessible via an > absolute path name of no more than 10 bytes, e.g. "/tmp/xxxxx", > "/var/tmp/x", "/home/xx/x", or possibly even "/home/xxxx" or > "/home/xxx", then it may be possible to avoid compiling everything from > source code.
I think it’s worth supporting prefix rewrites. On a system where the user does not have root access and no user namespaces the daemon will not be able to build anything in isolation. The best case here is to *only* use substitutes and to limit the local operations to rewriting the prefix. This requires modifying store items before unpacking them. Since root is not involved this should only ever affect one user. -- Ricardo
