Hi Csepp, 2023/05/20 00:29, Csepp:
> Remco van 't Veer <re...@remworks.net> writes: > >> Hi Maxim and Zimoun, >> >> 2023/02/09 13:26, Remco van 't Veer: >> >>> I think I know what is causing the issue. Both the "standard" mysql and >>> postgres containers use user-id 999 to run the database service (this >>> seems like a common practice because the redis container is configured >>> similarly). That user-id is also configured as guixbuilder01 so I guess >>> the guix daemon is killing those when processes when it finishes doing >>> builds. >> >> I found a solution / workaround for this problem by using >> "userns-remap". This feature allows the remapping of uids and guids to >> different ranges. I tried it by hacking the required files into my >> etc-directory and it works; guix no long kills my database containers. >> >> I'd like to add this feature to docker-service-type having a new >> configuration option named enable-userns-remap? which introduces a new >> user and group (both named dockremap) to do the remapping by adding some >> configurable number to the uids and guids of the running container. In >> /etc/subuid and /etc/subgid it would look like: >> >> dockremap:100000:65536 >> >> See https://docs.docker.com/engine/security/userns-remap/ for >> documentation about this. >> >> WDYT? >> >> Cheers, >> Remco > > The rootless podman example that was shared a few months ago could be > relevant to this, since that also adds a subuid/subgid mapping. Thanks! Borrowed that. For future reference: https://lists.gnu.org/archive/html/guix-devel/2023-03/msg00176.html Cheers, Remco
