~ruther/guix-local: guix-install.sh: Add the “kvm” GID to /etc/subgid.

aa12beb7503a13b13a9a417fbd094f5d4a9b5fa6 — Ludovic Courtès 11 months ago a92d98a

guix-install.sh: Add the “kvm” GID to /etc/subgid.

* etc/guix-install.sh (SYSTEMD_REQUIRE): New variable.
(sys_create_build_user): Populate /etc/subgid.

Change-Id: I989c3ff682453d8d65e313c89fb751a20aa48bb8

patch browse .tar.gz

1 files changed, 12 insertions(+), 0 deletions(-)

M etc/guix-install.sh

M etc/guix-install.sh => etc/guix-install.sh +12 -0

@@ 91,6 91,11 @@ SYSV_INIT_REQUIRE=(
     "daemonize"
 )
 
+# Unprivileged guix-daemon requires 'newgidmap'.
+SYSTEMD_REQUIRE=(
+    "newgidmap"
+)
+
 PAS=$'[ \033[32;1mPASS\033[0m ] '
 ERR=$'[ \033[31;1mFAIL\033[0m ] '
 WAR=$'[ \033[33;1mWARN\033[0m ] '


@@ 516,6 521,13 @@ sys_create_build_user()
 		       guix-daemon"$KVMGROUP"		\
 		       "Unprivileged Guix Daemon User"
 
+	if getent group kvm > /dev/null; then
+	    # Allow 'newgidmap' to map the "kvm" group.
+	    local kvmgid="$(getent group kvm | cut -f3 -d:)"
+	    _msg_info "allowing kvm mapping (GID $kvmgid) for unprivileged guix-daemon"
+	    echo "guix-daemon:$kvmgid:1" >> /etc/subgid
+	fi
+
 	# ‘tar xf’ creates root:root files.  Change that.
 	chown -R guix-daemon:guix-daemon /gnu /var/guix
 	chown -R root:root /var/guix/profiles/per-user/root