lix-project/lix
18
45
Fork 24
Code Issues 315 Code Review (Gerrit) Projects 1 Releases Wiki Activity

move documentation on auto-allocate-uids to options docs

Browse source 
this is where it belongs and can be found together with the other
options.
This commit is contained in:
Valentin Gagarin 2022-12-01 04:40:02 +01:00
parent 16b03f03af
commit 0ea62670ed
2 changed files with 48 additions and 30 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
doc/manual/src/release-notes/rl-next.md
View file

@ -12,43 +12,37 @@
([#7260](https://github.com/NixOS/nix/pull/7260)). ([#7260](https://github.com/NixOS/nix/pull/7260)).
* Nix can now automatically pick UIDs for builds, removing the need to * Nix can now automatically pick UIDs for builds, removing the need to
create `nixbld*` user accounts. These UIDs are allocated starting at create `nixbld*` user accounts.
872415232 (0x34000000) on Linux and 56930 on macOS.
This is an experimental feature. To enable it, add the following to See [`auto-allocate-uids`].
`nix.conf`:
``` [`auto-allocate-uids`]: (../command-ref/conf-file.md#conf-auto-allocate-uids)
extra-experimental-features = auto-allocate-uids
auto-allocate-uids = true
```
* On Linux, Nix can now run builds in a user namespace where the build * On Linux, Nix can now run builds in a user namespace where the build
runs as root (UID 0) and has 65,536 UIDs available. This is runs as root (UID 0) and has 65,536 UIDs available.
primarily useful for running containers such as `systemd-nspawn`
inside a Nix build. For an example, see
https://github.com/NixOS/nix/blob/67bcb99700a0da1395fa063d7c6586740b304598/tests/systemd-nspawn.nix.
A build can enable this by requiring the `uid-range` system feature, <!-- FIXME: move this to its own section about system features -->
i.e. by setting the derivation attribute
This is primarily useful for running containers such as `systemd-nspawn`
inside a Nix build. For an example, see [`tests/systemd-nspawn/nix`][nspawn].
[nspawn]: https://github.com/NixOS/nix/blob/67bcb99700a0da1395fa063d7c6586740b304598/tests/systemd-nspawn.nix.
A build can enable this by by setting the derivation attribute:
``` ```
requiredSystemFeatures = [ "uid-range" ]; requiredSystemFeatures = [ "uid-range" ];
``` ```
The `uid-range` system feature requires the `auto-allocate-uids` The `uid-range` [system feature] requires the [`auto-allocate-uids`]
setting to be enabled (see above). setting to be enabled.
[system feature]: (../command-ref/conf-file.md#conf-system-features),
* On Linux, Nix has experimental support for running builds inside a * On Linux, Nix has experimental support for running builds inside a
cgroup. It can be enabled by adding cgroup.
``` See [`use-cgroups`](../command-ref/conf-file.md#conf-use-cgroups).
extra-experimental-features = cgroups
use-cgroups = true
```
to `nix.conf`. Cgroups are required for derivations that require the
`uid-range` system feature.
* `nix build --json` now prints some statistics about top-level * `nix build --json` now prints some statistics about top-level
derivations, such as CPU statistics when cgroups are enabled. derivations, such as CPU statistics when cgroups are enabled.

36
src/libstore/globals.hh
View file

@ -284,7 +284,21 @@ public:
)"}; )"};
Setting<bool> autoAllocateUids{this, false, "auto-allocate-uids", Setting<bool> autoAllocateUids{this, false, "auto-allocate-uids",
"Whether to allocate UIDs for builders automatically."}; R"(
Whether to allocate UIDs for builders automatically.
These UIDs are allocated starting at 872415232 (0x34000000) on Linux and 56930 on macOS.
> **Warning**
> This is an experimental feature.
To enable it, add the following to [`nix.conf`](#):
```
extra-experimental-features = auto-allocate-uids
auto-allocate-uids = true
```
)"};
Setting<uint32_t> startId{this, Setting<uint32_t> startId{this,
#if __linux__ #if __linux__
@ -308,11 +322,21 @@ public:
Setting<bool> useCgroups{ Setting<bool> useCgroups{
this, false, "use-cgroups", this, false, "use-cgroups",
R"( R"(
Whether to execute builds inside cgroups. Cgroups are Whether to execute builds inside cgroups.
enabled automatically for derivations that require the Only on Linux with systemd.
`uid-range` system feature.
)" cgroups are required and enabled automatically for derivations that require the `uid-range` system feature.
};
> **Warning**
> This is an experimental feature.
To enable it, add the following to [`nix.conf`](#):
```
extra-experimental-features = cgroups
use-cgroups = true
```
)"};
#endif #endif
Setting<bool> impersonateLinux26{this, false, "impersonate-linux-26", Setting<bool> impersonateLinux26{this, false, "impersonate-linux-26",