environment: Do not attempt to map GID 0 when invoked as root.

* guix/scripts/environment.scm (launch-environment/container): Set ‘gid’ to 1000 when ‘getgid’ returns zero. Fixes: guix/guix#4234 Reported-by: Maxim Cournoyer <maxim@guixotic.coop> Change-Id: I781f2939dfd3cda23373d2fa03e288995bce9eb9
author: Ludovic Courtès <ludo@gnu.org> 2025-12-17 18:01:04 +0100
committer: Ludovic Courtès <ludo@gnu.org> 2025-12-19 00:05:43 +0100
commit: 7b9c30de1fba4ec190ca7fb6f2d85ddc802f7778 (patch)
tree: f5339f085d0c5a36a76c2aea9d657aac87209789
parent: 0c60cfcd37476fabfc5e8a945edecdfb22783370 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index 1b3b1312ea3..b2e715c6ddd 100644
--- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -828,7 +828,13 @@ WHILE-LIST."
      (let* ((cwd      (getcwd))
             (home     (getenv "HOME"))
             (uid      (if user 1000 (getuid)))
-            (gid      (if user 1000 (getgid)))
+            (gid      (if user
+                          1000
+                          ;; When running as root, always map a non-zero GID
+                          ;; or writing to 'gid_map' would fail with EPERM.
+                          (match (getgid)
+                            (0 1000)
+                            (gid gid))))
 
             ;; On a foreign distro, the name service switch might be
             ;; dysfunctional and 'getpwuid' throws.  Don't let that hamper
author	Ludovic Courtès <ludo@gnu.org>	2025-12-17 18:01:04 +0100
committer	Ludovic Courtès <ludo@gnu.org>	2025-12-19 00:05:43 +0100
commit	7b9c30de1fba4ec190ca7fb6f2d85ddc802f7778 (patch)
tree	f5339f085d0c5a36a76c2aea9d657aac87209789
parent	0c60cfcd37476fabfc5e8a945edecdfb22783370 (diff)