Dynamically allocate UIDs

Rather than rely on a nixbld group, we now allocate UIDs/GIDs
dynamically starting at a configurable ID (872415232 by default).

Also, we allocate 2^18 UIDs and GIDs per build, and run the build as
root in its UID namespace. (This should not be the default since it
breaks some builds. We probably should enable this conditional on a
requiredSystemFeature.) The goal is to be able to run (NixOS)
containers in a build. However, this will also require some cgroup
initialisation.

The 2^18 UIDs/GIDs is intended to provide enough ID space to run
multiple containers per build, e.g. for distributed NixOS tests.

1 files changed, 10 insertions, 0 deletions

diff --git a/src/libstore/globals.hh b/src/libstore/globals.hh
index 58cf08763..7dc842bca 100644
--- a/src/libstore/globals.hh
+++ b/src/libstore/globals.hh
@@ -148,6 +148,16 @@ public:
     Setting<std::string> buildUsersGroup{this, "", "build-users-group",
         "The Unix group that contains the build users."};
 
+    #if __linux__
+    const uint32_t idsPerBuild = 1 << 18;
+
+    Setting<uint32_t> startId{this, 872415232, "start-id",
+        "The first UID and GID to use for dynamic ID allocation. (0 means disable.)"};
+
+    Setting<uint32_t> uidCount{this, idsPerBuild * 128, "id-count",
+        "The number of UIDs/GIDs to use for dynamic ID allocation."};
+    #endif
+
     Setting<bool> impersonateLinux26{this, false, "impersonate-linux-26",
         "Whether to impersonate a Linux 2.6 machine on newer kernels.",
         {"build-impersonate-linux-26"}};