Downsides of buildFHSUserEnv

energizer · October 31, 2020, 6:46pm

What is the downside of using buildFHSUserEnv to build packages? Packaging seems to require less work that way, but it isn’t the norm, so there must be a reason. Why aren’t most packages written with buildFHSUserEnv? What’s the downside of using it?

For background, the buildFHSUserEnv docs say:

buildFHSUserEnv provides a way to build and run FHS-compatible lightweight sandboxes. It creates an isolated root with bound /nix/store , so its footprint in terms of disk space needed is quite small. This allows one to run software which is hard or unfeasible to patch for NixOS – 3rd-party source trees with FHS assumptions, games distributed as tarballs, software with integrity checking and/or external self-updated binaries. It uses Linux namespaces feature to create temporary lightweight environments which are destroyed after all child processes exit, without root user rights requirement.

ElvishJerricco · October 31, 2020, 8:12pm

Well for one thing, not all platforms that Nix supports will support buildFHSUserEnv. MacOS doesn’t, and several Linux distros don’t because they disable user namespaces. Secondly, it’s just more complicated. It’s a much simpler design to make the build use the proper native paths out of the gate.

energizer · December 15, 2020, 8:50pm

It’s a much simpler design to make the build use the proper native paths out of the gate.

If that’s the case, why do we have a shared /etc on NixOS, instead of each program getting its configuration files from its own configuration directory?

ElvishJerricco · December 15, 2020, 9:13pm

That is also a very common practice.