2.1.1

What's Changed

• tests: resolve profile user via getpwuid by @Mic92 in #133

Full Changelog: 2.1.0...2.1.1

2.1.0

Highlights

Nested user namespaces work again. Tools like bwrap, flatpak, and nixpkgs buildFHSEnv wrappers (e.g. davinci-resolve, steam) can now run inside nix-user-chroot. This was broken since v1.1.0 when we switched from pivot_root to chroot — the kernel refuses to create new user namespaces from a chrooted process. Reverting to pivot_root fixes #57.

Other changes

• README refreshed: dropped the stale "unmaintained" notice and updated the user-namespace setup instructions.
• Dev environment: added .envrc for direnv users, fixed the flake devShell, and added a flake.lock.
• Release automation: fixed a race in the release script and added changelog filtering.

Full Changelog: 2.0.0...2.1.0

2.0.0

First release in five years. The headline feature is a config file for customizing what the chroot looks like inside.

What's new

Configure the chroot with path-config.toml

Drop a TOML file at <nixpath>/etc/nix-user-chroot/path-config.toml to tweak the mount layout without recompiling. Three knobs, all optional:

[excludes]
# Keep host paths out. Fixes things like nscd breaking nix's DNS resolver.
paths = ["/var/run/nscd/socket"]

[profile]
# Expose files from your nix profile at standard locations.
# Useful when tools insist on #!/usr/bin/env or similar.
"bin/env" = "/usr/bin/env"

[absolute]
# Bind any host file into the chroot. Handy for a custom /etc/passwd
# on machines where your $HOME has a tiny disk quota.
"/home/me/chroot-passwd" = "/etc/passwd"

See the README for the full reference.

Better diagnostics

Set RUST_LOG=info (or debug) to see exactly what's being mounted where. Previously you got silence or a panic.

Upgrading from 1.x

No changes required — the config file is optional and existing invocations work unchanged.

Thanks

@rrbutani for the config feature, @Eveeifyeve for the flake devshell and rebase, @will-ca for README fixes.

Full Changelog: 1.2.2...2.0.0

minor...

• bump dependencies
• make mounts private.

1.2.1

Update dependencies

1.2.0

Support for mounting opengl-drivers (thanks to @r-burns)

1.1.1

• smaller release binaries

1.1.0

• add arm and aarch64
• use chroot instead pivot_root

1.0.3

bump dependencies

Bind mount files/mirror symlinks

Before we only bind mount directories into the chroot.
This in particular broke on Redhat-derivatives where /lib is a symlink to /usr/lib.