diff options
author | Ludovic Courtès <ludovic.courtes@inria.fr> | 2023-03-23 17:22:38 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2023-04-06 18:34:15 +0200 |
commit | 57db09aae73e3713a10c5253758d84e1046f80dc (patch) | |
tree | e55165d2dc5149e4200a7a854b428bb4d6ec8a46 /doc | |
parent | 58769f92732434cadda565093f5951a1957ccd13 (diff) |
environment: Add '--nesting'.
* guix/scripts/environment.scm (show-environment-options-help)
(%options): Add '--nesting'.
(options/resolve-packages): Handle it.
(launch-environment/container): Add #:nesting? and honor it.
[nesting-mappings]: New procedure.
(guix-environment*): Add support for '--nesting'.
* guix/scripts/shell.scm (profile-cached-gc-root): Special-case
'nesting?'.
* tests/guix-environment-container.sh: Test it.
* doc/guix.texi (Invoking guix shell): Document it.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guix.texi | 51 |
1 files changed, 51 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 4f72e2f34a..c0bd28fdae 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -6357,6 +6357,57 @@ cache (contrary to glibc in regular Guix usage) and set up the expected FHS directories: @file{/bin}, @file{/etc}, @file{/lib}, and @file{/usr} from the container's profile. +@cindex nested containers, for @command{guix shell} +@cindex container nesting, for @command{guix shell} +@item --nesting +@itemx -W +When used with @option{--container}, provide Guix @emph{inside} the +container and arrange so that it can interact with the build daemon that +runs outside the container. This is useful if you want, within your +isolated container, to create other containers, as in this sample +session: + +@example +$ guix shell -CW coreutils +[env]$ guix shell -C guile -- guile -c '(display "hello!\n")' +hello! +[env]$ exit +@end example + +The session above starts a container with @code{coreutils} programs +available in @env{PATH}. From there, we spawn @command{guix shell} to +create a @emph{nested} container that provides nothing but Guile. + +Another example is evaluating a @file{guix.scm} file that is untrusted, +as shown here: + +@example +guix shell -CW -- guix build -f guix.scm +@end example + +The @command{guix build} command as executed above can only access the +current directory. + +Under the hood, the @option{-W} option does several things: + +@itemize +@item +map the daemon's socket (by default +@file{/var/guix/daemon-socket/socket}) inside the container; +@item +map the whole store (by default @file{/gnu/store}) inside the container +such that store items made available by nested @command{guix} +invocations are visible; +@item +add the currently-used @command{guix} command to the profile in the +container, such that @command{guix describe} returns the same state +inside and outside the container; +@item +share the cache (by default @file{~/.cache/guix}) with the host, to +speed up operations such as @command{guix time-machine} and +@command{guix shell}. +@end itemize + @item --rebuild-cache @cindex caching, of profiles @cindex caching, in @command{guix shell} |