summaryrefslogtreecommitdiff
path: root/gnu/build
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2023-01-30 22:20:18 +0100
committerLudovic Courtès <ludo@gnu.org>2023-01-30 22:24:27 +0100
commit0ef8fe22ed8985c9656835fc25ab3463d55b6669 (patch)
tree87f453456f8d29da3c4eca9f8f495e17ce9a3d97 /gnu/build
parent52eb3db19cb9e5c294c86a8552a4baaa5b473672 (diff)
linux-container: 'container-excursion' forks to join the PID namespace.
Fixes <https://issues.guix.gnu.org/61156>. * gnu/build/linux-container.scm (container-excursion): Add extra call to 'primitive-fork' and invoke THUNK in the child process. * tests/containers.scm ("container-excursion"): Remove extra 'primitive-fork' call, now unnecessary. ("container-excursion*, /proc"): New test.
Diffstat (limited to 'gnu/build')
-rw-r--r--gnu/build/linux-container.scm13
1 files changed, 11 insertions, 2 deletions
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index d11c49c0d8..dee6885400 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2017-2019, 2022 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2017-2019, 2022, 2023 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -432,7 +432,16 @@ return the exit status, an integer as returned by 'waitpid'."
'("user" "ipc" "uts" "net" "pid" "mnt"))
(purify-environment)
(chdir "/")
- (thunk))))
+
+ ;; Per setns(2), changing the PID namespace only applies to child
+ ;; processes, not to the process itself. Thus fork so that THUNK runs
+ ;; in the right PID namespace, which also gives it access to /proc.
+ (match (primitive-fork)
+ (0 (call-with-clean-exit thunk))
+ (pid (primitive-exit
+ (match (waitpid pid)
+ ((_ . status)
+ (or (status:exit-val status) 127)))))))))
(pid
(match (waitpid pid)
((_ . status)