diff options
author | Ludovic Courtès <ludo@gnu.org> | 2023-11-11 16:04:57 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2023-12-22 00:31:40 +0100 |
commit | 43acd98e4133074598b826f5406b4a3e58ffb3b6 (patch) | |
tree | 9dda36c49f5ca329ef84d4d8373d2b276442fd0d /gnu | |
parent | 11a454f9dae84cc00b977d164dae764454ecb11d (diff) |
services: pagekite: Use ‘least-authority-wrapper’.
* gnu/services/networking.scm (pagekite-shepherd-service): Define
‘config-file’ and ‘mappings’; define ‘pagekite’ in terms of
‘least-authority-wrapper’. Remove now-unneeded ‘with-imported-modules’
form and ‘modules’ field. Use ‘make-forkexec-constructor’ instead of
‘make-forkexec-constructor/container’.
Change-Id: I7c6c6266785f6a0f81a69d85f070779a0d6edd91
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/services/networking.scm | 35 |
1 files changed, 20 insertions, 15 deletions
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 0508a4282c..d3376f9acb 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -1918,29 +1918,34 @@ table inet filter { (define (pagekite-shepherd-service config) (match-record config <pagekite-configuration> (package kitename kitesecret frontend kites extra-file) - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) + (let* ((config-file (pagekite-configuration-file config)) + (mappings (cons (file-system-mapping + (source config-file) + (target source)) + (if extra-file + (list (file-system-mapping + (source extra-file) + (target source))) + '()))) + (pagekite (least-authority-wrapper + (file-append package "/bin/pagekite") + #:name "pagekite" + #:mappings mappings + ;; 'pagekite' changes user IDs to it needs to run in the + ;; global user namespace. + #:namespaces (fold delq %namespaces '(net user))))) (shepherd-service (documentation "Run the PageKite service.") (provision '(pagekite)) (requirement '(networking)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$(file-append package "/bin/pagekite") + (start #~(make-forkexec-constructor + (list #$pagekite "--clean" "--nullui" "--nocrashreport" "--runas=pagekite:pagekite" - (string-append "--optfile=" - #$(pagekite-configuration-file config))) - #:log-file "/var/log/pagekite.log" - #:mappings #$(if extra-file - #~(list (file-system-mapping - (source #$extra-file) - (target source))) - #~'()))) + (string-append "--optfile=" #$config-file)) + #:log-file "/var/log/pagekite.log")) ;; SIGTERM doesn't always work for some reason. (stop #~(make-kill-destructor SIGINT)))))) |