Age | Commit message (Expand) | Author |
2016-11-10 | container: Pass a list of <file-system> objects as things to mount....* gnu/build/linux-container.scm (mount-file-systems): 'mounts' is now a
list of <file-system> objects instead of a list of lists ("specs").
Add call to 'file-system->spec' as the argument to 'mount-file-system'.
(run-container, call-with-container): Adjust docstring accordingly.
* gnu/system/file-systems.scm (spec->file-system): New procedure.
* gnu/system/linux-container.scm (container-script)[script]: Call
'spec->file-system' inside gexp.
* guix/scripts/environment.scm (launch-environment/container): Remove
call to 'file-system->spec'.
* tests/containers.scm ("call-with-container, mnt namespace")
("call-with-container, mnt namespace, wrong bind mount"): Pass a list of
<file-system> objects.
| Ludovic Courtès |
2016-10-19 | container: Allow 'container-excursion' to the same namespaces....Before that, 'container-excursion' would call 'setns' even when the
target namespace is the one the caller is already in, which would fail.
* gnu/build/linux-container.scm (container-excursion): Introduce
'source' and 'target'. Compare the result of 'readlink' on these
instead of comparing file descriptors to decide whether to call
'setns'.
* tests/containers.scm ("container-excursion, same namespace"): New test.
| Ludovic Courtès |
2016-05-31 | container: Gracefully report mount errors in the child process....Fixes <http://bugs.gnu.org/23306>.
* gnu/build/linux-container.scm (run-container): Use 'socketpair'
instead of 'pipe'. Rename 'in' to 'child' and 'out' to 'parent'. Send
a 'ready message or an exception argument list from the child to the
parent; adjust the parent accordingly.
* tests/containers.scm ("call-with-container, mnt namespace, wrong bind
mount"): New test.
* tests/guix-environment-container.sh: Add test with
--expose=/does-not-exist.
| Ludovic Courtès |
2016-05-31 | container: Gracefully handle failure to set up user namespaces....* gnu/build/linux-container.scm (run-container): Exit when the parent
process doesn't say 'ready.
| Ludovic Courtès |
2016-01-23 | build: container: Make 'unprivileged-user-namespace-supported?' more robust....* gnu/build/linux-container.scm (unprivileged-user-namespace-supported?): Only
read and check the first character, to cope with a possible newline in the
(pseudo-)file.
| Mark H Weaver |
2015-11-03 | build: container: Add feature test predicates....* gnu/build/linux-container.scm (user-namespace-supported?,
unprivileged-user-namespace-supported?, setgroups-supported?): New
procedures.
* tests/container.scm: Use predicates.
* tests/syscalls.scm: Likewise.
| David Thompson |
2015-10-28 | container: Remove unnecessary CLONE_CHILD_* flags....* gnu/build/linux-container.scm (namespaces->bit-mask): Remove
CLONE_CHILD_CLEARTID and CLONE_CHILD_SETTID, which are unneeded.
Discussed at <http://bugs.gnu.org/21694>.
| Ludovic Courtès |
2015-10-10 | build: container: Fix call-with-clean-exit....Before, call-with-clean-exit would *always* return an exit code of 1.
* gnu/build/linux-container.scm (call-with-clean-exit): Exit with status
code of 0 if thunk does not throw an exception.
* tests/containers.scm: Add test.
| David Thompson |
2015-09-07 | build: container: Use the same clone flags as fork(3)....The intent is to make 'clone' behave a lot more like 'primitive-fork', which
calls clone(2) with SIGCHLD, CLONE_CHILD_CLEARTID, and CLONE_CHILD_SETTID
flags. Notably, running 'clone' at the REPL without these flags would break
the REPL beyond repair.
* guix/build/syscalls.scm (CLONE_CHILD_CLEARTID, CLONE_CHILD_SETTID): New
variables.
* gnu/build/linux-container.scm (namespaces->bit-mask): Add
CLONE_CHILD_CLEARTID and CLONE_CHILD_SETTID to bit mask.
| David Thompson |
2015-09-07 | build: container: Setup /dev/console....* gnu/build/linux-container.scm (mount-file-systems): Bind mount the
controlling terminal as /dev/console.
| David Thompson |
2015-08-08 | build: container: Add #:host-uids argument to call-with-container....It's not always possible to map 65536 uids when creating a container as the
root user within another user namespace. This is true when building Guix
within the build daemon's container. By using a uid range of 1 by default,
even as the root user, the tests now pass.
* gnu/build/linux-container.scm (initialize-user-namespace, run-container):
Add 'host-uids' argument.
(call-with-container): Add #:host-uids keyword argument.
* tests/containers.scm ("container-excursion"): Update 'run-container' call.
| David Thompson |
2015-07-09 | gnu: build: Add Linux container module....* gnu/build/linux-container.scm: New file.
* gnu-system.am (GNU_SYSTEM_MODULES): Add it.
* .dir-locals.el: Add Scheme indent rules for 'call-with-container', and
'container-excursion'.
* tests/containers.scm: New file.
* Makefile.am (SCM_TESTS): Add it.
| David Thompson |