From 4949ada9da470b266063ff490438c85541af24cc Mon Sep 17 00:00:00 2001 From: David Thompson Date: Sat, 1 Aug 2015 13:54:40 -0400 Subject: build: container: Setup /dev/console. * gnu/build/linux-container.scm (mount-file-systems): Bind mount the controlling terminal as /dev/console. --- gnu/build/linux-container.scm | 15 +++++++++++++-- 1 file changed, 13 insertions(+), 2 deletions(-) (limited to 'gnu/build') diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm index af599040a1..c004303f03 100644 --- a/gnu/build/linux-container.scm +++ b/gnu/build/linux-container.scm @@ -55,6 +55,9 @@ to ROOT, then make ROOT the new root directory for the process." (define (scope dir) (string-append root dir)) + (define (touch file-name) + (call-with-output-file file-name (const #t))) + (define (bind-mount src dest) (mount src dest "none" MS_BIND)) @@ -89,8 +92,7 @@ to ROOT, then make ROOT the new root directory for the process." (for-each (lambda (device) (when (file-exists? device) ;; Create the mount point file. - (call-with-output-file (scope device) - (const #t)) + (touch (scope device)) (bind-mount device (scope device)))) '("/dev/null" "/dev/zero" @@ -101,6 +103,15 @@ to ROOT, then make ROOT the new root directory for the process." "/dev/ptmx" "/dev/fuse")) + ;; Setup the container's /dev/console by bind mounting the pseudo-terminal + ;; associated with standard input. + (let ((in (current-input-port)) + (console (scope "/dev/console"))) + (when (isatty? in) + (touch console) + (chmod console #o600) + (bind-mount (ttyname in) console))) + ;; Setup standard input/output/error. (symlink "/proc/self/fd" (scope "/dev/fd")) (symlink "/proc/self/fd/0" (scope "/dev/stdin")) -- cgit v1.2.3 From ee78d02452208b3cfd971cd5533570a1d3523512 Mon Sep 17 00:00:00 2001 From: David Thompson Date: Sat, 5 Sep 2015 14:10:08 -0400 Subject: build: container: Use the same clone flags as fork(3). The intent is to make 'clone' behave a lot more like 'primitive-fork', which calls clone(2) with SIGCHLD, CLONE_CHILD_CLEARTID, and CLONE_CHILD_SETTID flags. Notably, running 'clone' at the REPL without these flags would break the REPL beyond repair. * guix/build/syscalls.scm (CLONE_CHILD_CLEARTID, CLONE_CHILD_SETTID): New variables. * gnu/build/linux-container.scm (namespaces->bit-mask): Add CLONE_CHILD_CLEARTID and CLONE_CHILD_SETTID to bit mask. --- gnu/build/linux-container.scm | 3 ++- guix/build/syscalls.scm | 16 ++++++++++------ 2 files changed, 12 insertions(+), 7 deletions(-) (limited to 'gnu/build') diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm index c004303f03..95220d0bc0 100644 --- a/gnu/build/linux-container.scm +++ b/gnu/build/linux-container.scm @@ -162,7 +162,8 @@ host user identifiers to map into the user namespace." (define (namespaces->bit-mask namespaces) "Return the number suitable for the 'flags' argument of 'clone' that corresponds to the symbols in NAMESPACES." - (apply logior SIGCHLD + ;; Use the same flags as fork(3) in addition to the namespace flags. + (apply logior SIGCHLD CLONE_CHILD_CLEARTID CLONE_CHILD_SETTID (map (match-lambda ('mnt CLONE_NEWNS) ('uts CLONE_NEWUTS) diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm index 093eb0a1a0..2c2fbde0a3 100644 --- a/guix/build/syscalls.scm +++ b/guix/build/syscalls.scm @@ -50,6 +50,8 @@ mkdtemp! pivot-root + CLONE_CHILD_CLEARTID + CLONE_CHILD_SETTID CLONE_NEWNS CLONE_NEWUTS CLONE_NEWIPC @@ -303,12 +305,14 @@ string TMPL and return its file name. TMPL must end with 'XXXXXX'." (pointer->string result))))) ;; Linux clone flags, from linux/sched.h -(define CLONE_NEWNS #x00020000) -(define CLONE_NEWUTS #x04000000) -(define CLONE_NEWIPC #x08000000) -(define CLONE_NEWUSER #x10000000) -(define CLONE_NEWPID #x20000000) -(define CLONE_NEWNET #x40000000) +(define CLONE_CHILD_CLEARTID #x00200000) +(define CLONE_CHILD_SETTID #x01000000) +(define CLONE_NEWNS #x00020000) +(define CLONE_NEWUTS #x04000000) +(define CLONE_NEWIPC #x08000000) +(define CLONE_NEWUSER #x10000000) +(define CLONE_NEWPID #x20000000) +(define CLONE_NEWNET #x40000000) ;; The libc interface to sys_clone is not useful for Scheme programs, so the ;; low-level system call is wrapped instead. -- cgit v1.2.3 From 0334ef2ab06952df5c6a7582781d16d807e09ea7 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 9 Sep 2015 23:01:51 +0200 Subject: linux-initrd: Compress cpio archives deterministically. * gnu/build/linux-initrd.scm (write-cpio-archive): Use '--no-name'. --- gnu/build/linux-initrd.scm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'gnu/build') diff --git a/gnu/build/linux-initrd.scm b/gnu/build/linux-initrd.scm index e26c067b49..c65b5aacfa 100644 --- a/gnu/build/linux-initrd.scm +++ b/gnu/build/linux-initrd.scm @@ -72,7 +72,9 @@ COMPRESS? is true, compress it using GZIP. On success, return OUTPUT." #:file->header cpio:file->cpio-header*))) (or (not compress?) - (and (zero? (system* gzip "--best" output)) + ;; Use '--no-name' so that gzip records neither a file name nor a time + ;; stamp in its output. + (and (zero? (system* gzip "--best" "--no-name" output)) (rename-file (string-append output ".gz") output)) output)) -- cgit v1.2.3