From 8ce6f4dc2879919c12bc76a2f4b01200af97e019 Mon Sep 17 00:00:00 2001 From: Mathieu Othacehe Date: Thu, 13 Aug 2020 14:16:12 +0200 Subject: installer: Run the installation inside a container. When the store overlay is mounted, other processes such as kmscon, udev and guix-daemon may open files from the store, preventing the underlying install support from being umounted. See: https://lists.gnu.org/archive/html/guix-devel/2018-12/msg00161.html. To avoid this situation, mount the store overlay inside a container, and run the installation from within that container. * gnu/build/shepherd.scm (fork+exec-command/container): New procedure. * gnu/services/base.scm (guix-shepherd-service): Support an optional PID argument passed to the "start" method. If that argument is passed, ensure that guix-daemon enters the given PID MNT namespace by using fork+exec-command/container procedure. * gnu/installer/final.scm (umount-cow-store): Remove it, (install-system): run the installation from within a container. * gnu/installer/newt/final.scm (run-install-shell): Remove the display hack. --- gnu/build/shepherd.scm | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) (limited to 'gnu/build') diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm index fd93e7f3f4..65141bd60f 100644 --- a/gnu/build/shepherd.scm +++ b/gnu/build/shepherd.scm @@ -20,10 +20,12 @@ #:use-module (gnu system file-systems) #:use-module (gnu build linux-container) #:use-module (guix build utils) + #:use-module (guix utils) #:use-module (srfi srfi-1) #:use-module (srfi srfi-26) #:use-module (ice-9 match) - #:export (make-forkexec-constructor/container)) + #:export (make-forkexec-constructor/container + fork+exec-command/container)) ;;; Commentary: ;;; @@ -93,7 +95,8 @@ ;; XXX: Lazy-bind the Shepherd to avoid a compile-time dependency. (module-autoload! (current-module) '(shepherd service) - '(read-pid-file exec-command %precious-signals)) + '(fork+exec-command read-pid-file exec-command + %precious-signals)) (module-autoload! (current-module) '(shepherd system) '(unblock-signals)) @@ -188,6 +191,17 @@ namespace, in addition to essential bind-mounts such /proc." (read-pid-file pid-file #:max-delay pid-file-timeout)) pid)))) +(define* (fork+exec-command/container command + #:key pid + #:allow-other-keys + #:rest args) + "This is a variant of 'fork+exec-command' procedure, that joins the +namespaces of process PID beforehand." + (container-excursion* pid + (lambda () + (apply fork+exec-command command + (strip-keyword-arguments '(#:pid) args))))) + ;; Local Variables: ;; eval: (put 'container-excursion* 'scheme-indent-function 1) ;; End: -- cgit v1.2.3