Commit graph

8 commits

Author SHA1 Message Date
Mark H Weaver
c5184468f5 build: container: Make 'unprivileged-user-namespace-supported?' more robust.
* gnu/build/linux-container.scm (unprivileged-user-namespace-supported?): Only
  read and check the first character, to cope with a possible newline in the
  (pseudo-)file.
2016-01-23 18:44:03 -05:00
David Thompson
b7d48312bb build: container: Add feature test predicates.
* gnu/build/linux-container.scm (user-namespace-supported?,
  unprivileged-user-namespace-supported?, setgroups-supported?): New
  procedures.
* tests/container.scm: Use predicates.
* tests/syscalls.scm: Likewise.
2015-11-03 11:41:04 -05:00
Ludovic Courtès
35b50a7535 container: Remove unnecessary CLONE_CHILD_* flags.
* gnu/build/linux-container.scm (namespaces->bit-mask): Remove
  CLONE_CHILD_CLEARTID and CLONE_CHILD_SETTID, which are unneeded.
  Discussed at <http://bugs.gnu.org/21694>.
2015-10-28 15:31:44 +01:00
David Thompson
a72ccbc251 build: container: Fix call-with-clean-exit.
Before, call-with-clean-exit would *always* return an exit code of 1.

* gnu/build/linux-container.scm (call-with-clean-exit): Exit with status
  code of 0 if thunk does not throw an exception.
* tests/containers.scm: Add test.
2015-10-10 09:00:49 -04:00
David Thompson
ee78d02452 build: container: Use the same clone flags as fork(3).
The intent is to make 'clone' behave a lot more like 'primitive-fork', which
calls clone(2) with SIGCHLD, CLONE_CHILD_CLEARTID, and CLONE_CHILD_SETTID
flags.  Notably, running 'clone' at the REPL without these flags would break
the REPL beyond repair.

* guix/build/syscalls.scm (CLONE_CHILD_CLEARTID, CLONE_CHILD_SETTID): New
  variables.
* gnu/build/linux-container.scm (namespaces->bit-mask): Add
  CLONE_CHILD_CLEARTID and CLONE_CHILD_SETTID to bit mask.
2015-09-07 13:09:58 -04:00
David Thompson
4949ada9da build: container: Setup /dev/console.
* gnu/build/linux-container.scm (mount-file-systems): Bind mount the
  controlling terminal as /dev/console.
2015-09-07 13:09:58 -04:00
David Thompson
831bc1468e build: container: Add #:host-uids argument to call-with-container.
It's not always possible to map 65536 uids when creating a container as the
root user within another user namespace.  This is true when building Guix
within the build daemon's container.  By using a uid range of 1 by default,
even as the root user, the tests now pass.

* gnu/build/linux-container.scm (initialize-user-namespace, run-container):
  Add 'host-uids' argument.
  (call-with-container): Add #:host-uids keyword argument.
* tests/containers.scm ("container-excursion"): Update 'run-container' call.
2015-08-08 14:04:13 -04:00
David Thompson
c1f6a0c2ed gnu: build: Add Linux container module.
* gnu/build/linux-container.scm: New file.
* gnu-system.am (GNU_SYSTEM_MODULES): Add it.
* .dir-locals.el: Add Scheme indent rules for 'call-with-container', and
  'container-excursion'.
* tests/containers.scm: New file.
* Makefile.am (SCM_TESTS): Add it.
2015-07-09 08:23:03 -04:00