[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
05/10: fixup linux container module.
From: |
David Thompson |
Subject: |
05/10: fixup linux container module. |
Date: |
Mon, 08 Jun 2015 14:04:27 +0000 |
davexunit pushed a commit to branch wip-container
in repository guix.
commit 257c39f2e03af7cf765d1bc6e5a2a054e8ee0d3f
Author: David Thompson <address@hidden>
Date: Mon Jun 8 08:44:09 2015 -0400
fixup linux container module.
---
gnu/build/linux-container.scm | 55 +++++++++++++++++-----------------------
1 files changed, 23 insertions(+), 32 deletions(-)
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index 0305e95..25b0139 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -34,12 +34,6 @@ disassociated from the current process."
"Evaluate BODY in a new process with the specified new NAMESPACES."
(call-with-clone namespaces (lambda () body ...)))
-;; TODO: Deduplicate
-(define (device-number major minor)
- "Return the device number for the device with MAJOR and MINOR, for use as
-the last argument of `mknod'."
- (+ (* major 256) minor))
-
(define* (mount* source target type #:optional (flags 0) options
#:key (update-mtab? #f))
"Like 'mount', but create the TARGET directory if it doesn't exist."
@@ -100,41 +94,38 @@ be bind mounted within the container."
(logior MS_NOEXEC MS_NOSUID)
"newinstance,ptmxmode=0666,mode=620")
- ;; Create essential device nodes.
- (for-each (match-lambda
- (((= in-container file) major minor)
- (mknod file 'char-special #o666
- (device-number major minor))
- (chmod file #o666)))
- '(("/dev/null" 1 3)
- ("/dev/zero" 1 5)
- ("/dev/full" 1 7)
- ("/dev/random" 1 8)
- ("/dev/urandom" 1 9)))
-
- (mknod (in-container "/dev/tty") 'char-special #o666
- (device-number 5 0))
- (chmod (in-container "/dev/tty") #o666)
+ ;; Create essential device nodes via bind mounting them from the host,
+ ;; because a container within a user namespace cannot create device
+ ;; nodes.
+ (for-each (lambda (device)
+ (call-with-output-file (scope device)
+ (const #t))
+ (mount device (scope device)
+ "none" MS_BIND))
+ '("/dev/null"
+ "/dev/zero"
+ "/dev/full"
+ "/dev/random"
+ "/dev/urandom"
+ "/dev/tty"
+ ;; TODO: "/dev/fuse"
+ ))
;; For psuedo-ttys within the container. Needs to be a symlink to the
;; host's /dev/ptmx.
- (symlink "/dev/ptmx" (in-container "/dev/ptmx"))
-
- ;; FUSE
- (mknod (in-container "/dev/fuse") 'char-special #o666
- (device-number 10 229))
- (chmod (in-container "/dev/fuse") #o666)
+ (symlink "/dev/ptmx" (scope "/dev/ptmx"))
;; Setup IO.
- (symlink "/proc/1/fd" (in-container "/dev/fd"))
- (symlink "/proc/1/fd/0" (in-container "/dev/stdin"))
- (symlink "/proc/1/fd/1" (in-container "/dev/stdout"))
- (symlink "/proc/1/fd/2" (in-container "/dev/stderr"))
+ (symlink "/proc/self/fd" (scope "/dev/fd"))
+ (symlink "/proc/self/fd/0" (scope "/dev/stdin"))
+ (symlink "/proc/self/fd/1" (scope "/dev/stdout"))
+ (symlink "/proc/self/fd/2" (scope "/dev/stderr"))
;; Bind-mount shared directories.
+ ;; TODO: Use <file-system-mapping>
(for-each (match-lambda
((host-dir container-dir)
- (mount* host-dir (in-container container-dir)
+ (mount* host-dir (scope container-dir)
"none" MS_BIND)))
shared-dirs)
- branch wip-container created (now 3e19b4d), David Thompson, 2015/06/08
- 01/10: build: syscalls: Add clone syscall wrapper., David Thompson, 2015/06/08
- 02/10: build: syscalls: Add additional mount flags., David Thompson, 2015/06/08
- 05/10: fixup linux container module.,
David Thompson <=
- 06/10: fixup linux container module., David Thompson, 2015/06/08
- 03/10: gnu: Add Linux container module., David Thompson, 2015/06/08
- 07/10: gnu: Add Linux container system script., David Thompson, 2015/06/08
- 04/10: build: Add setns syscall wrapper., David Thompson, 2015/06/08
- 09/10: gnu: system: Add operating-system-derivation/container., David Thompson, 2015/06/08
- 08/10: gnu: system: Do not activate firmware when activating a container., David Thompson, 2015/06/08
- 10/10: scripts: system: Add 'container' subcommand., David Thompson, 2015/06/08