[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
03/14: linux-container: 'call-with-container' relays SIGTERM and SIGINT.
|
From: |
guix-commits |
|
Subject: |
03/14: linux-container: 'call-with-container' relays SIGTERM and SIGINT. |
|
Date: |
Sun, 1 May 2022 16:15:32 -0400 (EDT) |
civodul pushed a commit to branch master
in repository guix.
commit a76fa226c8761dd349aaacca7ba041429bce4e73
Author: Ludovic Courtès <ludo@gnu.org>
AuthorDate: Sat Apr 16 19:26:11 2022 +0200
linux-container: 'call-with-container' relays SIGTERM and SIGINT.
* gnu/build/linux-container.scm (call-with-container): Add
#:relayed-signals.
[install-signal-handlers]: New procedure.
Call it.
---
gnu/build/linux-container.scm | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index bdeca2cdb9..03c01439ce 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -303,6 +303,7 @@ delete it when leaving the dynamic extent of this call."
(define* (call-with-container mounts thunk #:key (namespaces %namespaces)
(host-uids 1) (guest-uid 0) (guest-gid 0)
+ (relayed-signals (list SIGINT SIGTERM))
(process-spawned-hook (const #t)))
"Run THUNK in a new container process and return its exit status; call
PROCESS-SPAWNED-HOOK with the PID of the new process that has been spawned.
@@ -320,20 +321,27 @@ can map more than a single uid/gid.
GUEST-UID and GUEST-GID specify the first UID (respectively GID) that host
UIDs (respectively GIDs) map to in the namespace.
+RELAYED-SIGNALS is the list of signals that are \"relayed\" to the container
+process when caught by its parent.
+
Note that if THUNK needs to load any additional Guile modules, the relevant
module files must be present in one of the mappings in MOUNTS and the Guile
load path must be adjusted as needed."
+ (define (install-signal-handlers pid)
+ ;; Install handlers that forward signals to PID.
+ (define (relay-signal signal)
+ (false-if-exception (kill pid signal)))
+
+ (for-each (lambda (signal)
+ (sigaction signal relay-signal))
+ relayed-signals))
+
(call-with-temporary-directory
(lambda (root)
(let ((pid (run-container root mounts namespaces host-uids thunk
#:guest-uid guest-uid
#:guest-gid guest-gid)))
- ;; Catch SIGINT and kill the container process.
- (sigaction SIGINT
- (lambda (signum)
- (false-if-exception
- (kill pid SIGKILL))))
-
+ (install-signal-handlers pid)
(process-spawned-hook pid)
(match (waitpid pid)
((_ . status) status))))))
- branch master updated (6b4124cdcc -> fee06d5aaa), guix-commits, 2022/05/01
- 03/14: linux-container: 'call-with-container' relays SIGTERM and SIGINT.,
guix-commits <=
- 11/14: services: wesnothd: Grant write access to /var/run/wesnothd., guix-commits, 2022/05/01
- 02/14: file-systems: Avoid load-time warnings when attempting to load (guix store)., guix-commits, 2022/05/01
- 06/14: Add (guix least-authority)., guix-commits, 2022/05/01
- 09/14: services: bitlbee: Use 'make-inetd-constructor'., guix-commits, 2022/05/01
- 04/14: linux-container: Ensure signal-handling asyncs get a chance to run., guix-commits, 2022/05/01
- 10/14: services: ipfs: Use 'least-authority-wrapper'., guix-commits, 2022/05/01
- 12/14: services: wesnothd: Use 'least-authority-wrapper'., guix-commits, 2022/05/01
- 01/14: gexp: Add 'references-file'., guix-commits, 2022/05/01
- 14/14: services: opendht: Use 'least-authority-wrapper'., guix-commits, 2022/05/01
- 13/14: services: quassel: Use 'least-authority-wrapper'., guix-commits, 2022/05/01