[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#54997] [PATCH v2 03/15] linux-container: 'call-with-container' rela
From: |
Ludovic Courtès |
Subject: |
[bug#54997] [PATCH v2 03/15] linux-container: 'call-with-container' relays SIGTERM and SIGINT. |
Date: |
Wed, 27 Apr 2022 18:56:23 +0200 |
* gnu/build/linux-container.scm (call-with-container): Add #:relayed-signals.
[install-signal-handlers]: New procedure.
Call it.
---
gnu/build/linux-container.scm | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index bdeca2cdb9..03c01439ce 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -303,6 +303,7 @@ (define (call-with-temporary-directory proc)
(define* (call-with-container mounts thunk #:key (namespaces %namespaces)
(host-uids 1) (guest-uid 0) (guest-gid 0)
+ (relayed-signals (list SIGINT SIGTERM))
(process-spawned-hook (const #t)))
"Run THUNK in a new container process and return its exit status; call
PROCESS-SPAWNED-HOOK with the PID of the new process that has been spawned.
@@ -320,20 +321,27 @@ (define* (call-with-container mounts thunk #:key
(namespaces %namespaces)
GUEST-UID and GUEST-GID specify the first UID (respectively GID) that host
UIDs (respectively GIDs) map to in the namespace.
+RELAYED-SIGNALS is the list of signals that are \"relayed\" to the container
+process when caught by its parent.
+
Note that if THUNK needs to load any additional Guile modules, the relevant
module files must be present in one of the mappings in MOUNTS and the Guile
load path must be adjusted as needed."
+ (define (install-signal-handlers pid)
+ ;; Install handlers that forward signals to PID.
+ (define (relay-signal signal)
+ (false-if-exception (kill pid signal)))
+
+ (for-each (lambda (signal)
+ (sigaction signal relay-signal))
+ relayed-signals))
+
(call-with-temporary-directory
(lambda (root)
(let ((pid (run-container root mounts namespaces host-uids thunk
#:guest-uid guest-uid
#:guest-gid guest-gid)))
- ;; Catch SIGINT and kill the container process.
- (sigaction SIGINT
- (lambda (signum)
- (false-if-exception
- (kill pid SIGKILL))))
-
+ (install-signal-handlers pid)
(process-spawned-hook pid)
(match (waitpid pid)
((_ . status) status))))))
--
2.35.1
- [bug#54997] [PATCH 04/12] Add (guix least-authority)., (continued)
- [bug#54997] [PATCH 04/12] Add (guix least-authority)., Maxime Devos, 2022/04/18
- [bug#54997] [PATCH 00/12] Add "least authority" program wrapper, Ludovic Courtès, 2022/04/19
- [bug#54997] [PATCH 04/12] Add (guix least-authority)., Thiago Jung Bauermann, 2022/04/22
- [bug#54997] [PATCH 00/12] Add "least authority" program wrapper, Ludovic Courtès, 2022/04/26
- [bug#54997] [PATCH 00/12] Add "least authority" program wrapper, Ludovic Courtès, 2022/04/26
- [bug#54997] [PATCH v2 00/15] Add "least authority" program wrapper, Ludovic Courtès, 2022/04/27
- [bug#54997] [PATCH v2 01/15] gexp: Add 'references-file'., Ludovic Courtès, 2022/04/27
- [bug#54997] [PATCH v2 05/15] linux-container: Add #:child-is-pid1? parameter to 'call-with-container'., Ludovic Courtès, 2022/04/27
- [bug#54997] [PATCH v2 03/15] linux-container: 'call-with-container' relays SIGTERM and SIGINT.,
Ludovic Courtès <=
- [bug#54997] [PATCH v2 04/15] linux-container: Ensure signal-handling asyncs get a chance to run., Ludovic Courtès, 2022/04/27
- [bug#54997] [PATCH v2 02/15] file-systems: Avoid load-time warnings when attempting to load (guix store)., Ludovic Courtès, 2022/04/27
- [bug#54997] [PATCH v2 12/15] services: wesnothd: Grant write access to /var/run/wesnothd., Ludovic Courtès, 2022/04/27
- [bug#54997] [PATCH v2 08/15] services: dicod: Use 'make-inetd-constructor'., Ludovic Courtès, 2022/04/27
- [bug#54997] [PATCH v2 06/15] Add (guix least-authority)., Ludovic Courtès, 2022/04/27
- [bug#54997] [PATCH v2 07/15] services: dicod: Rewrite using 'least-authority-wrapper'., Ludovic Courtès, 2022/04/27
- [bug#54997] [PATCH v2 13/15] services: wesnothd: Use 'least-authority-wrapper'., Ludovic Courtès, 2022/04/27
- [bug#54997] [PATCH v2 10/15] services: ipfs: Adjust for Shepherd 0.9., Ludovic Courtès, 2022/04/27
- [bug#54997] [PATCH v2 09/15] services: bitlbee: Use 'make-inetd-constructor'., Ludovic Courtès, 2022/04/27
- [bug#54997] [PATCH v2 11/15] services: ipfs: Use 'least-authority-wrapper'., Ludovic Courtès, 2022/04/27