[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#70933] [PATCH] system: Do not add "--disable-chroot" to containers.
|
From: |
Andreas Enge |
|
Subject: |
[bug#70933] [PATCH] system: Do not add "--disable-chroot" to containers. |
|
Date: |
Tue, 14 May 2024 13:50:34 +0200 |
The rationale for these lines is that they enable non-privileged docker
containers. But I would like to create a privileged container with
chroot (in an openshift environment, where I suppose this environment
does additional encapsulation to enforce security), which these lines
prevent.
Users can still add the option. Alternatively, we could add an additional
field "chroot? (default: #t)" to guix-configuration.
Andreas
* gnu/system/linux-container.scm (containerized-operating-system): Do not
add "--disable-chroot".
Change-Id: I1eff9aa0d02d6e53bd4e42f3aeb07d0ab42616a8
---
gnu/system/linux-container.scm | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm
index c780b68fba..2fc54a8121 100644
--- a/gnu/system/linux-container.scm
+++ b/gnu/system/linux-container.scm
@@ -159,17 +159,6 @@ (define* (containerized-operating-system os mappings
(nscd-configuration
(inherit (service-value s))
(caches
%nscd-container-caches))))
- ((eq? guix-service-type (service-kind s))
- ;; Pass '--disable-chroot' so that
- ;; guix-daemon can build thing even in
- ;; Docker without '--privileged'.
- (service guix-service-type
- (guix-configuration
- (inherit (service-value s))
- (extra-options
- (cons "--disable-chroot"
-
(guix-configuration-extra-options
- (service-value s)))))))
(else s)))
(operating-system-user-services os))))
(file-systems (append (map mapping->fs
base-commit: a682ddd70846d488cfbd82d65e8566ec6739813c
--
2.41.0
- [bug#70933] [PATCH] system: Do not add "--disable-chroot" to containers.,
Andreas Enge <=