From: Mike Gerwitz <mtg@gnu.org>
To: 30256@debbugs.gnu.org
Subject: [bug#30256] [PATCH 3/3] scripts: environment: Add --no-cwd.
Date: Thu, 25 Jan 2018 22:29:45 -0500 [thread overview]
Message-ID: <7bc71eaa3cff48ec7dc0d4fe406dde9482b716a9.1516937216.git.mtg@gnu.org> (raw)
In-Reply-To: <cover.1516937216.git.mtg@gnu.org>
[-- Attachment #1: Type: text/plain, Size: 7358 bytes --]
* doc/guix.texi (Invoking guix environment): Add --no-cwd.
* guix/scripts/environment.scm (show-help, %options): Add --no-cwd.
(launch-environment/container): Add 'map-cwd?' param; only add mapping for cwd
if #t. Only change to cwd within container if #t, otherwise home.
(guix-environment): Error if --no-cwd without --container. Provide '(not
no-cwd?)' to launch-environment/container as 'map-cwd?'.
* tests/guix-environment.sh: Add test for no-cwd.
---
doc/guix.texi | 8 ++++++++
guix/scripts/environment.scm | 33 ++++++++++++++++++++++++---------
tests/guix-environment.sh | 8 ++++++++
3 files changed, 40 insertions(+), 9 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 8218c6637..ce4545038 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -7209,6 +7209,14 @@ While this will limit the leaking of user identity through home paths
and each of the user fields, this is only one useful component of a
broader privacy/anonymity solution---not one in and of itself.
+@item --no-cwd
+For containers, the default behavior is to share the current working
+directory with the isolated container and immediately change to that
+directory within the container. If this is undesirable, @code{--no-cwd}
+will cause the current working directory to @emph{not} be automatically
+shared and will change to the user's home directory within the container
+instead. See also @code{--user}.
+
@item --expose=@var{source}[=@var{target}]
For containers, expose the file system @var{source} from the host system
as the read-only file system @var{target} within the container. If
diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm
index f50018faf..6be263a64 100644
--- a/guix/scripts/environment.scm
+++ b/guix/scripts/environment.scm
@@ -165,6 +165,9 @@ COMMAND or an interactive shell in that environment.\n"))
-u, --user=USER instead of copying the name and home of the current
user into an isolated container, use the name USER
with home directory /home/USER"))
+ (display (G_ "
+ --no-cwd do not share current working directory with an
+ isolated container"))
(display (G_ "
--share=SPEC for containers, share writable host file system
according to SPEC"))
@@ -251,6 +254,9 @@ COMMAND or an interactive shell in that environment.\n"))
(lambda (opt name arg result)
(alist-cons 'user arg
(alist-delete 'user result eq?))))
+ (option '("no-cwd") #f #f
+ (lambda (opt name arg result)
+ (alist-cons 'no-cwd? #t result)))
(option '("share") #t #f
(lambda (opt name arg result)
(alist-cons 'file-system-mapping
@@ -399,7 +405,8 @@ environment variables are cleared before setting the new ones."
((_ . status) status)))))
(define* (launch-environment/container #:key command bash user user-mappings
- profile paths link-profile? network?)
+ profile paths link-profile? network?
+ map-cwd?)
"Run COMMAND within a container that features the software in PROFILE.
Environment variables are set according to PATHS, a list of native search
paths. The global shell is BASH, a file name for a GNU Bash binary in the
@@ -425,11 +432,13 @@ will be used for the passwd entry. LINK-PROFILE? creates a symbolic link from
(override-user-mappings
user home
(append user-mappings
- ;; Current working directory.
- (list (file-system-mapping
- (source cwd)
- (target cwd)
- (writable? #t)))
+ ;; Share current working directory, unless asked not to.
+ (if map-cwd?
+ (list (file-system-mapping
+ (source cwd)
+ (target cwd)
+ (writable? #t)))
+ '())
;; When in Rome, do as Nix build.cc does: Automagically
;; map common network configuration files.
(if network?
@@ -488,8 +497,10 @@ will be used for the passwd entry. LINK-PROFILE? creates a symbolic link from
(newline port)))
;; For convenience, start in the user's current working
- ;; directory rather than the root directory.
- (chdir (override-user-dir user home cwd))
+ ;; directory or, if unmapped, the home directory.
+ (chdir (if map-cwd?
+ (override-user-dir user home cwd)
+ home-dir))
(primitive-exit/status
;; A container's environment is already purified, so no need to
@@ -640,6 +651,7 @@ message if any test fails."
(container? (assoc-ref opts 'container?))
(link-prof? (assoc-ref opts 'link-profile?))
(network? (assoc-ref opts 'network?))
+ (no-cwd? (assoc-ref opts 'no-cwd?))
(user (assoc-ref opts 'user))
(bootstrap? (assoc-ref opts 'bootstrap?))
(system (assoc-ref opts 'system))
@@ -677,6 +689,8 @@ message if any test fails."
(leave (G_ "--link-prof cannot be used without --container~%")))
(when (and (not container?) user)
(leave (G_ "--user cannot be used without --container~%")))
+ (when (and (not container?) no-cwd?)
+ (leave (G_ "--no-cwd cannot be used without --container~%")))
(with-store store
(set-build-options-from-command-line store opts)
@@ -729,7 +743,8 @@ message if any test fails."
#:profile profile
#:paths paths
#:link-profile? link-prof?
- #:network? network?)))
+ #:network? network?
+ #:map-cwd? (not no-cwd?))))
(else
(return
(exit/status
diff --git a/tests/guix-environment.sh b/tests/guix-environment.sh
index a1ce96579..abb019794 100644
--- a/tests/guix-environment.sh
+++ b/tests/guix-environment.sh
@@ -84,6 +84,14 @@ HOME="$tmpdir" guix environment --bootstrap --container --user=foognu \
--share="$tmpdir/umock" \
-- guile -c "$usertest"
+# if not sharing CWD, chdir home
+(
+ cd "$tmpdir" \
+ && guix environment --bootstrap --container --no-cwd --user=foo \
+ --ad-hoc guile-bootstrap --pure \
+ -- /bin/sh -c 'test $(pwd) == "/home/foo" -a ! -d '"$tmpdir"
+)
+
# Make sure '-r' works as expected.
rm -f "$gcroot"
expected="`guix environment --bootstrap --ad-hoc guile-bootstrap \
--
2.15.1
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 818 bytes --]
next prev parent reply other threads:[~2018-01-26 3:31 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87vag2wopo.fsf@gnu.org>
2018-01-26 3:29 ` [bug#30254] [PATCH 0/3] guix environment --user, --link-profile, --no-cwd Mike Gerwitz
2018-01-26 3:29 ` [bug#30255] [PATCH 1/3] scripts: environment: Add --link-profile Mike Gerwitz
2018-03-02 10:20 ` bug#30255: " Ludovic Courtès
2018-01-26 3:29 ` [bug#30257] [PATCH 2/3] scripts: environment: Add --user Mike Gerwitz
2018-03-02 10:33 ` Ludovic Courtès
2018-01-26 3:29 ` Mike Gerwitz [this message]
2018-03-02 10:54 ` [bug#30256] [PATCH 3/3] scripts: environment: Add --no-cwd Ludovic Courtès
2018-03-02 18:00 ` Mike Gerwitz
2018-03-03 14:44 ` Ludovic Courtès
2018-03-04 18:03 ` Mike Gerwitz
2018-03-04 22:24 ` Ludovic Courtès
2018-03-05 18:03 ` Mike Gerwitz
2018-03-06 10:20 ` Ludovic Courtès
2018-03-06 18:07 ` Mike Gerwitz
2018-10-17 12:19 ` [bug#30254] " Ludovic Courtès
2018-11-08 1:56 ` Mike Gerwitz
2019-06-29 23:27 ` Carl Dong
2019-07-07 13:18 ` [bug#30254] " Ludovic Courtès
2019-07-07 14:24 ` Carl Dong
2019-07-08 9:41 ` Ludovic Courtès
2021-07-14 13:18 ` [bug#30256] bug#30254: [PATCH 0/3] guix environment --user, --link-profile, --no-cwd Maxim Cournoyer
2019-07-07 13:45 ` [bug#30256] [PATCH 3/3] scripts: environment: Add --no-cwd Mike Gerwitz
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=7bc71eaa3cff48ec7dc0d4fe406dde9482b716a9.1516937216.git.mtg@gnu.org \
--to=mtg@gnu.org \
--cc=30256@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).