From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: Containers on Guix
Date: Fri, 21 Nov 2014 10:16:48 +0100
Message-ID: <87bno0ap6n.fsf@gnu.org>
References: <87lhn6eh12.fsf@izanagi.i-did-not-set--mail-host-address--so-tickle-me>
	<87d28irocj.fsf@gmail.com> <87tx1tvbqw.fsf@gnu.org>
	<87mw7lb3dl.fsf@izanagi.i-did-not-set--mail-host-address--so-tickle-me>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:42439)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1XrkKn-0002ks-Jz
	for guix-devel@gnu.org; Fri, 21 Nov 2014 04:17:02 -0500
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1XrkKi-0000Va-R5
	for guix-devel@gnu.org; Fri, 21 Nov 2014 04:16:57 -0500
Received: from hera.aquilenet.fr ([2a01:474::1]:35093)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
	id 1XrkKi-0000VU-KN
	for guix-devel@gnu.org; Fri, 21 Nov 2014 04:16:52 -0500
In-Reply-To: <87mw7lb3dl.fsf@izanagi.i-did-not-set--mail-host-address--so-tickle-me>
	(David Thompson's message of "Thu, 20 Nov 2014 23:10:14 -0500")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: David Thompson <dthompson2@worcester.edu>
Cc: guix-devel@gnu.org, =?utf-8?B?5a6L5paH5q2m?= <iyzsong@gmail.com>

David Thompson <dthompson2@worcester.edu> skribis:

> Ludovic Court=C3=A8s <ludo@gnu.org> writes:
>
>>> A container is programs or full os running in an isolated environment.
>>> For a full container with rootfs, we can:
>>>   build the rootfs:
>>>     of Guix:    by using a form of `guix system init'
>>
>> I think it=E2=80=99s enough and cheaper to build the system (as per =E2=
=80=98guix system
>> build=E2=80=99) and to bind-mount its closure in the container=E2=80=99s=
 file system.
>
> I'm having trouble with this approach.  pflask tries to create a /proc
> directory but can't because that would be writing to the store.

Hmm, the store should be under /container/gnu/store, not /container, no?

> Do I need to bind-mount each sub-directory within the
> /gnu/store/...-system directory so that the root of the container
> directory is still writable?

Let=E2=80=99s say /container is the root of the container.  It must be a
regular, writable directory.

As a first step it=E2=80=99s OK to bind-mount all of /gnu/store to
/container/gnu/store.

What guix-daemon does is to bind-mount precisely each element of the
store that is needed, so there=E2=80=99s no =E2=80=9Cleak=E2=80=9D.

HTH!

Ludo=E2=80=99.