From mboxrd@z Thu Jan 1 00:00:00 1970 From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=) Subject: Re: [PATCH 08/15] gnu: build: Add Linux container module. Date: Tue, 07 Jul 2015 15:51:01 +0200 Message-ID: <87r3okhy9m.fsf@gnu.org> References: <1436188604-2813-1-git-send-email-dthompson2@worcester.edu> <1436188604-2813-8-git-send-email-dthompson2@worcester.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:40049) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZCTQ1-0000Jh-Ew for guix-devel@gnu.org; Tue, 07 Jul 2015 10:00:18 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZCTPx-0004wh-1i for guix-devel@gnu.org; Tue, 07 Jul 2015 10:00:17 -0400 In-Reply-To: <1436188604-2813-8-git-send-email-dthompson2@worcester.edu> (David Thompson's message of "Mon, 6 Jul 2015 09:16:37 -0400") List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: David Thompson Cc: guix-devel@gnu.org, David Thompson David Thompson skribis: > * gnu/build/linux-container.scm: New file. > * gnu-system.am (GNU_SYSTEM_MODULES): Add it. > * .dir-locals.el: Add Scheme indent rules for 'call-with-clone', 'with-cl= one', > 'call-with-container', and 'container-excursion'. > * tests/containers.scm: New file. > * Makefile.am (SCM_TESTS): Add it. [...] > +(define (mount-flags->bit-mask flags) > + "Return the number suitable for the 'flags' argument of 'mount' that > +corresponds to the symbols listed in FLAGS." > + (let loop ((flags flags)) > + (match flags > + (('read-only rest ...) > + (logior MS_RDONLY (loop rest))) > + (('bind-mount rest ...) > + (logior MS_BIND (loop rest))) > + (('no-suid rest ...) > + (logior MS_NOSUID (loop rest))) > + (('no-dev rest ...) > + (logior MS_NODEV (loop rest))) > + (('no-exec rest ...) > + (logior MS_NOEXEC (loop rest))) > + (() > + 0)))) > + > +(define* (mount-file-system spec root) > + "Mount the file system described by SPEC under ROOT. SPEC must have t= he > +form: > + > + (DEVICE TITLE MOUNT-POINT TYPE (FLAGS ...) OPTIONS CHECK?) Could we share these two procedures with (gnu build file-systems)? I suspect the problem you encountered is that (gnu build file-systems) doesn=E2=80=99t use (guix build syscalls), and instead expects the statically-linked Guile with the guile-syscalls.patch. To work around that, I think we should shamelessly add something like this in (gnu build file-system): (unless (defined? 'mount) (module-use! (current-module) (resolve-interface '(guix build syscalls)))) WDYT? > +(define (namespaces->bit-mask namespaces) > + "Return the number suitable for the 'flags' argument of 'clone' that > +corresponds to the symbols in NAMESPACES." I would be in favor of =E2=80=9Cname spaces=E2=80=9D (two words), but maybe= that=E2=80=99s because I=E2=80=99m an old fart, so I won=E2=80=99t insist. > +(test-assert "call-with-container, pid namespace" > + (zero? > + (call-with-container '() > + (lambda () > + (match (primitive-fork) > + (0 > + ;; The first forked process in the new pid namespace is pid 2. > + (assert-exit (=3D 2 (getpid)))) But its parent doesn=E2=80=99t sees itself as PID 1? Thanks, Ludo=E2=80=99.