From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:470:142:3::10]:33351) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hn1va-0008UB-3h for guix-patches@gnu.org; Mon, 15 Jul 2019 10:26:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hn1vX-0003V9-RE for guix-patches@gnu.org; Mon, 15 Jul 2019 10:26:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39845) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hn1vX-0003V0-Nw for guix-patches@gnu.org; Mon, 15 Jul 2019 10:26:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hn1vW-0000VC-IN for guix-patches@gnu.org; Mon, 15 Jul 2019 10:26:02 -0400 Subject: [bug#36668] [PATCH 1/1] linux-container: Add 'eval/container'. References: <20190715142126.14612-1-ludo@gnu.org> In-Reply-To: <20190715142126.14612-1-ludo@gnu.org> Resent-Message-ID: From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Mon, 15 Jul 2019 16:25:36 +0200 Message-Id: <20190715142536.14793-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 36668@debbugs.gnu.org * gnu/system/linux-container.scm (eval/container): New procedure. * tests/containers.scm ("eval/container, exit status") ("eval/container, writable user mapping"): New tests. --- gnu/system/linux-container.scm | 49 ++++++++++++++++++++++++++++++++- tests/containers.scm | 50 ++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+), 1 deletion(-) diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm index 61248c62b9..6273cee3d3 100644 --- a/gnu/system/linux-container.scm +++ b/gnu/system/linux-container.scm @@ -35,7 +35,8 @@ #:use-module (gnu system file-systems) #:export (system-container containerized-operating-system - container-script)) + container-script + eval/container)) (define* (container-essential-services os #:key shared-network?) "Return a list of essential services corresponding to OS, a @@ -205,3 +206,49 @@ that will be shared with the host system." %namespaces))))) (gexp->script "run-container" script))) + +(define* (eval/container exp + #:key + (mappings '()) + (namespaces %namespaces)) + "Evaluate EXP, a gexp, in a new process executing in separate namespaces as +listed in NAMESPACES. Add MAPPINGS, a list of , to the +set of directories visible in the process's mount namespace. Return the +process' exit status as a monadic value. + +This is useful to implement processes that, unlike derivations, are not +entirely pure and need to access the outside world or to perform side +effects." + (mlet %store-monad ((lowered (lower-gexp exp))) + (define inputs + (cons (lowered-gexp-guile lowered) + (lowered-gexp-inputs lowered))) + + (define items + (append (append-map derivation-input-output-paths inputs) + (lowered-gexp-sources lowered))) + + (mbegin %store-monad + (built-derivations inputs) + (mlet %store-monad ((closure ((store-lift requisites) items))) + (return (call-with-container (map file-system-mapping->bind-mount + (append (map (lambda (item) + (file-system-mapping + (source item) + (target source))) + closure) + mappings)) + (lambda () + (apply execl + (string-append (derivation-input-output-path + (lowered-gexp-guile lowered)) + "/bin/guile") + "guile" + (append (map (lambda (directory) `("-L" ,directory)) + (lowered-gexp-load-path lowered)) + (map (lambda (directory) `("-C" ,directory)) + (lowered-gexp-load-compiled-path + lowered)) + (list "-c" + (object->string + (lowered-gexp-sexp lowered)))))))))))) diff --git a/tests/containers.scm b/tests/containers.scm index 37408f380d..c6c738f234 100644 --- a/tests/containers.scm +++ b/tests/containers.scm @@ -21,7 +21,15 @@ #:use-module (guix utils) #:use-module (guix build syscalls) #:use-module (gnu build linux-container) + #:use-module ((gnu system linux-container) + #:select (eval/container)) #:use-module (gnu system file-systems) + #:use-module (guix store) + #:use-module (guix monads) + #:use-module (guix gexp) + #:use-module (guix derivations) + #:use-module (guix tests) + #:use-module (srfi srfi-1) #:use-module (srfi srfi-64) #:use-module (ice-9 match)) @@ -219,4 +227,46 @@ (lambda () (* 6 7)))) +(skip-if-unsupported) +(test-equal "eval/container, exit status" + 42 + (let* ((store (open-connection-for-tests)) + (status (run-with-store store + (eval/container #~(exit 42))))) + (close-connection store) + (status:exit-val status))) + +(skip-if-unsupported) +(test-assert "eval/container, writable user mapping" + (call-with-temporary-directory + (lambda (directory) + (define store + (open-connection-for-tests)) + (define result + (string-append directory "/r")) + (define requisites* + (store-lift requisites)) + + (call-with-output-file result (const #t)) + (run-with-store store + (mlet %store-monad ((status (eval/container + #~(begin + (use-modules (ice-9 ftw)) + (call-with-output-file "/result" + (lambda (port) + (write (scandir #$(%store-prefix)) + port)))) + #:mappings + (list (file-system-mapping + (source result) + (target "/result") + (writable? #t))))) + (reqs (requisites* + (list (derivation->output-path + (%guile-for-build)))))) + (close-connection store) + (return (and (zero? (pk 'status status)) + (lset= string=? (cons* "." ".." (map basename reqs)) + (pk (call-with-input-file result read)))))))))) + (test-end) -- 2.22.0