From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp10.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id cJN6BLlTU2LYPAEAgWs5BA (envelope-from ) for ; Mon, 11 Apr 2022 00:01:29 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp10.migadu.com with LMTPS id qHK2OLhTU2I2TwAAG6o9tA (envelope-from ) for ; Mon, 11 Apr 2022 00:01:28 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id DA68EFE6B for ; Mon, 11 Apr 2022 00:01:27 +0200 (CEST) Received: from localhost ([::1]:41028 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ndfcc-0004BF-8P for larch@yhetil.org; Sun, 10 Apr 2022 18:01:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54554) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndfcE-0004B0-6h for guix-patches@gnu.org; Sun, 10 Apr 2022 18:01:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:47873) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ndfcD-0006hO-Tm for guix-patches@gnu.org; Sun, 10 Apr 2022 18:01:01 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ndfcD-0004Fm-O6 for guix-patches@gnu.org; Sun, 10 Apr 2022 18:01:01 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54845] [PATCH] shepherd: Add #:supplementary-groups. Resent-From: Leo =?UTF-8?Q?Nikkil=C3=A4?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 10 Apr 2022 22:01:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 54845 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54845@debbugs.gnu.org Cc: Leo =?UTF-8?Q?Nikkil=C3=A4?= X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.164962803116290 (code B ref -1); Sun, 10 Apr 2022 22:01:01 +0000 Received: (at submit) by debbugs.gnu.org; 10 Apr 2022 22:00:31 +0000 Received: from localhost ([127.0.0.1]:41770 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndfbi-0004Ef-RE for submit@debbugs.gnu.org; Sun, 10 Apr 2022 18:00:31 -0400 Received: from lists.gnu.org ([209.51.188.17]:56784) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ndfbh-0004EX-4X for submit@debbugs.gnu.org; Sun, 10 Apr 2022 18:00:29 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:54392) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndfbd-000491-Ry for guix-patches@gnu.org; Sun, 10 Apr 2022 18:00:28 -0400 Received: from out3-smtp.messagingengine.com ([66.111.4.27]:48593) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ndfbZ-0006b5-Gy for guix-patches@gnu.org; Sun, 10 Apr 2022 18:00:24 -0400 Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 3B3015C018C; Sun, 10 Apr 2022 18:00:19 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Sun, 10 Apr 2022 18:00:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lnikki.la; h=cc :cc:content-transfer-encoding:content-type:date:date:from:from :in-reply-to:message-id:mime-version:reply-to:sender:subject :subject:to:to; s=fm2; bh=fU/5IiNdzqWCmc5fYvDCi70iPo3einL18NRgAA 1HOEE=; b=w1MjVU9L1gOR2biZP9GM/hVgI93ZuDT1OjQUqMBGQFgHX+e1g1RoOC Bz8VHH4Gp3bLhRsEnZNSAXyXRBKF9yvlEHFGjCkDRnDAMtbLC3BrQmJmK5sY4ygZ NwgJfp9UQWMTYR1b3bHlRAwItAdw7+K3nqAJ3E5a/TsSZytIdbyTgXfBdEkQWcnG AhoNu/4O8KQ6vOLQDpAVYrNNizy/qzOY3JxiEY58gcNDOHN/HDyojy1z2ZKx0edG 04lkaW3GCcz1CO3QELibaQyH9sBbxkmSDdUb1lF7fDq4zC17ShFXXmGAoVkVyesr 2Dt28l/riEmmGXXwKmxk9X0GJ+SiR3cA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:date:date:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=fU/5Ii NdzqWCmc5fYvDCi70iPo3einL18NRgAA1HOEE=; b=op6mkfxepbjNTqHo4gAbhG b15TvR+SEfmZk6KAwacGixrYXkB4Bbc2sgutJzeVa639V+B+YADKSwgkVDsI1UzC YgpDeJ4ca8M9mM2dnQnOsIWFhs0qkfRWFMiTRgnZnPeI3xDsOS0Hq/1flUaXyI7N JszGuO7NY44NECSYwF+UGIk0yHAzsCxf08R7okM+b/DFdA8wePHuDI2ISM6bWdWt RyH1taUDozgOyhiRJhZib8uK6QVfNx7JG+OwFUUX+NasHVLqEVAncZLgdKpPibdN TAKVS72Oih7O7gGYVq3ouPOOyVPxFXvcjJpBSUtJFIZE+taNZ6Hy7V+M9Vc4VoDw == X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvvddrudekgedgudeihecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvufffkffogggtgfesthekre dtredtjeenucfhrhhomhepnfgvohcupfhikhhkihhlmocuoehhvghllhhosehlnhhikhhk ihdrlhgrqeenucggtffrrghtthgvrhhnpefhgfdtudegveejueeileefhedvudfgudfgfe eifefhvddtheejffdtvdfgfeektdenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgr mhepmhgrihhlfhhrohhmpehhvghllhhosehlnhhikhhkihdrlhgr X-ME-Proxy: Received: by mail.messagingengine.com (Postfix) with ESMTPA; Sun, 10 Apr 2022 18:00:18 -0400 (EDT) From: Leo =?UTF-8?Q?Nikkil=C3=A4?= Date: Mon, 11 Apr 2022 01:00:08 +0300 Message-Id: <20220410220008.28577-1-hello@lnikki.la> X-Mailer: git-send-email 2.34.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=66.111.4.27; envelope-from=hello@lnikki.la; helo=out3-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1649628088; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=fU/5IiNdzqWCmc5fYvDCi70iPo3einL18NRgAA1HOEE=; b=q/PknBVdNrHEvU6PoXgon41Qe2YfTIV5YpmaJhLRPpyy2h3mMTIM4WsUVHztAwsrOjgyJa qec8ziG475nZV+6xZ7Y78201zZJOXMkABkmzRycFoDu+LnFXvMJ6PbOSdgq/vAC8UwDLIY IDZiUWtuCz+gtLKfFYybGbsGo8VIgiIh/94WwLlM2ZoUNy2muUs78p7RU82NHOmV5ChxVT PTzU1PErgmJ6w+XdEozVBxJD1Bv887ja2ZptR1xq+RPVxFg6ppkbz4Muoiw4Q2QjvKXCzX wTp3BP6Fxy/VF/KL25QlMpHgEJjl9c1qomhQPVUGe3XWWtZZGSE4AzzZmRArIg== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1649628088; a=rsa-sha256; cv=none; b=UgdSiOfhNoSrhXqzHksRSoHud3M1d1fKGf4UD6+vf+HLox/KPGZOvoxy7pdX0ru09A4+Ev d+JBW6e+WHE86qGfVoLu99xcRwwlvCWi6T5wUN0SFgQ1rXYijsmBLAJYKq3GHYw9MSlmk4 KDn+tZnwoCzkfPuuxrQfkkXKfa9q2b8Dj7HHmsFCFiVkkyKiyD0VdjXC49Wa/a6Q4tnvo8 +w/UfKXsao0uA0S33xm0jdUHgAQw91Ru1CzOtczp/Y1UsucCppXXdrVnwFzW++mL+nxCmA 627eyOzh/hGRhI+NCv/qzyyHayXd9K4ziu7s8yDcA4YzDDR0eMPq0E+r8fC72w== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lnikki.la header.s=fm2 header.b=w1MjVU9L; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b=op6mkfxe; dmarc=fail reason="SPF not aligned (relaxed)" header.from=lnikki.la (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 6.63 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=lnikki.la header.s=fm2 header.b=w1MjVU9L; dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm3 header.b=op6mkfxe; dmarc=fail reason="SPF not aligned (relaxed)" header.from=lnikki.la (policy=none); spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: DA68EFE6B X-Spam-Score: 6.63 X-Migadu-Scanner: scn1.migadu.com X-TUID: HmRdtNGhikuQ To support the argument introduced in Shepherd 0.9.0 when defining container-bound services. * gnu/build/shepherd.scm (exec-command*) (make-forkexec-constructor/container): Add '#:supplementary-groups'. --- gnu/build/shepherd.scm | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm index 0627bac5b9..384faa55f4 100644 --- a/gnu/build/shepherd.scm +++ b/gnu/build/shepherd.scm @@ -1,6 +1,7 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2017, 2018, 2019, 2020, 2022 Ludovic Courtès ;;; Copyright © 2020 Mathieu Othacehe +;;; Copyright © 2022 Leo Nikkilä ;;; ;;; This file is part of GNU Guix. ;;; @@ -119,8 +120,9 @@ (define* (read-pid-file/container pid pid-file #:key (max-delay 5)) ;; PID is always 1, but that's not what Shepherd needs to know. pid))) -(define* (exec-command* command #:key user group log-file pid-file - directory (environment-variables (environ))) +(define* (exec-command* command #:key user group (supplementary-groups '()) + log-file pid-file directory (environment-variables + (environ))) "Like 'exec-command', but first restore signal handles modified by shepherd (PID 1)." ;; First restore the default handlers. @@ -135,6 +137,7 @@ (define* (exec-command* command #:key user group log-file pid-file (exec-command command #:user user #:group group + #:supplementary-groups supplementary-groups #:log-file log-file #:directory directory #:environment-variables environment-variables)) @@ -146,6 +149,7 @@ (define* (make-forkexec-constructor/container command (mappings '()) (user #f) (group #f) + (supplementary-groups '()) (log-file #f) pid-file (pid-file-timeout 5) @@ -192,6 +196,8 @@ (define mounts (exec-command* command #:user user #:group group + #:supplementary-groups + supplementary-groups #:pid-file pid-file #:log-file log-file #:directory directory -- 2.34.0