From: "Ludovic Courtès" <ludo@gnu.org>
To: 67175@debbugs.gnu.org
Cc: "Ludovic Courtès" <ludo@gnu.org>
Subject: [bug#67175] [PATCH 9/9] shepherd: Remove ‘make-forkexec-constructor/container’.
Date: Tue, 14 Nov 2023 15:09:18 +0100 [thread overview]
Message-ID: <814e03ee68566de3912c5962a43e2241b1775b52.1699970930.git.ludo@gnu.org> (raw)
In-Reply-To: <cover.1699970930.git.ludo@gnu.org>
This was superseded by ‘least-authority-wrapper’.
* gnu/build/shepherd.scm (read-pid-file/container)
(make-forkexec-constructor/container): Remove.
Change-Id: I6acccdff2609a35807608f865a4d381146113a88
---
gnu/build/shepherd.scm | 90 ------------------------------------------
1 file changed, 90 deletions(-)
diff --git a/gnu/build/shepherd.scm b/gnu/build/shepherd.scm
index 9d9bfcfbc0..4ead27be0b 100644
--- a/gnu/build/shepherd.scm
+++ b/gnu/build/shepherd.scm
@@ -33,7 +33,6 @@ (define-module (gnu build shepherd)
%precious-signals)
#:autoload (shepherd system) (unblock-signals)
#:export (default-mounts
- make-forkexec-constructor/container
fork+exec-command/container))
;;; Commentary:
@@ -101,27 +100,6 @@ (define* (default-mounts #:key (namespaces (default-namespaces '())))
(file-exists? (file-system-mapping-source mapping)))
mappings)))))
-(define* (read-pid-file/container pid pid-file #:key (max-delay 5))
- "Read PID-FILE in the container namespaces of PID, which exists in a
-separate mount and PID name space. Return the \"outer\" PID. "
- (match (container-excursion* pid
- (lambda ()
- ;; XXX: Trick for Shepherd 0.9: prevent 'read-pid-file' from
- ;; using (@ (fibers) sleep), which would try to suspend the
- ;; current task, which doesn't work in this extra process.
- (with-continuation-barrier
- (lambda ()
- (read-pid-file pid-file
- #:max-delay max-delay)))))
- (#f
- ;; Send SIGTERM to the whole process group.
- (catch-system-error (kill (- pid) SIGTERM))
- #f)
- ((? integer? container-pid)
- ;; XXX: When COMMAND is started in a separate PID namespace, its
- ;; PID is always 1, but that's not what Shepherd needs to know.
- pid)))
-
(define* (exec-command* command #:key user group log-file pid-file
(supplementary-groups '())
(directory "/") (environment-variables (environ)))
@@ -144,74 +122,6 @@ (define* (exec-command* command #:key user group log-file pid-file
#:directory directory
#:environment-variables environment-variables))
-(define* (make-forkexec-constructor/container command
- #:key
- (namespaces
- (default-namespaces args))
- (mappings '())
- (user #f)
- (group #f)
- (supplementary-groups '())
- (log-file #f)
- pid-file
- (pid-file-timeout 5)
- (directory "/")
- (environment-variables
- (environ))
- #:rest args)
- "This is a variant of 'make-forkexec-constructor' that starts COMMAND in
-NAMESPACES, a list of Linux namespaces such as '(mnt ipc). MAPPINGS is the
-list of <file-system-mapping> to make in the case of a separate mount
-namespace, in addition to essential bind-mounts such /proc."
- (define container-directory
- (match command
- ((program _ ...)
- (string-append "/var/run/containers/" (basename program)))))
-
- (define auto-mappings
- `(,@(if log-file
- (list (file-system-mapping
- (source log-file)
- (target source)
- (writable? #t)))
- '())))
-
- (define mounts
- (append (map file-system-mapping->bind-mount
- (append auto-mappings mappings))
- (default-mounts #:namespaces namespaces)))
-
- (lambda args
- (mkdir-p container-directory)
-
- (when log-file
- ;; Create LOG-FILE so we can map it in the container.
- (unless (file-exists? log-file)
- (close (open log-file (logior O_CREAT O_APPEND O_CLOEXEC) #o640))
- (when user
- (let ((pw (getpwnam user)))
- (chown log-file (passwd:uid pw) (passwd:gid pw))))))
-
- (let ((pid (run-container container-directory
- mounts namespaces 1
- (lambda ()
- (exec-command* command
- #:user user
- #:group group
- #:supplementary-groups
- supplementary-groups
- #:pid-file pid-file
- #:log-file log-file
- #:directory directory
- #:environment-variables
- environment-variables)))))
- (if pid-file
- (if (or (memq 'mnt namespaces) (memq 'pid namespaces))
- (read-pid-file/container pid pid-file
- #:max-delay pid-file-timeout)
- (read-pid-file pid-file #:max-delay pid-file-timeout))
- pid))))
-
(define* (fork+exec-command/container command
#:key pid
#:allow-other-keys
--
2.41.0
prev parent reply other threads:[~2023-11-14 14:10 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <cover.1699970930.git.ludo@gnu.org>
2023-11-14 14:09 ` [bug#67175] [PATCH 1/9] services: pagekite: Use ‘least-authority-wrapper’ Ludovic Courtès
2023-11-14 14:09 ` [bug#67175] [PATCH 2/9] services: pagekite: Add ‘configuration’ action Ludovic Courtès
2023-11-14 14:09 ` [bug#67175] [PATCH 3/9] services: bitlbee: Remove use of ‘make-forkexec-constructor/container’ Ludovic Courtès
2023-11-14 14:09 ` [bug#67175] [PATCH 4/9] least-authority: Add support for changing UIDs/GIDs before exec Ludovic Courtès
2023-12-04 2:13 ` Maxim Cournoyer
2023-12-21 22:13 ` Ludovic Courtès
2023-11-14 14:09 ` [bug#67175] [PATCH 5/9] tests: jami: Check status of Jami D-Bus session Ludovic Courtès
2023-12-04 1:43 ` Maxim Cournoyer
2023-11-14 14:09 ` [bug#67175] [PATCH 6/9] services: jami-dbus-session: Use ‘least-authority-wrapper’ Ludovic Courtès
2023-12-04 1:45 ` Maxim Cournoyer
2023-11-14 14:09 ` [bug#67175] [PATCH 7/9] services: jami: " Ludovic Courtès
2023-12-04 1:38 ` Maxim Cournoyer
2023-12-21 22:16 ` Ludovic Courtès
2023-12-21 23:42 ` bug#67175: " Ludovic Courtès
2023-11-14 14:09 ` [bug#67175] [PATCH 8/9] services: Remove unnecessary references to (gnu build shepherd) Ludovic Courtès
2023-11-14 14:09 ` Ludovic Courtès [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=814e03ee68566de3912c5962a43e2241b1775b52.1699970930.git.ludo@gnu.org \
--to=ludo@gnu.org \
--cc=67175@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).