From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([209.51.188.92]:37782) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hUVxP-0007u6-IL for guix-patches@gnu.org; Sat, 25 May 2019 08:39:28 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hUVw2-0001ok-8p for guix-patches@gnu.org; Sat, 25 May 2019 08:38:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:34794) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hUVw2-0001od-5X for guix-patches@gnu.org; Sat, 25 May 2019 08:38:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hUVw2-0002wp-0s for guix-patches@gnu.org; Sat, 25 May 2019 08:38:02 -0400 Subject: [bug#35895] [PATCH] linux-container: Remove networking service when network is shared with host. Resent-Message-ID: References: <20190525070113.5576-1-arunisaac@systemreboot.net> <20190525072030.7739-1-arunisaac@systemreboot.net> From: Christopher Baines In-reply-to: <20190525072030.7739-1-arunisaac@systemreboot.net> Date: Sat, 25 May 2019 13:37:51 +0100 Message-ID: <8736l2iuao.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+kyle=kyleam.com@gnu.org Sender: "Guix-patches" To: 35895@debbugs.gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Arun Isaac writes: > * gnu/system/linux-container.scm (dummy-networking-shepherd-service): New > procedure. > (dummy-networking-service-type): New variable. > (containerized-operating-system): If network is shared with host, replace > static-networking-service-type with dummy-networking-service-type. Sounds good. It would be good to have the motivation/reasoning behind this change in the commit message though. > --- > gnu/system/linux-container.scm | 32 +++++++++++++++++++++++++++----- > 1 file changed, 27 insertions(+), 5 deletions(-) > > diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.= scm > index c1e963d047..ee2a476e4c 100644 > --- a/gnu/system/linux-container.scm > +++ b/gnu/system/linux-container.scm > @@ -30,6 +30,7 @@ > #:use-module (gnu build linux-container) > #:use-module (gnu services) > #:use-module (gnu services base) > + #:use-module (gnu services shepherd) > #:use-module (gnu system) > #:use-module (gnu system file-systems) > #:export (system-container > @@ -65,6 +66,22 @@ from OS that are needed on the bare metal and not in a= container." > files))) > base))) >=20=20 > +(define (dummy-networking-shepherd-service _) > + (shepherd-service > + (documentation "Provide loopback and networking without actually doing > +anything.") > + (provision '(loopback networking)) > + (start #~(const #t)))) > + > +(define dummy-networking-service-type > + (service-type > + (name 'dummy-networking) > + (extensions > + (list (service-extension > + shepherd-root-service-type > + (compose list dummy-networking-shepherd-service)))) > + (default-value #f))) > + Something like this seems a little neater to me: (define dummy-networking-service-type (service-type (name 'dummy-networking) (extensions (list (service-extension shepherd-root-service-type (const (list (shepherd-service (documentation "Provide loopback and networking without actually doing an= ything.") (provision '(loopback networking)) (start #~(const #t)))))))) (default-value #f))) Just becasue const is being used. Although maybe the shepherd-service itself could do with being extracted to a variable. > (define* (containerized-operating-system os mappings > #:key > shared-network? > @@ -96,7 +113,8 @@ containerized OS. EXTRA-FILE-SYSTEMS is a list of fil= e systems to add to OS." > agetty-service-type) > ;; Remove nscd service if network is shared with the host. > (if shared-network? > - (list nscd-service-type) > + (list nscd-service-type > + static-networking-service-type) > (list)))) >=20=20 > (operating-system > @@ -105,10 +123,14 @@ containerized OS. EXTRA-FILE-SYSTEMS is a list of = file systems to add to OS." > (essential-services (container-essential-services > this-operating-system > #:shared-network? shared-network?)) > - (services (remove (lambda (service) > - (memq (service-kind service) > - useless-services)) > - (operating-system-user-services os))) > + (services (append > + (remove (lambda (service) > + (memq (service-kind service) > + useless-services)) > + (operating-system-user-services os)) > + (if shared-network? > + (list (service dummy-networking-service-type)) > + (list)))) > (file-systems (append (map mapping->fs > (if shared-network? > (append %network-file-mappings mappin= gs) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlzpNx9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9Xc1RA/9HSidWTM3qXiG6Ug6XvzxieM/3CEF+ZV9LbXEOlqdGoAV7S9jMWT3Il54 geI9NCjWfPvERa4Sm0zBMmPA4HCB8uNL+QEBfclMp8CovhU7we609F21OFNtwfXO 8oGlvkIBK04mULhiqH7hGpMCrkPly1XX6PsMBN6HWUpfIu7+BbtWvw8S5Zb0CtJL 4ANVqAzr08ruk7iEDzYY4qlgp2ZaaqBdSRrHyGRNRgqWvX2Qzj8xRDmwa39V1RH3 x8VTx2RDSjxQSsc0oCyQsbt2fysA50YXMcKYGB0RjFaj0q3AxH/1ezNDKCehqQht PXmsjuVcnb7Zg9bevV1ci2FpaBqUyya2cruZWV+nD5AVmY6sxhfQgola51E4ialR MvnrHa9EIWQDKCXbKsDztMs2hYYhF5k0dTkp5TjnuDKfDeuiDOhEwRVWamLSP5Ff +WhB/uqAO1nKwcFmQILgFwSKw3qv5OA6ViWaPSumBe7ZpZpzAN9O6QBuyJDqwh8l zWZm9wlxgbwc/3E/YNukFIbjxjs5Ikg+dELF8eD9O2RitjGClB4bQdYHS3NCVUDL hluwp5oeJBRln6PjtLaLgGTNIsG6CbHvoI7Bl3tqi+Arb3P1xxvcvsmj5MEhaeL/ 7bWELK8g/HV92lHd2m9Djpdxs4RpSFsVrMJF9mm7/LTZGLB3zjE= =ryEY -----END PGP SIGNATURE----- --=-=-=--