From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms11 with LMTPS id 4MqWNgwETF/qfwAA0tVLHw (envelope-from ) for ; Sun, 30 Aug 2020 19:54:52 +0000 Received: from aspmx1.migadu.com ([2001:41d0:2:4a6f::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id MNlkMgwETF9WbAAA1q6Kng (envelope-from ) for ; Sun, 30 Aug 2020 19:54:52 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 6DF9A9404C7 for ; Sun, 30 Aug 2020 19:54:52 +0000 (UTC) Received: from localhost ([::1]:34412 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kCTPf-0006ty-17 for larch@yhetil.org; Sun, 30 Aug 2020 15:54:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:39328) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kCTOs-0006Qn-OL for guix-patches@gnu.org; Sun, 30 Aug 2020 15:54:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39268) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1kCTOs-0007Xs-EF for guix-patches@gnu.org; Sun, 30 Aug 2020 15:54:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1kCTOs-0005iY-Cv for guix-patches@gnu.org; Sun, 30 Aug 2020 15:54:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#42849] [PATCH 2/3] linux-container: Add a jail? argument. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 30 Aug 2020 19:54:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 42849 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Mathieu Othacehe Cc: 42849@debbugs.gnu.org Received: via spool by 42849-submit@debbugs.gnu.org id=B42849.159881722021950 (code B ref 42849); Sun, 30 Aug 2020 19:54:02 +0000 Received: (at 42849) by debbugs.gnu.org; 30 Aug 2020 19:53:40 +0000 Received: from localhost ([127.0.0.1]:50814 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCTOV-0005hy-RE for submit@debbugs.gnu.org; Sun, 30 Aug 2020 15:53:40 -0400 Received: from eggs.gnu.org ([209.51.188.92]:57378) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1kCTOU-0005hm-6a for 42849@debbugs.gnu.org; Sun, 30 Aug 2020 15:53:38 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:44203) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1kCTOO-0007W7-Qy for 42849@debbugs.gnu.org; Sun, 30 Aug 2020 15:53:32 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=43526 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1kCTOO-0006TI-39; Sun, 30 Aug 2020 15:53:32 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= References: <20200813123419.263639-1-othacehe@gnu.org> <20200813123419.263639-2-othacehe@gnu.org> Date: Sun, 30 Aug 2020 21:53:30 +0200 In-Reply-To: <20200813123419.263639-2-othacehe@gnu.org> (Mathieu Othacehe's message of "Thu, 13 Aug 2020 14:34:18 +0200") Message-ID: <87sgc3hpvp.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-Spam-Score: -3.3 (---) X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Scanner: scn0 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Spam-Score: -1.01 X-TUID: bbfiszbhBxj6 Mathieu Othacehe skribis: > We may want to run a container inside the MNT namespace, without jailing = the > container. Add a "jail?" argument to "run-container" and "call-with-conta= iner" > methods. > > * gnu/build/linux-container.scm (run-container): Add a "jail?" argument a= nd > honor it, > (call-with-container): ditto, and pass the argument to "run-container". > --- > gnu/build/linux-container.scm | 20 ++++++++++++-------- > 1 file changed, 12 insertions(+), 8 deletions(-) > > diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm > index 87695c98fd..bb9fb0d799 100644 > --- a/gnu/build/linux-container.scm > +++ b/gnu/build/linux-container.scm > @@ -218,12 +218,13 @@ corresponds to the symbols in NAMESPACES." > namespaces))) >=20=20 > (define* (run-container root mounts namespaces host-uids thunk > - #:key (guest-uid 0) (guest-gid 0)) > + #:key (guest-uid 0) (guest-gid 0) (jail? #t)) > "Run THUNK in a new container process and return its PID. ROOT specif= ies > the root directory for the container. MOUNTS is a list of > objects that specify file systems to mount inside the container. NAMESP= ACES > is a list of symbols that correspond to the possible Linux namespaces: m= nt, > -ipc, uts, user, and net. > +ipc, uts, user, and net. If JAIL? is false, MOUNTS list is ignored and t= he > +container is not jailed. Why not just change the caller to pass #:mounts '() then? Am I missing something? I=E2=80=99m reluctant to introducing =E2=80=9Cjail=E2=80=9D because that=E2= =80=99s undefined in this context (reminds me of FreeBSD). Ludo=E2=80=99.