From: Bruno Victal <mirai@makinata.eu>
To: 60788@debbugs.gnu.org
Cc: Bruno Victal <mirai@makinata.eu>, maxim.cournoyer@gmail.com
Subject: [bug#60788] [PATCH v2] services: vnstat: Use least-authority-wrapper.
Date: Wed, 18 Jan 2023 00:37:11 +0000 [thread overview]
Message-ID: <f24c76b56d278f662437c96f45e5b9b7c88dfcf5.1674002230.git.mirai@makinata.eu> (raw)
In-Reply-To: <95b646eb6b23dec213cba43b6e4e7ddc4a601d0f.1673640404.git.mirai@makinata.eu>
* gnu/services/monitoring.scm (vnstat-shepherd-service): Use
least-authority-wrapper.
---
This patch SHOULD NOT be applied, this is a wip patch with least-authority-wrapper
and it doesn't seem to work (at least when launched within a VM).
I leave it here in case anyone interested wants to dig in further.
gnu/services/monitoring.scm | 42 ++++++++++++++++++++++++++++++-------
1 file changed, 34 insertions(+), 8 deletions(-)
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm
index 78fc49da5c..c9e4f85701 100644
--- a/gnu/services/monitoring.scm
+++ b/gnu/services/monitoring.scm
@@ -29,6 +29,9 @@ (define-module (gnu services monitoring)
#:use-module (gnu packages monitoring)
#:use-module (gnu packages networking)
#:use-module (gnu system shadow)
+ #:use-module ((gnu system file-systems) #:select (file-system-mapping))
+ #:use-module (gnu build linux-container)
+ #:autoload (guix least-authority) (least-authority-wrapper)
#:use-module (guix gexp)
#:use-module (guix packages)
#:use-module (guix records)
@@ -448,7 +451,7 @@ (define-configuration vnstat-configuration
@var{save-interval}..@samp{60}")
(pid-file
- (maybe-string "/var/run/vnstatd.pid")
+ (maybe-string "/var/run/vnstatd/vnstatd.pid")
"\
Specify pid file path and name to be used.")
@@ -558,17 +561,40 @@ (define (vnstat-serialize-configuration config)
(serialize-configuration config vnstat-configuration-fields)))
(define (vnstat-shepherd-service config)
- (let ((config-file (vnstat-serialize-configuration config)))
- (match-record config <vnstat-configuration> (package pid-file)
+ (match-record config <vnstat-configuration> (package database-dir pid-file use-logging)
+ (let* ((config-file (vnstat-serialize-configuration config))
+ (vnstatd (least-authority-wrapper
+ (file-append package "/sbin/vnstatd")
+ #:name "vnstatd"
+ #:mappings (append (if (eqv? use-logging 2)
+ (list (file-system-mapping
+ (source "/dev/log") ; for syslog
+ (target source)))
+ '())
+ (list (file-system-mapping
+ (source database-dir)
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source (dirname pid-file))
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source config-file)
+ (target source))))
+ #:namespaces (delq 'net %namespaces))))
(shepherd-service
(documentation "Run vnstatd.")
(requirement `(networking))
(provision '(vnstatd))
- (start #~(make-forkexec-constructor
- (list #$(file-append package "/sbin/vnstatd")
- "--daemon"
- "--config" #$config-file)
- #:pid-file #$pid-file))
+ (start #~(begin
+ (mkdir-p #$database-dir)
+ (mkdir-p (dirname #$pid-file))
+ (make-forkexec-constructor
+ (list #$vnstatd
+ "--daemon"
+ "--config" #$config-file)
+ #:pid-file #$pid-file)))
(stop #~(make-kill-destructor))
(actions
(list (shepherd-configuration-action config-file)
--
2.38.1
next prev parent reply other threads:[~2023-01-18 0:44 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-01-13 20:07 [bug#60788] [PATCH] services: Add vnstat-service-type Bruno Victal
2023-01-14 21:06 ` [bug#60788] [PATCH v2] " Bruno Victal
2023-01-16 18:42 ` [bug#60788] [PATCH] " Maxim Cournoyer
2023-01-16 19:31 ` Bruno Victal
2023-01-16 19:56 ` Maxim Cournoyer
2023-01-18 0:34 ` [bug#60788] [PATCH v2] " Bruno Victal
2023-01-18 0:37 ` Bruno Victal [this message]
2023-02-02 14:21 ` [bug#60788] [PATCH v3] " Bruno Victal
2023-02-07 14:25 ` [bug#60788] [PATCH v4] " Bruno Victal
2023-02-09 3:34 ` [bug#60788] [PATCH] " Maxim Cournoyer
2023-02-09 4:19 ` Bruno Victal
2023-02-09 13:31 ` Maxim Cournoyer
2023-02-10 13:15 ` [bug#60788] [PATCH v5] " Bruno Victal
2023-02-10 14:07 ` Maxim Cournoyer
2023-02-10 14:14 ` [bug#60788] [PATCH v6] " Bruno Victal
2023-03-22 16:15 ` [bug#60788] [PATCH v7] " Bruno Victal
2023-04-03 14:14 ` [bug#60788] [PATCH v8] " Bruno Victal
2023-04-04 13:08 ` [bug#60788] [PATCH v9] " Bruno Victal
2023-04-07 15:22 ` [bug#60788] [PATCH] " Ludovic Courtès
2023-04-07 20:04 ` Maxim Cournoyer
2023-04-20 10:03 ` [bug#60788] Policy for system tests? Ludovic Courtès
2023-04-08 12:40 ` [bug#60788] [PATCH] services: Add vnstat-service-type Bruno Victal
2023-04-20 10:09 ` Ludovic Courtès
2023-05-05 0:18 ` [bug#60788] [PATCH v10 1/3] " Bruno Victal
2023-05-11 14:33 ` bug#60788: " Ludovic Courtès
2023-05-05 0:18 ` [bug#60788] [PATCH v10 2/3] services: inetd: Export accessors Bruno Victal
2023-05-05 0:18 ` [bug#60788] [PATCH v10 3/3] tests: Add vnstat tests Bruno Victal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://guix.gnu.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=f24c76b56d278f662437c96f45e5b9b7c88dfcf5.1674002230.git.mirai@makinata.eu \
--to=mirai@makinata.eu \
--cc=60788@debbugs.gnu.org \
--cc=maxim.cournoyer@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/guix.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).