From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp11.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id u+veFFaAXGIsRwEAgWs5BA (envelope-from ) for ; Sun, 17 Apr 2022 23:02:14 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp11.migadu.com with LMTPS id GKBPEVaAXGI1cAAA9RJhRA (envelope-from ) for ; Sun, 17 Apr 2022 23:02:14 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 9E3C517505 for ; Sun, 17 Apr 2022 23:02:13 +0200 (CEST) Received: from localhost ([::1]:37764 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1ngC28-0005eI-R1 for larch@yhetil.org; Sun, 17 Apr 2022 17:02:12 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60244) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC1y-0005bG-VE for guix-patches@gnu.org; Sun, 17 Apr 2022 17:02:03 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:43486) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC1y-0008Ji-Jb for guix-patches@gnu.org; Sun, 17 Apr 2022 17:02:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1ngC1y-0001we-HF for guix-patches@gnu.org; Sun, 17 Apr 2022 17:02:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH 00/12] Add "least authority" program wrapper Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Sun, 17 Apr 2022 21:02:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.16502292867432 (code B ref -1); Sun, 17 Apr 2022 21:02:02 +0000 Received: (at submit) by debbugs.gnu.org; 17 Apr 2022 21:01:26 +0000 Received: from localhost ([127.0.0.1]:37383 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC1O-0001vn-0d for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:01:26 -0400 Received: from lists.gnu.org ([209.51.188.17]:53320) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1ngC1M-0001vg-8o for submit@debbugs.gnu.org; Sun, 17 Apr 2022 17:01:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:60028) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC1J-0005Os-VL for guix-patches@gnu.org; Sun, 17 Apr 2022 17:01:24 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:58326) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1ngC1J-0008EY-Mm; Sun, 17 Apr 2022 17:01:21 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=FvJpE7nukYqYvkiFQWBCQjnHoU335xkw3YOLTcuc+aw=; b=aKZniBCTJZe6GR ppm7r8KU23456/5tqZO5GhVWgBxRyc49yjed3cq7wRZVbtBwiR/Rlb6qlrB67fAxjtUKj7xyCwPAk MqRR0FaGkbxI6s7MYkRNNHTrdHqLJf0ykOW8FYiOTaeh4s6cOWfAZu7QZOsSgC8PgyQ1qniHQR79d 00chtfOC+7NeVh8bxESEGPJZvpSNbIVhRGk7Awa8wFqQRZapa2sSWHBkm/mVwU1S0PPmAJB4zJxSn N7jHqgBbW936UBBSrZTeC4M4flAfs9xycveP73bteKNNUc/Cehgi3OpQA98q19qsAUMlo/wcg7Omd bMkTgnZ5Z/ktKmupC5Fg==; Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=38868 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1ngC1H-0004Hq-To; Sun, 17 Apr 2022 17:01:20 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Sun, 17 Apr 2022 23:01:07 +0200 Message-Id: <20220417210107.27263-1-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1650229334; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:list-id:list-help: list-unsubscribe:list-subscribe:list-post:dkim-signature; bh=FvJpE7nukYqYvkiFQWBCQjnHoU335xkw3YOLTcuc+aw=; b=TDFet84c/9k2ZNT7Tp68yazJyiUXGfTgv/p9ucDn9vLVWg3CP9qJ1BhCGP2UYD66fiNL2q uGvNgjH0CZWQ9JZ7eIDNTZ8GoH8K2ZkrjbfbFZfC0OpAjalxsWa2TBPpybQcX+48LGNjit 5Rs1+cWORRDAhzTB/oN83Qz0oF1aJFGa24g/XH0sIAOUb0HkNXab+54bDGKrsGgUZ8ZD1U EaFcEmxlm+7ZnF/pJTFM/KP4WtA7Hz578Vu4/SN2MohWklD7lDfEnd1l8NmcD1H40rLPJO HAdOEEaBGQj6dzBrLx6yj6qPoJ9qoZXkAgeQ+PpbXAXbNvpIrhYgFQ+dFwkBHA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1650229334; a=rsa-sha256; cv=none; b=cC7AIbUgVk+ELWVrfI77U9E2L97Dkv/yegXb+YZewHohnKANwtVnjAvE0+dPFxfuKI+tr7 y69VFsZIn9YqvxD+Lf0+eKqbbm08pxaU1Q7hLy/7YdGVIHpmk5ZQi5vSAaITR7uZrWAPou YkfXsP77hQc/Sjm0AKRupLqJXmWUM2Vjo9DSzmqHXHWMbl59NKuG34AGZ5LYIJoJDSS0H4 peXYpHdo2sTsz2tqpYYSNUC3hHT0yak+hiORcivG94xhqPGVS4rcov9TNiY+7KnCMGk6/Y jOjX33GF20nIF+C4jeh2Ni9D6VQi+lGCmB0J3UpjSxUuhT6k8Gf3JElZ8UUQ9Q== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=aKZniBCT; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -2.94 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=aKZniBCT; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 9E3C517505 X-Spam-Score: -2.94 X-Migadu-Scanner: scn1.migadu.com X-TUID: 1LSqui+rw3sV Hello Guix! So we have this fancy ‘make-forkexec-constructor/container’ thing to spawn Shepherd services in a container: https://guix.gnu.org/en/blog/2017/running-system-services-in-containers/ It’s nice, but it doesn’t compose. What if you want an inetd-style service *and* have it run in a container? We certainly don’t want to end up defining ‘make-inetd-constructor/container’ and so on. Instead, the new (guix least-authority) module provides a way to create “least-authority wrappers” for a given program: the wrapper forks[*] a process that lives in separate namespaces, with ‘call-with-container’, sets up bind mounts and everything in the child, and executes the program in that environment. ([*] I considered using unshare(2) instead of forking but that doesn’t quite work, notably because the process itself would remain in the same PID namespace as its parent.) Subsequent patches change most, but not all, users of ‘make-forkexec-constructor/container’ to ‘least-authority-wrapper’. One situation where ‘make-forkexec-constructor/container’ cannot be replaced yet is when we rely on #:pid-file, as is the case for Tor (‘make-forkexec-constructor/container’ goes to great lengths to read PID files in the container and be happy with a PID that is only valid within that namespace.) The remaining users are Jami and Pagekite; that is left as an exercise to the reader. :-) I have plans to use ‘least-authority-wrapper’ in other contexts, in particular as the basis of a new package transformation option. Thoughts? Ludo’. Ludovic Courtès (12): gexp: Add 'references-file'. file-systems: Avoid load-time warnings when attempting to load (guix store). linux-container: 'call-with-container' relays SIGTERM and SIGINT. Add (guix least-authority). services: dicod: Rewrite using 'least-authority-wrapper'. services: dicod: Use 'make-inetd-constructor'. services: bitlbee: Use 'make-inetd-constructor'. services: ipfs: Adjust for Shepherd 0.9. services: ipfs: Use 'least-authority-wrapper'. services: wesnothd: Grant write access to /var/run/wesnothd. services: wesnothd: Use 'least-authority-wrapper'. services: quassel: Use 'least-authority-wrapper'. Makefile.am | 1 + gnu/build/linux-container.scm | 15 ++-- gnu/build/shepherd.scm | 3 +- gnu/services/base.scm | 22 ------ gnu/services/dict.scm | 61 ++++++++++------ gnu/services/games.scm | 33 +++++++-- gnu/services/messaging.scm | 105 +++++++++++++++++---------- gnu/services/networking.scm | 118 +++++++++++++++--------------- gnu/system/file-systems.scm | 5 +- gnu/tests/messaging.scm | 21 +----- guix/gexp.scm | 43 +++++++++++ guix/least-authority.scm | 131 ++++++++++++++++++++++++++++++++++ tests/gexp.scm | 18 +++++ 13 files changed, 403 insertions(+), 173 deletions(-) create mode 100644 guix/least-authority.scm base-commit: 950f3e4f98add14f645dc4c9f8c512cac7b8a779 -- 2.35.1