From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms5.migadu.com with LMTPS id cEg0MRR3aWJjFgAAbAwnHQ (envelope-from ) for ; Wed, 27 Apr 2022 19:02:12 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id sNBhMRR3aWKivAAAauVa8A (envelope-from ) for ; Wed, 27 Apr 2022 19:02:12 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 586D516E1E for ; Wed, 27 Apr 2022 19:02:12 +0200 (CEST) Received: from localhost ([::1]:35354 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1njl3L-0001tY-GE for larch@yhetil.org; Wed, 27 Apr 2022 13:02:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:34726) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkzM-0004My-Kp for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:50268) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkzM-0005Bj-9b for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1njkzM-0003td-8i for guix-patches@gnu.org; Wed, 27 Apr 2022 12:58:04 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#54997] [PATCH v2 05/15] linux-container: Add #:child-is-pid1? parameter to 'call-with-container'. Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 27 Apr 2022 16:58:04 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 54997 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 54997@debbugs.gnu.org Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= Received: via spool by 54997-submit@debbugs.gnu.org id=B54997.165107864614810 (code B ref 54997); Wed, 27 Apr 2022 16:58:04 +0000 Received: (at 54997) by debbugs.gnu.org; 27 Apr 2022 16:57:26 +0000 Received: from localhost ([127.0.0.1]:44137 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyj-0003qh-Gz for submit@debbugs.gnu.org; Wed, 27 Apr 2022 12:57:25 -0400 Received: from eggs.gnu.org ([209.51.188.92]:41162) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1njkyH-0003nY-9n for 54997@debbugs.gnu.org; Wed, 27 Apr 2022 12:56:57 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:60010) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1njkyB-00053L-V5; Wed, 27 Apr 2022 12:56:51 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:References:In-Reply-To:Date:Subject:To: From; bh=0LVydHMmtuL6P5fuXcsSzQJKVSCpXHIOjVuhy0R2jSY=; b=r96BzlNl2Sw7IajVW1Ml nKKKoAgvUq+dGtkCdmVyP7pOByzEiMefcECATDBv5r4BxXIQoI4X/dS0xj6BKn8H3IA+tkBWzzFxE lQJUHj5kVkFKCeSjJ7n6EPnm7Xz2U8/SsPaE5g0ONNc3Zq9hlgEwSq6BhF5xJ9b4X+wNLyqjLzFg+ MBQxWL/nMxseJw5FCn5j/sRqzOlo/aAMZe5k3j/gIOBVgNQWspA6WJxUu3e2gXk1kt7/08niVc5di jL4VE0yIDbvYddib+R8OpywUiAaSRb8bjGLkiMvbx1j+UGUFM9dzh/4cYL/lEEWYJKxcgrZfM04m0 fOWrIAZeoWRNqA==; Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201]:64439 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1njkyB-0000Hl-Gg; Wed, 27 Apr 2022 12:56:51 -0400 From: Ludovic =?UTF-8?Q?Court=C3=A8s?= Date: Wed, 27 Apr 2022 18:56:25 +0200 Message-Id: <20220427165635.8015-6-ludo@gnu.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <20220427165635.8015-1-ludo@gnu.org> References: <878rrrk1v1.fsf_-_@gnu.org> <20220427165635.8015-1-ludo@gnu.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN X-Migadu-To: larch@yhetil.org X-Migadu-Country: US ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1651078932; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding:resent-cc: resent-from:resent-sender:resent-message-id:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=0LVydHMmtuL6P5fuXcsSzQJKVSCpXHIOjVuhy0R2jSY=; b=Tf0Uojz9Pcaabsn4dkL42tg3LHKNCYjHRicF9zWFfSdIlxJ/mZdi3xswT3wJW/JL9cmlay IgWQYGLBKe0x/OnWuBWPqfLx5t19wZ3bJd34+fXnEa7EddImgoxEPs6jlvwKamqSa9CKRU gyYN8kZXqiomZ/CK3wwmterKwhL7ZB6myRmZdwS/PNimSvpVvYYBrDaF+eAoowJIZ7YGRO t8lUw0Ho85jTBszkafPaxGREagMzarSx7UIwqXdQL/J5BegRSJngpXSdU2vnsGHKliQ0Ne jJijk/IUM3nN3eDuhtDXNwqZXeT6GfBv3f2ha2vWcIXWUdtfzymQYG2h60NQKw== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1651078932; a=rsa-sha256; cv=none; b=huaaGBPJr9xJ5EYIuQot/pvI45gF+uxIYK5zSpcdtscn9HgjYLN3DI3ohVFS1Mv3aWed0Q 2Qcb3OlJTtHPuuUvytjkBhqaV8Uoe0HVGhJhasq1fN9it+dFqz4qCafqpWE1yiqEqyBbQR Ueq/d25e+mHBque5Wwh95sS6CFeGoULM6lbIz5BguocDDtE6KTpN+f6fJfSLy4iEByZiWp 332CyJ4nkd2JFPaOM9vOQdjDRWS10QxOo9xem6zmSKxY2loCs6Q8UlHeqfYSdlnce4r4oD aX5XeHwKyZ6HrFIVQHiJU3x97ubZnuTwNxIw2m7EJ45XzcXG4/bbME7p8RihNA== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=r96BzlNl; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: -3.00 Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gnu.org header.s=fencepost-gnu-org header.b=r96BzlNl; dmarc=pass (policy=none) header.from=gnu.org; spf=pass (aspmx1.migadu.com: domain of "guix-patches-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-patches-bounces+larch=yhetil.org@gnu.org" X-Migadu-Queue-Id: 586D516E1E X-Spam-Score: -3.00 X-Migadu-Scanner: scn0.migadu.com X-TUID: ol81cjC2SsKz * gnu/build/linux-container.scm (wait-child-process) (status->exit-status): New procedures. (call-with-container): Add #:child-is-pid1? parameter and honor it. [thunk*]: New variable. Pass it to 'run-container'. --- gnu/build/linux-container.scm | 49 ++++++++++++++++++++++++++++++++++- 1 file changed, 48 insertions(+), 1 deletion(-) diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm index 1fac8f4b92..a0c8174721 100644 --- a/gnu/build/linux-container.scm +++ b/gnu/build/linux-container.scm @@ -301,9 +301,28 @@ (define (call-with-temporary-directory proc) (lambda () (false-if-exception (delete-file-recursively tmp-dir)))))) +(define (wait-child-process) + "Wait for one child process and return a pair, like 'waitpid', or return #f +if there are no child processes left." + (catch 'system-error + (lambda () + (waitpid WAIT_ANY)) + (lambda args + (if (= ECHILD (system-error-errno args)) + #f + (apply throw args))))) + +(define (status->exit-status status) + "Reify STATUS as an exit status." + (or (status:exit-val status) + ;; See . + (+ 128 (or (status:term-sig status) + (status:stop-sig status))))) + (define* (call-with-container mounts thunk #:key (namespaces %namespaces) (host-uids 1) (guest-uid 0) (guest-gid 0) (relayed-signals (list SIGINT SIGTERM)) + (child-is-pid1? #t) (process-spawned-hook (const #t))) "Run THUNK in a new container process and return its exit status; call PROCESS-SPAWNED-HOOK with the PID of the new process that has been spawned. @@ -324,9 +343,37 @@ (define* (call-with-container mounts thunk #:key (namespaces %namespaces) RELAYED-SIGNALS is the list of signals that are \"relayed\" to the container process when caught by its parent. +When CHILD-IS-PID1? is true, and if NAMESPACES contains 'pid', then the child +process runs directly as PID 1. As such, it is responsible for (1) installing +signal handlers and (2) reaping terminated processes by calling 'waitpid'. +When CHILD-IS-PID1? is false, a new intermediate process is created instead +that takes this responsibility. + Note that if THUNK needs to load any additional Guile modules, the relevant module files must be present in one of the mappings in MOUNTS and the Guile load path must be adjusted as needed." + (define thunk* + (if (and (memq 'pid namespaces) + (not child-is-pid1?)) + (lambda () + ;; Behave like an init process: create a sub-process that calls + ;; THUNK, and wait for child processes. Furthermore, forward + ;; RELAYED-SIGNALS to the child process. + (match (primitive-fork) + (0 + (call-with-clean-exit thunk)) + (pid + (install-signal-handlers pid) + (let loop () + (match (wait-child-process) + ((child . status) + (if (= child pid) + (primitive-exit (status->exit-status status)) + (loop))) + (#f + (primitive-exit 128))))))) ;cannot happen + thunk)) + (define (periodically-schedule-asyncs) ;; XXX: In Guile there's a time window where a signal-handling async could ;; be queued without being processed by the time we enter a blocking @@ -347,7 +394,7 @@ (define (relay-signal signal) (call-with-temporary-directory (lambda (root) - (let ((pid (run-container root mounts namespaces host-uids thunk + (let ((pid (run-container root mounts namespaces host-uids thunk* #:guest-uid guest-uid #:guest-gid guest-gid))) (install-signal-handlers pid) -- 2.35.1