| Message ID | fda82779cee9cc1b1a73a18624c1aa508b573243.1747682960.git.ludo@gnu.org |
|---|---|
| State | New |
| Headers |
Return-Path: <guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org> X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id C755B27BC4B; Mon, 19 May 2025 20:32:26 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2, RCVD_IN_VALIDITY_CERTIFIED,RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 7DDB627BC49 for <patchwork@mira.cbaines.net>; Mon, 19 May 2025 20:32:26 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from <guix-patches-bounces@gnu.org>) id 1uH6DY-0002SY-1U; Mon, 19 May 2025 15:32:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1uH6DW-0002SB-0g for guix-patches@gnu.org; Mon, 19 May 2025 15:32:06 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1uH6DV-0000Wl-M4; Mon, 19 May 2025 15:32:05 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:Subject; bh=AmerM3DLS+9wfjtThK9XKUAtPmuKJ8kbQWKAXndjlAU=; b=QOPM2svBf/v4BzUEDFidDvHVyQAPVvoqv/Vvx+bUYriKFDuYMyZXXQx6uSaRRZW6JGjbquMKYsU3S1q17toEIow8yE8Hw96E0f2IVDF2YOC9xMoL4eLNlW4vCrtYTowoSf2PeKFA7mdAnbOAobJ7A4RCpwZsm3U8W1KdAe9Zg3l0yMOiZBbLY20cuE2ys0eSPAnKiY/U09RrRu5G/mr3hIsh4FCEciPRo6tqWovVgyxpEk6XpYwzz0PsrXuCuRO265BLMq+N9c+uJGlmKAmKZgUDSo2Bcl3j59R5scZ9O2UUO2M24s+l/okeg7wZ5C5/zKQQwL16QnpbJX7LLOaqcg==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1uH6DS-0000U2-6U; Mon, 19 May 2025 15:32:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#78497] [PATCH] environment: Provide a writable /run/user/$UID. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org> Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org> Resent-CC: guix@cbaines.net, dev@jpoiret.xyz, ludo@gnu.org, othacehe@gnu.org, zimon.toutoune@gmail.com, me@tobias.gr, guix-patches@gnu.org Resent-Date: Mon, 19 May 2025 19:32:01 +0000 Resent-Message-ID: <handler.78497.B.17476830801651@debbugs.gnu.org> Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 78497 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 78497@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>, Tomas Volf <~@wolfsden.cz>, Christopher Baines <guix@cbaines.net>, Josselin Poiret <dev@jpoiret.xyz>, Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>, Mathieu Othacehe <othacehe@gnu.org>, Simon Tournier <zimon.toutoune@gmail.com>, Tobias Geerinckx-Rice <me@tobias.gr> X-Debbugs-Original-To: guix-patches@gnu.org X-Debbugs-Original-Xcc: Christopher Baines <guix@cbaines.net>, Josselin Poiret <dev@jpoiret.xyz>, Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org>, Mathieu Othacehe <othacehe@gnu.org>, Simon Tournier <zimon.toutoune@gmail.com>, Tobias Geerinckx-Rice <me@tobias.gr> Received: via spool by submit@debbugs.gnu.org id=B.17476830801651 (code B ref -1); Mon, 19 May 2025 19:32:01 +0000 Received: (at submit) by debbugs.gnu.org; 19 May 2025 19:31:20 +0000 Received: from localhost ([127.0.0.1]:45197 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>) id 1uH6Cl-0000QY-O0 for submit@debbugs.gnu.org; Mon, 19 May 2025 15:31:20 -0400 Received: from lists.gnu.org ([2001:470:142::17]:58182) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from <ludo@gnu.org>) id 1uH6Ci-0000PA-Qy for submit@debbugs.gnu.org; Mon, 19 May 2025 15:31:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1uH6Ca-0002J0-VN for guix-patches@gnu.org; Mon, 19 May 2025 15:31:09 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from <ludo@gnu.org>) id 1uH6CZ-0000TO-OB; Mon, 19 May 2025 15:31:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=AmerM3DLS+9wfjtThK9XKUAtPmuKJ8kbQWKAXndjlAU=; b=ad9zqvsNG/i3fs /bP8K6GOjlz97F/+6OYnv84+fHguAs2Kxjt80OmhfcmUucU8+ldzwvrS3xYjBsXRT21EaNwK4bc82 0fxl1VzHCpO2IW17zbm/9szjt5CVQ6FkTYMROwVQxPHHZcxuVGdw+T8P5Lh2nNFEhEeq4dCafmHg2 CUQDXskfxuflDqAamvKu+K+7lHG7mAiBKvtg8lwM7SgIRAoGdb2irx6JLKvPZAMsOIVxpruGO9j32 9EmzSmW7iHpmB1ESDGLIufpKadyH7N4/9BFWXvhretyGvi0OosD+HxiRx6W2NrScgJRB9Xq7AuwJj 02/CPnG0S2YMPYnfen3w==; From: Ludovic =?utf-8?q?Court=C3=A8s?= <ludo@gnu.org> Date: Mon, 19 May 2025 21:30:53 +0200 Message-ID: <fda82779cee9cc1b1a73a18624c1aa508b573243.1747682960.git.ludo@gnu.org> X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: <guix-patches.gnu.org> List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=unsubscribe> List-Archive: <https://lists.gnu.org/archive/html/guix-patches> List-Post: <mailto:guix-patches@gnu.org> List-Help: <mailto:guix-patches-request@gnu.org?subject=help> List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-patches>, <mailto:guix-patches-request@gnu.org?subject=subscribe> Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches |
| Series |
[bug#78497] environment: Provide a writable /run/user/$UID.
|
|
Commit Message
Ludovic Courtès
May 19, 2025, 7:30 p.m. UTC
* guix/scripts/environment.scm (launch-environment/container): Add /run/user/UID to ‘file-systems’. * tests/guix-environment-container.sh: Test it. Change-Id: I44c70a7554a06f40d073c25929ea7c6ded356d08 --- guix/scripts/environment.scm | 5 +++++ tests/guix-environment-container.sh | 3 +++ 2 files changed, 8 insertions(+) Hello Guix! This may sound like a recurring joke but hey! when running shepherd in ‘guix shell -C’, I figured that a writable /run/user/$UID would be welcome too. Thoughts? Ludo’. base-commit: 11e88de06043d367d02ceceade84733a65f84e27
Comments
Ludovic Courtès <ludo@gnu.org> writes: > * guix/scripts/environment.scm (launch-environment/container): Add > /run/user/UID to ‘file-systems’. > * tests/guix-environment-container.sh: Test it. > > Change-Id: I44c70a7554a06f40d073c25929ea7c6ded356d08 > --- > guix/scripts/environment.scm | 5 +++++ > tests/guix-environment-container.sh | 3 +++ > 2 files changed, 8 insertions(+) > > Hello Guix! > > This may sound like a recurring joke but hey! when running shepherd > in ‘guix shell -C’, I figured that a writable /run/user/$UID would > be welcome too. > > Thoughts? I just wonder how many more we will need :) Cannot really think of any, so hopefully this is it? > > Ludo’. > > diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm > index 96bbc6c9fa..1c2d222c74 100644 > --- a/guix/scripts/environment.scm > +++ b/guix/scripts/environment.scm > @@ -875,6 +875,11 @@ (define* (launch-environment/container #:key command bash user user-mappings > reqs))) > (file-systems (append %container-file-systems > (list tmpfs ; RW /tmp > + (file-system ; RW /run > + (inherit tmpfs) > + (mount-point > + (string-append "/run/user/" > + (number->string uid)))) For normal users this is fine, but for root the whole /run should be writable, the way it is on normal system. Thoughts? > (file-system ; RW ~ > (device "none") > (mount-point > diff --git a/tests/guix-environment-container.sh b/tests/guix-environment-container.sh > index e1c3655846..220e6b8ec8 100644 > --- a/tests/guix-environment-container.sh > +++ b/tests/guix-environment-container.sh > @@ -203,6 +203,9 @@ guix environment --bootstrap --container --ad-hoc guile-bootstrap \ > guix environment --bootstrap --container --ad-hoc guile-bootstrap \ > -- guile -c '(mkdir (string-append (getenv "HOME") "/foo"))' > > +# And /run too! > +guix environment --bootstrap --container --ad-hoc guile-bootstrap \ > + -- guile -c '(mkdir "/run/user/1000/shepherd")' > > # Check the exit code. > > > base-commit: 11e88de06043d367d02ceceade84733a65f84e27 Did not test, but looks good (and since it has the test, we know it works). Just left a comment for consideration. Reviewed-by: Tomas Volf <~@wolfsden.cz>
Hi, Tomas Volf <~@wolfsden.cz> writes: > I just wonder how many more we will need :) Cannot really think of any, > so hopefully this is it? Hopefully! >> + (string-append "/run/user/" >> + (number->string uid)))) > > For normal users this is fine, but for root the whole /run should be > writable, the way it is on normal system. Thoughts? For root, the whole root file system should be writable. So I wonder if it makes sense to special-case the above to be “/run” when UID is zero; WDYT? Thanks, Ludo’.
Ludovic Courtès <ludo@gnu.org> writes: >> For normal users this is fine, but for root the whole /run should be >> writable, the way it is on normal system. Thoughts? > > For root, the whole root file system should be writable. Well... That would be one way to solve this. Default to --writable-root if UID is zero. > So I wonder if it makes sense to special-case the above to be “/run” > when UID is zero; WDYT? I was thinking about programs that are expected to be run as a root and have hard-coded PID file, lock file or something else under /run. But I have no example to put forward. So maybe your version is enough, and we can revisit this in another pass later if the need realizes? I do not really have a strong opinion either way here, just wanted to raise the point for consideration. Feel free to proceed with the original version. ^_^ Tomas
Tomas Volf <~@wolfsden.cz> writes: > Ludovic Courtès <ludo@gnu.org> writes: > >>> For normal users this is fine, but for root the whole /run should be >>> writable, the way it is on normal system. Thoughts? >> >> For root, the whole root file system should be writable. > > Well... That would be one way to solve this. Default to --writable-root > if UID is zero. > >> So I wonder if it makes sense to special-case the above to be “/run” >> when UID is zero; WDYT? > > I was thinking about programs that are expected to be run as a root and > have hard-coded PID file, lock file or something else under /run. But I > have no example to put forward. So maybe your version is enough, and we > can revisit this in another pass later if the need realizes? Yeah, probably. Pushed as f8527e7f2044ec7bb19efcb25158ec7aa0fe5fa3. Let’s see if we need something else now. :-) I’m less concerned about guest UID zero, because that’s probably an uncommon use case. Thanks! Ludo’.
diff --git a/guix/scripts/environment.scm b/guix/scripts/environment.scm index 96bbc6c9fa..1c2d222c74 100644 --- a/guix/scripts/environment.scm +++ b/guix/scripts/environment.scm @@ -875,6 +875,11 @@ (define* (launch-environment/container #:key command bash user user-mappings reqs))) (file-systems (append %container-file-systems (list tmpfs ; RW /tmp + (file-system ; RW /run + (inherit tmpfs) + (mount-point + (string-append "/run/user/" + (number->string uid)))) (file-system ; RW ~ (device "none") (mount-point diff --git a/tests/guix-environment-container.sh b/tests/guix-environment-container.sh index e1c3655846..220e6b8ec8 100644 --- a/tests/guix-environment-container.sh +++ b/tests/guix-environment-container.sh @@ -203,6 +203,9 @@ guix environment --bootstrap --container --ad-hoc guile-bootstrap \ guix environment --bootstrap --container --ad-hoc guile-bootstrap \ -- guile -c '(mkdir (string-append (getenv "HOME") "/foo"))' +# And /run too! +guix environment --bootstrap --container --ad-hoc guile-bootstrap \ + -- guile -c '(mkdir "/run/user/1000/shepherd")' # Check the exit code.