From patchwork Mon Jul 15 14:25:36 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 14669 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id B779C1701B; Mon, 15 Jul 2019 15:26:13 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=unavailable autolearn_force=no version=3.4.0 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTP id B922917012 for ; Mon, 15 Jul 2019 15:26:09 +0100 (BST) Received: from localhost ([::1]:39364 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hn1vd-0000C3-9C for patchwork@mira.cbaines.net; Mon, 15 Jul 2019 10:26:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:33351) by lists.gnu.org with esmtp (Exim 4.86_2) (envelope-from ) id 1hn1va-0008UB-3h for guix-patches@gnu.org; Mon, 15 Jul 2019 10:26:07 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hn1vX-0003V9-RE for guix-patches@gnu.org; Mon, 15 Jul 2019 10:26:05 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:39845) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hn1vX-0003V0-Nw for guix-patches@gnu.org; Mon, 15 Jul 2019 10:26:03 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1hn1vW-0000VC-IN for guix-patches@gnu.org; Mon, 15 Jul 2019 10:26:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#36668] [PATCH 1/1] linux-container: Add 'eval/container'. References: <20190715142126.14612-1-ludo@gnu.org> In-Reply-To: <20190715142126.14612-1-ludo@gnu.org> Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Mon, 15 Jul 2019 14:26:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 36668 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 36668@debbugs.gnu.org Received: via spool by 36668-submit@debbugs.gnu.org id=B36668.15632007541912 (code B ref 36668); Mon, 15 Jul 2019 14:26:02 +0000 Received: (at 36668) by debbugs.gnu.org; 15 Jul 2019 14:25:54 +0000 Received: from localhost ([127.0.0.1]:48666 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hn1vN-0000Um-PV for submit@debbugs.gnu.org; Mon, 15 Jul 2019 10:25:54 -0400 Received: from eggs.gnu.org ([209.51.188.92]:49181) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1hn1vL-0000UU-4B for 36668@debbugs.gnu.org; Mon, 15 Jul 2019 10:25:51 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:49170) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hn1vE-0003Ln-Qo; Mon, 15 Jul 2019 10:25:44 -0400 Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (port=39930 helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:DHE_RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1hn1vE-0000Ka-AJ; Mon, 15 Jul 2019 10:25:44 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Mon, 15 Jul 2019 16:25:36 +0200 Message-Id: <20190715142536.14793-1-ludo@gnu.org> X-Mailer: git-send-email 2.22.0 MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 209.51.188.43 X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: "Guix-patches" X-getmail-retrieved-from-mailbox: Patches * gnu/system/linux-container.scm (eval/container): New procedure. * tests/containers.scm ("eval/container, exit status") ("eval/container, writable user mapping"): New tests. --- gnu/system/linux-container.scm | 49 ++++++++++++++++++++++++++++++++- tests/containers.scm | 50 ++++++++++++++++++++++++++++++++++ 2 files changed, 98 insertions(+), 1 deletion(-) diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm index 61248c62b9..6273cee3d3 100644 --- a/gnu/system/linux-container.scm +++ b/gnu/system/linux-container.scm @@ -35,7 +35,8 @@ #:use-module (gnu system file-systems) #:export (system-container containerized-operating-system - container-script)) + container-script + eval/container)) (define* (container-essential-services os #:key shared-network?) "Return a list of essential services corresponding to OS, a @@ -205,3 +206,49 @@ that will be shared with the host system." %namespaces))))) (gexp->script "run-container" script))) + +(define* (eval/container exp + #:key + (mappings '()) + (namespaces %namespaces)) + "Evaluate EXP, a gexp, in a new process executing in separate namespaces as +listed in NAMESPACES. Add MAPPINGS, a list of , to the +set of directories visible in the process's mount namespace. Return the +process' exit status as a monadic value. + +This is useful to implement processes that, unlike derivations, are not +entirely pure and need to access the outside world or to perform side +effects." + (mlet %store-monad ((lowered (lower-gexp exp))) + (define inputs + (cons (lowered-gexp-guile lowered) + (lowered-gexp-inputs lowered))) + + (define items + (append (append-map derivation-input-output-paths inputs) + (lowered-gexp-sources lowered))) + + (mbegin %store-monad + (built-derivations inputs) + (mlet %store-monad ((closure ((store-lift requisites) items))) + (return (call-with-container (map file-system-mapping->bind-mount + (append (map (lambda (item) + (file-system-mapping + (source item) + (target source))) + closure) + mappings)) + (lambda () + (apply execl + (string-append (derivation-input-output-path + (lowered-gexp-guile lowered)) + "/bin/guile") + "guile" + (append (map (lambda (directory) `("-L" ,directory)) + (lowered-gexp-load-path lowered)) + (map (lambda (directory) `("-C" ,directory)) + (lowered-gexp-load-compiled-path + lowered)) + (list "-c" + (object->string + (lowered-gexp-sexp lowered)))))))))))) diff --git a/tests/containers.scm b/tests/containers.scm index 37408f380d..c6c738f234 100644 --- a/tests/containers.scm +++ b/tests/containers.scm @@ -21,7 +21,15 @@ #:use-module (guix utils) #:use-module (guix build syscalls) #:use-module (gnu build linux-container) + #:use-module ((gnu system linux-container) + #:select (eval/container)) #:use-module (gnu system file-systems) + #:use-module (guix store) + #:use-module (guix monads) + #:use-module (guix gexp) + #:use-module (guix derivations) + #:use-module (guix tests) + #:use-module (srfi srfi-1) #:use-module (srfi srfi-64) #:use-module (ice-9 match)) @@ -219,4 +227,46 @@ (lambda () (* 6 7)))) +(skip-if-unsupported) +(test-equal "eval/container, exit status" + 42 + (let* ((store (open-connection-for-tests)) + (status (run-with-store store + (eval/container #~(exit 42))))) + (close-connection store) + (status:exit-val status))) + +(skip-if-unsupported) +(test-assert "eval/container, writable user mapping" + (call-with-temporary-directory + (lambda (directory) + (define store + (open-connection-for-tests)) + (define result + (string-append directory "/r")) + (define requisites* + (store-lift requisites)) + + (call-with-output-file result (const #t)) + (run-with-store store + (mlet %store-monad ((status (eval/container + #~(begin + (use-modules (ice-9 ftw)) + (call-with-output-file "/result" + (lambda (port) + (write (scandir #$(%store-prefix)) + port)))) + #:mappings + (list (file-system-mapping + (source result) + (target "/result") + (writable? #t))))) + (reqs (requisites* + (list (derivation->output-path + (%guile-for-build)))))) + (close-connection store) + (return (and (zero? (pk 'status status)) + (lset= string=? (cons* "." ".." (map basename reqs)) + (pk (call-with-input-file result read)))))))))) + (test-end)