diff mbox series

[bug#54997,v2,12/15] services: wesnothd: Grant write access to /var/run/wesnothd.

Message ID 20220427165635.8015-13-ludo@gnu.org
State Accepted
Headers show
Series Add "least authority" program wrapper | expand

Checks

Context Check Description
cbaines/comparison success View comparision
cbaines/git branch success View Git branch
cbaines/applying patch success View Laminar job
cbaines/issue success View issue

Commit Message

Ludovic Courtès April 27, 2022, 4:56 p.m. UTC
* gnu/services/games.scm (wesnothd-shepherd-service): Augment 'modules'
field.  Pass #:mappings argument to 'make-forkexec-constructor/container'.
(wesnothd-activation): New variable.
(wesnothd-service-type): Extend ACTIVATION-SERVICE-TYPE.
---
 gnu/services/games.scm | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/gnu/services/games.scm b/gnu/services/games.scm
index b743f6a4b6..dc0bfbe9dc 100644
--- a/gnu/services/games.scm
+++ b/gnu/services/games.scm
@@ -1,5 +1,6 @@ 
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2018 Arun Isaac <arunisaac@systemreboot.net>
+;;; Copyright © 2022 Ludovic Courtès <ludo@gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -57,18 +58,35 @@  (define wesnothd-shepherd-service
   (match-lambda
     (($ <wesnothd-configuration> package port)
      (with-imported-modules (source-module-closure
-                             '((gnu build shepherd)))
+                             '((gnu build shepherd)
+                               (gnu system file-systems)))
        (shepherd-service
         (documentation "The Battle for Wesnoth server")
         (provision '(wesnoth-daemon))
         (requirement '(networking))
-        (modules '((gnu build shepherd)))
+        (modules '((gnu build shepherd)
+                   (gnu system file-systems)))
         (start #~(make-forkexec-constructor/container
                   (list #$(file-append package "/bin/wesnothd")
                         "-p" #$(number->string port))
+                  #:mappings (list (file-system-mapping
+                                    (source "/var/run/wesnothd")
+                                    (target source)
+                                    (writable? #t)))
                   #:user "wesnothd" #:group "wesnothd"))
         (stop #~(make-kill-destructor)))))))
 
+(define wesnothd-activation
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+
+        (let* ((user (getpw "wesnothd"))
+               (directory "/var/run/wesnothd"))
+          ;; wesnothd creates a Unix-domain socket in DIRECTORY.
+          (mkdir-p directory)
+          (chown directory (passwd:uid user) (passwd:gid user))))))
+
 (define wesnothd-service-type
   (service-type
    (name 'wesnothd)
@@ -77,6 +95,8 @@  (define wesnothd-service-type
    (extensions
     (list (service-extension account-service-type
                              (const %wesnothd-accounts))
+          (service-extension activation-service-type
+                             (const wesnothd-activation))
           (service-extension shepherd-root-service-type
                              (compose list wesnothd-shepherd-service))))
    (default-value (wesnothd-configuration))))