From patchwork Wed Jan 17 21:48:35 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Leo_Nikkil=C3=A4?= X-Patchwork-Id: 59052 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id A923B27BBE9; Wed, 17 Jan 2024 21:53:16 +0000 (GMT) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL, SPF_HELO_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 84EB327BBE2 for ; Wed, 17 Jan 2024 21:53:13 +0000 (GMT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1rQDqJ-0004rh-6V; Wed, 17 Jan 2024 16:53:03 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rQDqH-0004rW-V2 for guix-patches@gnu.org; Wed, 17 Jan 2024 16:53:01 -0500 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1rQDqH-0005K2-JO for guix-patches@gnu.org; Wed, 17 Jan 2024 16:53:01 -0500 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1rQDqI-0001GL-OK for guix-patches@gnu.org; Wed, 17 Jan 2024 16:53:02 -0500 X-Loop: help-debbugs@gnu.org Subject: [bug#68553] [PATCH] gnu: linux-container: Inherit essential services. Resent-From: Leo =?utf-8?q?Nikkil=C3=A4?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Wed, 17 Jan 2024 21:53:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 68553 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 68553@debbugs.gnu.org Cc: Leo =?utf-8?q?Nikkil=C3=A4?= X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.17055283364792 (code B ref -1); Wed, 17 Jan 2024 21:53:02 +0000 Received: (at submit) by debbugs.gnu.org; 17 Jan 2024 21:52:16 +0000 Received: from localhost ([127.0.0.1]:53685 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rQDpU-0001F7-Vs for submit@debbugs.gnu.org; Wed, 17 Jan 2024 16:52:16 -0500 Received: from lists.gnu.org ([2001:470:142::17]:33308) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rQDpS-0001Eq-LM for submit@debbugs.gnu.org; Wed, 17 Jan 2024 16:52:11 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rQDpM-0004o3-1D for guix-patches@gnu.org; Wed, 17 Jan 2024 16:52:04 -0500 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rQDpJ-0005Ep-Uf for guix-patches@gnu.org; Wed, 17 Jan 2024 16:52:03 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id C19F73200AF2; Wed, 17 Jan 2024 16:51:57 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 17 Jan 2024 16:51:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lnikki.la; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm1; t=1705528317; x=1705614717; bh=tF ShOWtdhiaZ0MVcNPjIdgtoS891QC/M6QMtDPYmbRs=; b=F2p3WcnIRKCbT4BBkX aFoE0/CTvMnS96+Y/dBgJtrm2NN7weiw5QiHW1He1GyCYq76p6zI8QCxDWN4LWYR lvQCHpiBY+cW69O8+smlxwqx2ZQPQDNtXJzRYpfzlkopuSmyUQFw3ZtK0HI+2+v0 CxWo6kPunfauzjToMBDlvcMERruX02B5bmOsDLgnWP+WG64OKCbWPwpVYwvvsjiA aIHi70HxDPAgC2CXiQNzJHX7KtgUtJKYye5m4bDILVWKkdjY2t3tIetbHkNMkel5 yVObDhNka47ISvmI/Jh/qj3EqJrToqobphCAVZIR4nZ9kt7v8mvvPr8FN/5GC9eI 9dUg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1705528317; x=1705614717; bh=tFShOWtdhiaZ0 MVcNPjIdgtoS891QC/M6QMtDPYmbRs=; b=BhN4TKsYO9oUcsmQ0A5W+n8Q+6v35 IKhQbOlZNool8HxBvqulCYAuwdKqIQi8qk4XZ0t/Eo/O9niHVzwdyg0sz0mVzZim deXTnEu6dl/cI1PBhq8AVQ8UnVBSxC0NtPHPqJwRgzJdxhuNuMmRxk2h3wiOpgho 0mRVXtGi/4ORO1LEOY5aj1dzM3Z6L46EsRocNwf24VuNHlBApma0U+GBGzp4Baiw YJtq+abV1KhMQ5Xh6DR1lpaB8HEnhBOXRNzQU8R1IQ68UkFy00pFJfKpzLwxyEA5 z3upFu+ewlixhMwTgs+3IwHP8+mt04DFo0weZdh9F0dthERAnRVg0Wwtw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdejhedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofggtgfgsehtke ertdertdejnecuhfhrohhmpefnvghoucfpihhkkhhilhomuceohhgvlhhloheslhhnihhk khhirdhlrgeqnecuggftrfgrthhtvghrnheptdffudehleevjedtvefghfeihefhueduge eiheejgeehgfdvffegjeefvdetvdegnecuvehluhhsthgvrhfuihiivgeptdenucfrrghr rghmpehmrghilhhfrhhomhephhgvlhhloheslhhnihhkkhhirdhlrg X-ME-Proxy: Feedback-ID: i41f146a7:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 17 Jan 2024 16:51:56 -0500 (EST) Date: Wed, 17 Jan 2024 23:48:35 +0200 Message-ID: <20240117215123.13492-1-hello@lnikki.la> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Received-SPF: pass client-ip=64.147.123.24; envelope-from=hello@lnikki.la; helo=wout1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-to: Leo =?utf-8?q?Nikkil=C3=A4?= X-ACL-Warn: , =?utf-8?q?Leo_Nikkil=C3=A4_via_Guix-patches?= X-Patchwork-Original-From: =?utf-8?q?Leo_Nikkil=C3=A4_via_Guix-patches?= via From: =?utf-8?q?Leo_Nikkil=C3=A4?= Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Currently it's not possible to set `essential-services' when building operating systems for containers, since `container-essential-services' always uses the defaults. It's possible to reference `essential-services' from the operating system that's passed in, but since it's thunked, the operating system needs to be defined in two passes to avoid an infinite loop. * gnu/system/linux-container.scm (container-essential-services): Use operating-system-essential-services instead of the defaults to allow overriding the base services. (containerized-operating-system): Update accordingly. --- gnu/system/linux-container.scm | 88 ++++++++++++++++++---------------- 1 file changed, 47 insertions(+), 41 deletions(-) base-commit: 270570f09030f8888f613ed18e7b78ae6a7156e0 diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm index 485baea4c5..c780b68fba 100644 --- a/gnu/system/linux-container.scm +++ b/gnu/system/linux-container.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2020 Google LLC ;;; Copyright © 2022 Ricardo Wurmus ;;; Copyright © 2023 Pierre Langlois +;;; Copyright © 2024 Leo Nikkilä ;;; ;;; This file is part of GNU Guix. ;;; @@ -56,7 +57,7 @@ (define base (if shared-network? (list hosts-service-type) '())))) - (operating-system-default-essential-services os))) + (operating-system-essential-services os))) (cons (service system-service-type `(("locale" ,(operating-system-locale-directory os)))) @@ -144,48 +145,53 @@ (define services-to-add (list (service dummy-networking-service-type)) '())) + (define os-with-base-essential-services + (operating-system + (inherit os) + (swap-devices '()) ; disable swap + (services + (append services-to-add + (filter-map (lambda (s) + (cond ((memq (service-kind s) services-to-drop) + #f) + ((eq? nscd-service-type (service-kind s)) + (service nscd-service-type + (nscd-configuration + (inherit (service-value s)) + (caches %nscd-container-caches)))) + ((eq? guix-service-type (service-kind s)) + ;; Pass '--disable-chroot' so that + ;; guix-daemon can build thing even in + ;; Docker without '--privileged'. + (service guix-service-type + (guix-configuration + (inherit (service-value s)) + (extra-options + (cons "--disable-chroot" + (guix-configuration-extra-options + (service-value s))))))) + (else s))) + (operating-system-user-services os)))) + (file-systems (append (map mapping->fs + (if shared-network? + (append %network-file-mappings mappings) + mappings)) + extra-file-systems + user-file-systems + + ;; Provide a dummy root file system so we can create + ;; a 'boot-parameters' file. + (list (file-system + (mount-point "/") + (device "nothing") + (type "dummy"))))))) + + ;; `essential-services' is thunked, we need to evaluate it separately. (operating-system - (inherit os) - (swap-devices '()) ; disable swap + (inherit os-with-base-essential-services) (essential-services (container-essential-services - this-operating-system - #:shared-network? shared-network?)) - (services - (append services-to-add - (filter-map (lambda (s) - (cond ((memq (service-kind s) services-to-drop) - #f) - ((eq? nscd-service-type (service-kind s)) - (service nscd-service-type - (nscd-configuration - (inherit (service-value s)) - (caches %nscd-container-caches)))) - ((eq? guix-service-type (service-kind s)) - ;; Pass '--disable-chroot' so that - ;; guix-daemon can build thing even in - ;; Docker without '--privileged'. - (service guix-service-type - (guix-configuration - (inherit (service-value s)) - (extra-options - (cons "--disable-chroot" - (guix-configuration-extra-options - (service-value s))))))) - (else s))) - (operating-system-user-services os)))) - (file-systems (append (map mapping->fs - (if shared-network? - (append %network-file-mappings mappings) - mappings)) - extra-file-systems - user-file-systems - - ;; Provide a dummy root file system so we can create - ;; a 'boot-parameters' file. - (list (file-system - (mount-point "/") - (device "nothing") - (type "dummy"))))))) + os-with-base-essential-services + #:shared-network? shared-network?)))) (define* (container-script os #:key (mappings '()) shared-network?) "Return a derivation of a script that runs OS as a Linux container.