From patchwork Thu Apr 3 06:43:24 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Maxim Cournoyer X-Patchwork-Id: 41209 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 9F56F27BBEA; Thu, 3 Apr 2025 07:44:27 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-7.6 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,DKIM_VALID,FREEMAIL_FROM,MAILING_LIST_MULTI, RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,RCVD_IN_VALIDITY_CERTIFIED, RCVD_IN_VALIDITY_RPBL,RCVD_IN_VALIDITY_SAFE,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id 1575427BBE2 for ; Thu, 3 Apr 2025 07:44:27 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1u0EJ7-0008D5-RG; Thu, 03 Apr 2025 02:44:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1u0EJ6-0008CX-FB for guix-patches@gnu.org; Thu, 03 Apr 2025 02:44:08 -0400 Received: from debbugs.gnu.org ([2001:470:142:5::43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1u0EJ5-0001X0-CY; Thu, 03 Apr 2025 02:44:07 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=debbugs.gnu.org; s=debbugs-gnu-org; h=MIME-Version:Date:From:To:In-Reply-To:References:Subject; bh=9dx0P1Az3ScDvUq8kR6JJfEWO73dI45oYtmmbmn8ZM8=; b=uJrssEwDblGRBa3jTTDvI44FWBkUCXI/GnQh6OwbesALT19lI/wTmpf1Ws1eqw6+3dEcq9ZJ64HCzWsBvOr9iqM5XeOOgEFgHlkfze/mDkJS36QPHwEoyDTgA0eZpEO//HAKgE2iuM+xje865e4wFjRJgKvM69EIFLNYimvrkC8ocDfgj0AJ+7X3kv7JyV6tS84+BXFNTDKfbmnatyj42UpFKDZDBwA3+sAzDX/bsImovySNdLYC4KplOEvUuSNhSQrMlZK8ImeQsN/WLmLW7CJv5zaGJkEipRwGMHpJiF//5iTweNMwlvaQHBs5x6yq72E+v67+9Ow2e0vZrxsD2A==; Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1u0EJ0-0004eW-F5; Thu, 03 Apr 2025 02:44:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#77396] [PATCH v2 1/2] least-authority: Preserve systemd LISTEN_* environment variables. References: In-Reply-To: Resent-From: Maxim Cournoyer Original-Sender: "Debbugs-submit" Resent-CC: maxim.cournoyer@gmail.com, ludo@gnu.org, guix@cbaines.net, dev@jpoiret.xyz, othacehe@gnu.org, zimon.toutoune@gmail.com, me@tobias.gr, guix-patches@gnu.org Resent-Date: Thu, 03 Apr 2025 06:44:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 77396 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 77396@debbugs.gnu.org Cc: Maxim Cournoyer , Maxim Cournoyer , Ludovic =?utf-8?q?Court=C3=A8s?= , Christopher Baines , Josselin Poiret , Mathieu Othacehe , Simon Tournier , Tobias Geerinckx-Rice X-Debbugs-Original-Xcc: Maxim Cournoyer , Ludovic =?utf-8?q?Court=C3=A8s?= , Christopher Baines , Josselin Poiret , Mathieu Othacehe , Simon Tournier , Tobias Geerinckx-Rice Received: via spool by 77396-submit@debbugs.gnu.org id=B77396.174366264017869 (code B ref 77396); Thu, 03 Apr 2025 06:44:02 +0000 Received: (at 77396) by debbugs.gnu.org; 3 Apr 2025 06:44:00 +0000 Received: from localhost ([127.0.0.1]:60595 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1u0EIx-0004e9-O9 for submit@debbugs.gnu.org; Thu, 03 Apr 2025 02:44:00 -0400 Received: from mail-pf1-x42e.google.com ([2607:f8b0:4864:20::42e]:52227) by debbugs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.84_2) (envelope-from ) id 1u0EIu-0004dr-Nf for 77396@debbugs.gnu.org; Thu, 03 Apr 2025 02:43:57 -0400 Received: by mail-pf1-x42e.google.com with SMTP id d2e1a72fcca58-7340e6f3ce1so423526b3a.0 for <77396@debbugs.gnu.org>; Wed, 02 Apr 2025 23:43:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743662630; x=1744267430; darn=debbugs.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=9dx0P1Az3ScDvUq8kR6JJfEWO73dI45oYtmmbmn8ZM8=; b=RtyIsf+/GiER7qmmeLnpTK8DuayKVpJO8LyBID5shtGSJrcFG2m7Q1n8y0Sckl7fmm kzaaNbt9BvAL5BgO1r4LrnroG7Fjp0iwBPQ2qSieBln5ZxUaHCENqiHt+FPD4z5oI6Rh lOvzP25QI4CfC+groQHfI2HdoEi0J0y8HQnW8JYbj5ddQCkvm2evKnFdoPKRh1GfmbdF e8xTeiaPwo+8tqetL7ffXj6DJMVg85DnrykarR7ACCyJgefMbevjdRpDZ9n4fh9K6YKi HYF1ypuQ/sXDTp64cL5xGUD3ifypvCcrPsb4ADJCi9mFcRNSVYMOpvEs7NJM8X4K66Fz nqog== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743662630; x=1744267430; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=9dx0P1Az3ScDvUq8kR6JJfEWO73dI45oYtmmbmn8ZM8=; b=PHCBbfElblShkqo+EURMVTNeCa7wBf0f3b5ucJq9uhL86vSvPDgYEW2ILeKUYZYTqQ OdX1tk4gy4V3Q5mQSVHUxzpHiOs4gyFLVbgmTr/wwmCkmXY85TZS25t76lw7XtDb6vHU A4+CvdCiFr8iZwBhhwW0nTADXcCdbpieipaVqWWu8DWVAXVurqkFMVDAJk3bpkpwrQu5 a9NzxUE38frF3t8rMLwPNXzY7skCSkvAU6LK7alW3O2iFPnneFZfZ61R2FCKs5dl0CJA tsGnfM5rzQ8NsG0davIm3rGbXWLQG8tqzd5jbmKyF9PaGOEwht3GbROvBmZQw9cVowcY zKsQ== X-Gm-Message-State: AOJu0YzJFoaC8cSkFvKDlzjYM93pac9QiJdtrHZXFevPqBTX/QLTuLfd 8+KLKcPn/KJoc7e2UcxrzuSbV/SXRc5YA58KVlKAEWJw2sz6Qf8UNp4Z3A== X-Gm-Gg: ASbGnctsTnxaHo7nNZOmlCv2N7nrAefp+cnZyON2M634oFwYZcdeFmMxPiJ7NDwwObx jG4aEvVRcCVMvWs1rvTX76Cs+WYyfNeJ9QTg+hG7scxMsOHOeZYzl4u1/NA/H//jjNJanARxnSi pevmqqud/cukjvGgd/p7UfCwyv4gc4ou+gTjgXrpicZYQPFuqNvSZtV9ktyTDk/FX+kxOY7ncD5 QwGoR+ihIDM9idtK5dzh8/Sw6zvgRA2s+IPxK4oRdqy/CUdeB+ztC2Q9wHqSnvnN6nrf3AxQOWm WUIkx8Q1xqxKiDFzg1M7Zf5X0QJZAF2oIKgMgtxQE/BA5uggWw3AE5oCRLzTERS3 X-Google-Smtp-Source: AGHT+IEscBv7p1DThmgFNQTu/hv+dUJo73dXLBv6jcoprko6wzkejHHlNlrj8/wOwASh2ERmJavKtg== X-Received: by 2002:a05:6a20:c90d:b0:1f5:a3e8:64dd with SMTP id adf61e73a8af0-200f713321cmr2705400637.0.1743662630051; Wed, 02 Apr 2025 23:43:50 -0700 (PDT) Received: from localhost.localdomain ([2405:6586:be0:0:83c8:d31d:2cec:f542]) by smtp.gmail.com with ESMTPSA id 41be03b00d2f7-af9bc330489sm527711a12.32.2025.04.02.23.43.48 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 02 Apr 2025 23:43:49 -0700 (PDT) From: Maxim Cournoyer Date: Thu, 3 Apr 2025 15:43:24 +0900 Message-ID: X-Mailer: git-send-email 2.49.0 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches Otherwise, combining make-systemd-constructor with least-authority-wrapper would not work correctly out of the box. * guix/least-authority.scm (%precious-variables): Rename to... (%default-preserved-environment-variables): ... this, and export it. Add "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES" environment variables. (least-authority-wrapper): Adjust accordingly. Change-Id: Idd259b15463920965f530e1917d76bf97def3b7b --- guix/least-authority.scm | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) base-commit: 8c43056aabc2d22da61dc86049b143f7ae1ef516 diff --git a/guix/least-authority.scm b/guix/least-authority.scm index 3465fe9a48..cd846aaa61 100644 --- a/guix/least-authority.scm +++ b/guix/least-authority.scm @@ -26,7 +26,8 @@ (define-module (guix least-authority) spec->file-system file-system->spec file-system-mapping->bind-mount) - #:export (least-authority-wrapper)) + #:export (least-authority-wrapper + %default-preserved-environment-variables)) ;;; Commentary: ;;; @@ -35,9 +36,10 @@ (define-module (guix least-authority) ;;; ;;; Code: -(define %precious-variables +(define %default-preserved-environment-variables ;; Environment variables preserved by the wrapper by default. - '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER")) + '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER" + "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES")) ;for make-systemd-constructor (define* (least-authority-wrapper program #:key (name "pola-wrapper") @@ -49,7 +51,7 @@ (define* (least-authority-wrapper program (namespaces %namespaces) (directory "/") (preserved-environment-variables - %precious-variables)) + %default-preserved-environment-variables)) "Return a wrapper of PROGRAM that executes it with the least authority. PROGRAM is executed in separate namespaces according to NAMESPACES, a list of