From patchwork Fri Jun 16 08:55:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Ludovic_Court=C3=A8s?= X-Patchwork-Id: 50967 Return-Path: X-Original-To: patchwork@mira.cbaines.net Delivered-To: patchwork@mira.cbaines.net Received: by mira.cbaines.net (Postfix, from userid 113) id 9F80127BBE2; Fri, 16 Jun 2023 09:56:30 +0100 (BST) X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on mira.cbaines.net X-Spam-Level: X-Spam-Status: No, score=-3.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,MAILING_LIST_MULTI,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS, URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.6 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mira.cbaines.net (Postfix) with ESMTPS id AD90627BBE9 for ; Fri, 16 Jun 2023 09:56:28 +0100 (BST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1qA5FU-0007Av-79; Fri, 16 Jun 2023 04:56:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qA5FS-00079U-NA for guix-patches@gnu.org; Fri, 16 Jun 2023 04:56:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1qA5FS-0007nZ-DT for guix-patches@gnu.org; Fri, 16 Jun 2023 04:56:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1qA5FS-00081j-9L for guix-patches@gnu.org; Fri, 16 Jun 2023 04:56:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#64105] [PATCH] linux-container: Pass '--disable-chroot' to 'guix-daemon'. Resent-From: Ludovic =?utf-8?q?Court=C3=A8s?= Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Fri, 16 Jun 2023 08:56:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: report 64105 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: 64105@debbugs.gnu.org Cc: Ludovic =?utf-8?q?Court=C3=A8s?= X-Debbugs-Original-To: guix-patches@gnu.org Received: via spool by submit@debbugs.gnu.org id=B.168690572230809 (code B ref -1); Fri, 16 Jun 2023 08:56:02 +0000 Received: (at submit) by debbugs.gnu.org; 16 Jun 2023 08:55:22 +0000 Received: from localhost ([127.0.0.1]:48596 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qA5En-00080p-PI for submit@debbugs.gnu.org; Fri, 16 Jun 2023 04:55:22 -0400 Received: from lists.gnu.org ([209.51.188.17]:34802) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1qA5El-00080e-C4 for submit@debbugs.gnu.org; Fri, 16 Jun 2023 04:55:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qA5El-000777-05 for guix-patches@gnu.org; Fri, 16 Jun 2023 04:55:19 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qA5Ek-0007Qf-Nk; Fri, 16 Jun 2023 04:55:18 -0400 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:Subject:To:From:in-reply-to: references; bh=EXERqSpPP/8J8nRA2TzJ4mzPCK9ax51l4WyAjZo3DV0=; b=prpCsjnNvxQLdN jNlqzaM9sMKF9mqLWWXy/ZM3qIXkGq6tWxQSrUTI9bbdrBaj3RazJ2KbgmsPGlM3NsvLdIJhuzSui h4Feh5wlUUYiUJ/PcUEilepTpQRrlVm3CD0xTPlQBaZbhWM9ZQcKSp3lQQcpuA1cjqa2HWl9f9Tt6 IzF6i1ztCJiRvhntP9J+rd/pzfmtnVblK3ixbugbqsKxdt0B9zXCOyD8Z7Han00zGWVfVUJfSeTsV mpueX8H5AePpoLhmCHR6Pp5D+ecvsG0TlRUXtjxFKHnlb+JUTwp21yHiIygKAFsfbm0/BhiHqGgbK VB4w2i1AW8R3si0VLfww==; Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (helo=gnu.org) by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1qA5Ek-00076T-9f; Fri, 16 Jun 2023 04:55:18 -0400 From: Ludovic =?utf-8?q?Court=C3=A8s?= Date: Fri, 16 Jun 2023 10:55:08 +0200 Message-Id: X-Mailer: git-send-email 2.40.1 MIME-Version: 1.0 X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org Sender: guix-patches-bounces+patchwork=mira.cbaines.net@gnu.org X-getmail-retrieved-from-mailbox: Patches This allows for the use of Guix within a non-privileged Docker container produced by 'guix system image -t docker'. * gnu/system/linux-container.scm (containerized-operating-system): Change 'guix-configuration' to add "--disable-chroot". --- gnu/system/linux-container.scm | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) base-commit: 31336e9f5d68512a9c1c6826bce9f17c892a2125 diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm index 7c45dbccaf..485baea4c5 100644 --- a/gnu/system/linux-container.scm +++ b/gnu/system/linux-container.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 David Thompson -;;; Copyright © 2016-2017, 2019-2022 Ludovic Courtès +;;; Copyright © 2016-2017, 2019-2023 Ludovic Courtès ;;; Copyright © 2019 Arun Isaac ;;; Copyright © 2020 Efraim Flashner ;;; Copyright © 2020 Google LLC @@ -160,6 +160,17 @@ (define* (containerized-operating-system os mappings (nscd-configuration (inherit (service-value s)) (caches %nscd-container-caches)))) + ((eq? guix-service-type (service-kind s)) + ;; Pass '--disable-chroot' so that + ;; guix-daemon can build thing even in + ;; Docker without '--privileged'. + (service guix-service-type + (guix-configuration + (inherit (service-value s)) + (extra-options + (cons "--disable-chroot" + (guix-configuration-extra-options + (service-value s))))))) (else s))) (operating-system-user-services os)))) (file-systems (append (map mapping->fs