guix-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

05/10: fixup linux container module.


From: David Thompson
Subject: 05/10: fixup linux container module.
Date: Mon, 08 Jun 2015 14:04:27 +0000

davexunit pushed a commit to branch wip-container
in repository guix.

commit 257c39f2e03af7cf765d1bc6e5a2a054e8ee0d3f
Author: David Thompson <address@hidden>
Date:   Mon Jun 8 08:44:09 2015 -0400

    fixup linux container module.
---
 gnu/build/linux-container.scm |   55 +++++++++++++++++-----------------------
 1 files changed, 23 insertions(+), 32 deletions(-)

diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index 0305e95..25b0139 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -34,12 +34,6 @@ disassociated from the current process."
   "Evaluate BODY in a new process with the specified new NAMESPACES."
   (call-with-clone namespaces (lambda () body ...)))
 
-;; TODO: Deduplicate
-(define (device-number major minor)
-  "Return the device number for the device with MAJOR and MINOR, for use as
-the last argument of `mknod'."
-  (+ (* major 256) minor))
-
 (define* (mount* source target type #:optional (flags 0) options
                  #:key (update-mtab? #f))
   "Like 'mount', but create the TARGET directory if it doesn't exist."
@@ -100,41 +94,38 @@ be bind mounted within the container."
               (logior MS_NOEXEC MS_NOSUID)
               "newinstance,ptmxmode=0666,mode=620")
 
-      ;; Create essential device nodes.
-      (for-each (match-lambda
-                  (((= in-container file) major minor)
-                   (mknod file 'char-special #o666
-                          (device-number major minor))
-                   (chmod file #o666)))
-                '(("/dev/null" 1 3)
-                  ("/dev/zero" 1 5)
-                  ("/dev/full" 1 7)
-                  ("/dev/random" 1 8)
-                  ("/dev/urandom" 1 9)))
-
-      (mknod (in-container "/dev/tty") 'char-special #o666
-             (device-number 5 0))
-      (chmod (in-container "/dev/tty") #o666)
+      ;; Create essential device nodes via bind mounting them from the host,
+      ;; because a container within a user namespace cannot create device
+      ;; nodes.
+      (for-each (lambda (device)
+                  (call-with-output-file (scope device)
+                    (const #t))
+                  (mount device (scope device)
+                         "none" MS_BIND))
+                '("/dev/null"
+                  "/dev/zero"
+                  "/dev/full"
+                  "/dev/random"
+                  "/dev/urandom"
+                  "/dev/tty"
+                  ;; TODO: "/dev/fuse"
+                  ))
 
       ;; For psuedo-ttys within the container.  Needs to be a symlink to the
       ;; host's /dev/ptmx.
-      (symlink "/dev/ptmx" (in-container "/dev/ptmx"))
-
-      ;; FUSE
-      (mknod (in-container "/dev/fuse") 'char-special #o666
-             (device-number 10 229))
-      (chmod (in-container "/dev/fuse") #o666)
+      (symlink "/dev/ptmx" (scope "/dev/ptmx"))
 
       ;; Setup IO.
-      (symlink "/proc/1/fd"   (in-container "/dev/fd"))
-      (symlink "/proc/1/fd/0" (in-container "/dev/stdin"))
-      (symlink "/proc/1/fd/1" (in-container "/dev/stdout"))
-      (symlink "/proc/1/fd/2" (in-container "/dev/stderr"))
+      (symlink "/proc/self/fd"   (scope "/dev/fd"))
+      (symlink "/proc/self/fd/0" (scope "/dev/stdin"))
+      (symlink "/proc/self/fd/1" (scope "/dev/stdout"))
+      (symlink "/proc/self/fd/2" (scope "/dev/stderr"))
 
       ;; Bind-mount shared directories.
+      ;; TODO: Use <file-system-mapping>
       (for-each (match-lambda
                   ((host-dir container-dir)
-                   (mount* host-dir (in-container container-dir)
+                   (mount* host-dir (scope container-dir)
                            "none" MS_BIND)))
                 shared-dirs)
 



reply via email to

[Prev in Thread] Current Thread [Next in Thread]