[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] dmd: Add support for exec'ing processes as other users
|
From: |
Ludovic Courtès |
|
Subject: |
Re: [PATCH] dmd: Add support for exec'ing processes as other users |
|
Date: |
Thu, 20 Aug 2015 17:03:19 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Andy Wingo <address@hidden> skribis:
> The attached patch adds #:user and #:group kwargs to
> make-fork+exec-constructor in DMD, to allow DMD to change users before
> execing the sub-process. I couldn't figure out how to make a proper
> test but it works for me and GeoClue.
Nice!
> The patch is formulated as a patch against Guix adding a DMD patch. The
> DMD patch itself can be applied directly to DMD's git repo. As they are
> maintained together AFAIU I guess this is the right thing? Let me know.
I ended up doing it slightly differently: I pushed the patch to dmd,
then add the ‘patches’ field, which gets it over HTTP.
One thing we can do, but which is not very convenient, is to just add
whatever code we need in dmd in a module maintained in Guix, and then
have that module loaded wherever we need it.
For instance, ‘call-with-container’ will land in Guix itself, but we’ll
be able to use it to launch services in containers (BTW, I have “no
horse in the systemd race” either, but I think this flexibility we have
is Pretty Cool & Unprecedented™ :-)).
> ++ (when group
> ++ (catch #t
> ++ (lambda ()
> ++ (setgid (group:gid (getgr group))))
Maybe we should add:
(setgroups #())
for good measure?
Thank you!
Ludo’.