05/15: build: syscalls: Add clone syscall wrapper.

[David Thompson]

davexunit pushed a commit to branch wip-container
in repository guix.

commit b5e811883a3f7b24ca861ee34b688547fe80b981
Author: David Thompson <address@hidden>
Date:   Sun May 31 20:26:47 2015 -0400

    build: syscalls: Add clone syscall wrapper.
    
    * guix/build/syscalls.scm (clone): New procedure.
      (CLONE_NEWNS, CLONE_NEWUTS, CLONE_NEWIPC, CLONE_NEWUSER, CLONE_NEWPID,
      CLONE_NEWNET): New variables.
    * tests/syscalls.scm: Test it.
---
 guix/build/syscalls.scm |   31 +++++++++++++++++++++++++++++++
 tests/syscalls.scm      |   15 +++++++++++++++
 2 files changed, 46 insertions(+), 0 deletions(-)

diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index a464040..1e5b3f7 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -47,6 +47,14 @@
             processes
             mkdtemp!
 
+            CLONE_NEWNS
+            CLONE_NEWUTS
+            CLONE_NEWIPC
+            CLONE_NEWUSER
+            CLONE_NEWPID
+            CLONE_NEWNET
+            clone
+
             IFF_UP
             IFF_BROADCAST
             IFF_LOOPBACK
@@ -280,6 +288,29 @@ string TMPL and return its file name.  TMPL must end with 
'XXXXXX'."
                  (list err)))
         (pointer->string result)))))
 
+;; Linux clone flags, from linux/sched.h
+(define CLONE_NEWNS   #x00020000)
+(define CLONE_NEWUTS  #x04000000)
+(define CLONE_NEWIPC  #x08000000)
+(define CLONE_NEWUSER #x10000000)
+(define CLONE_NEWPID  #x20000000)
+(define CLONE_NEWNET  #x40000000)
+
+;; The libc interface to sys_clone is not useful for Scheme programs, so the
+;; low-level system call is wrapped instead.
+(define clone
+  (let* ((ptr        (dynamic-func "syscall" (dynamic-link)))
+         (proc       (pointer->procedure int ptr (list int int '*)))
+         ;; TODO: Handle all supported architectures
+         (syscall-id (match (utsname:machine (uname))
+                       ("x86_64" 56)
+                       (_        120))))
+    (lambda (flags)
+      "Create a new child process by duplicating the current parent process.
+Unlike the fork system call, clone accepts FLAGS that specify which resources
+are shared between the parent and child processes."
+      (proc syscall-id flags %null-pointer))))
+
 
 ;;;
 ;;; Packed structures.
diff --git a/tests/syscalls.scm b/tests/syscalls.scm
index 049ca93..9902279 100644
--- a/tests/syscalls.scm
+++ b/tests/syscalls.scm
@@ -76,6 +76,21 @@
            (rmdir dir)
            #t))))
 
+(define (user-namespace pid)
+  (match pid
+    ("self" "/proc/self/ns/user")
+    ((and (? number?) (= number->string pid))
+     (string-append "/proc/" pid "/ns/user"))))
+
+(test-assert "clone"
+  (match (clone (logior CLONE_NEWUSER))
+    (0 (primitive-exit 0))
+    (pid
+     ;; Check if user namespaces are different.
+     (not (equal? (readlink (user-namespace pid))
+                  (readlink (user-namespace "self")))))))
+
+
 (test-assert "all-network-interfaces"
   (match (all-network-interfaces)
     (((? string? names) ..1)