[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[bug#77638] [PATCH 2/8] guix home: ‘container’ explicitly mounts $HOME a
|
From: |
Ludovic Courtès |
|
Subject: |
[bug#77638] [PATCH 2/8] guix home: ‘container’ explicitly mounts $HOME and /run/user/1000. |
|
Date: |
Tue, 8 Apr 2025 14:24:42 +0200 |
* guix/scripts/home.scm (spawn-home-container): Pass #:mounts to
‘eval/container’.
Change-Id: I1986c1411711cebaf623f97897d91436d8167037
---
guix/scripts/home.scm | 17 +++++++++++++++--
1 file changed, 15 insertions(+), 2 deletions(-)
diff --git a/guix/scripts/home.scm b/guix/scripts/home.scm
index b4c82d275f..56a4b7c7d4 100644
--- a/guix/scripts/home.scm
+++ b/guix/scripts/home.scm
@@ -3,7 +3,7 @@
;;; Copyright © 2021 Xinglu Chen <public@yoctocell.xyz>
;;; Copyright © 2021 Pierre Langlois <pierre.langlois@gmx.com>
;;; Copyright © 2021 Oleg Pykhalov <go.wigust@gmail.com>
-;;; Copyright © 2022-2023 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2022-2023, 2025 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2022 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2022 Antero Mejr <antero@mailbox.org>
;;;
@@ -36,7 +36,8 @@ (define-module (guix scripts home)
#:autoload (guix modules) (source-module-closure)
#:autoload (gnu build linux-container) (call-with-container %namespaces)
#:autoload (gnu system linux-container) (eval/container)
- #:autoload (gnu system file-systems) (file-system-mapping
+ #:autoload (gnu system file-systems) (file-system
+ file-system-mapping
file-system-mapping-source
file-system-mapping->bind-mount
specification->file-system-mapping
@@ -361,6 +362,18 @@ (define* (spawn-home-container home
#:namespaces (if network?
(delq 'net %namespaces) ; share host network
%namespaces)
+ #:mounts (list (file-system
+ (device "none")
+ (mount-point
+ (in-vicinity "/run/user" ;for shepherd & co.
+ (number->string uid)))
+ (type "tmpfs")
+ (check? #f))
+ (file-system ;writable home
+ (device "none")
+ (mount-point home-directory)
+ (type "tmpfs")
+ (check? #f)))
#:mappings (append network-mappings mappings)
#:guest-uid uid
#:guest-gid gid))
--
2.49.0
- [bug#77638] [PATCH 0/8] Harden 'call-with-container', Ludovic Courtès, 2025/04/08
- [bug#77638] [PATCH 1/8] linux-container: Add #:mounts to ‘eval/container’., Ludovic Courtès, 2025/04/08
- [bug#77638] [PATCH 6/8] syscalls: Add ‘get-user-ns’., Ludovic Courtès, 2025/04/08
- [bug#77638] [PATCH 3/8] linux-container: Support having a read-only root file system., Ludovic Courtès, 2025/04/08
- [bug#77638] [PATCH 2/8] guix home: ‘container’ explicitly mounts $HOME and /run/user/1000.,
Ludovic Courtès <=
- [bug#77638] [PATCH 4/8] guix home: ‘container’ provides a read-only root file system., Ludovic Courtès, 2025/04/08
- [bug#77638] [PATCH 8/8] linux-container: Lock mounts by default., Ludovic Courtès, 2025/04/08
- [bug#77638] [PATCH 7/8] linux-container: Set up “lo” and generate /etc/hosts by default., Ludovic Courtès, 2025/04/08
- [bug#77638] [PATCH 5/8] environment: Add ‘--writable-root’ and default to read-only root., Ludovic Courtès, 2025/04/08