02/02: installer: final: Introduce call-with-mnt-container.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/02: installer: final: Introduce call-with-mnt-container.

From:	guix-commits
Subject:	02/02: installer: final: Introduce call-with-mnt-container.
Date:	Thu, 10 Sep 2020 03:39:29 -0400 (EDT)

mothacehe pushed a commit to branch master
in repository guix.

commit cafbc5f39084cff62879206d69a3890fce54dc27
Author: Mathieu Othacehe <othacehe@gnu.org>
AuthorDate: Wed Sep 9 09:24:49 2020 +0200

    installer: final: Introduce call-with-mnt-container.
    
    * gnu/installer/final.scm (call-with-mnt-container): New procedure,
    (install-system): use it instead of call-with-container, to make sure that 
the
    container is not jailed.
---
 gnu/installer/final.scm | 19 ++++++++++++++++---
 1 file changed, 16 insertions(+), 3 deletions(-)

diff --git a/gnu/installer/final.scm b/gnu/installer/final.scm
index 11143b2..fc0b780 100644
--- a/gnu/installer/final.scm
+++ b/gnu/installer/final.scm
@@ -135,6 +135,20 @@ USERS."
                        (_ #f))))))
               pids)))
 
+(define (call-with-mnt-container thunk)
+  "This is a variant of call-with-container. Run THUNK in a new container
+process, within a separate MNT namespace. The container is not jailed so that
+it can interact with the rest of the system."
+  (let ((pid (run-container "/" '() '(mnt) 1 thunk)))
+    ;; Catch SIGINT and kill the container process.
+    (sigaction SIGINT
+      (lambda (signum)
+        (false-if-exception
+         (kill pid SIGKILL))))
+
+    (match (waitpid pid)
+      ((_ . status) status))))
+
 (define* (install-system locale #:key (users '()))
   "Create /etc/shadow and /etc/passwd on the installation target for USERS.
 Start COW-STORE service on target directory and launch guix install command in
@@ -181,7 +195,7 @@ or #f.  Return #t on success and #f on failure."
     ;; To avoid this situation, mount the store overlay inside a container,
     ;; and run the installation from within that container.
     (zero?
-     (call-with-container '()
+     (call-with-mnt-container
        (lambda ()
          (dynamic-wind
            (lambda ()
@@ -218,5 +232,4 @@ or #f.  Return #t on success and #f on failure."
 
              ;; Finally umount the cow-store and exit the container.
              (unmount-cow-store (%installer-target-dir) backing-directory)
-             (assert-exit ret))))
-       #:namespaces '(mnt)))))
+             (assert-exit ret))))))))

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (cc6b185 -> cafbc5f), guix-commits, 2020/09/10
- 01/02: build: linux-container: Fix run-container., guix-commits, 2020/09/10
- 02/02: installer: final: Introduce call-with-mnt-container., guix-commits <=

Prev by Date: 01/02: build: linux-container: Fix run-container.
Next by Date: branch master updated: services: php-fpm: Add 'php-ini-file' configuration.
Previous by thread: 01/02: build: linux-container: Fix run-container.
Next by thread: branch master updated: services: php-fpm: Add 'php-ini-file' configuration.
Index(es):
- Date
- Thread