environment: '--container' honors '--preserve'.

* guix/scripts/environment.scm (launch-environment/container): Add
 #:white-list parameter and  honor it.
(guix-environment): Pass #:white-list to 'launch-environment/container'.
* tests/guix-environment-container.sh: Add test.
This commit is contained in:
Ludovic Courtès 2019-10-03 22:19:11 +02:00
parent 9a68b89e8a
commit 5a02f8e384
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
2 changed files with 22 additions and 2 deletions

View file

@ -452,7 +452,7 @@ (define* (launch-environment/fork command profile manifest
(define* (launch-environment/container #:key command bash user user-mappings
profile manifest link-profile? network?
map-cwd?)
map-cwd? (white-list '()))
"Run COMMAND within a container that features the software in PROFILE.
Environment variables are set according to the search paths of MANIFEST.
The global shell is BASH, a file name for a GNU Bash binary in the
@ -461,7 +461,10 @@ (define* (launch-environment/container #:key command bash user user-mappings
host file systems to mount inside the container. If USER is not #f, each
target of USER-MAPPINGS will be re-written relative to '/home/USER', and USER
will be used for the passwd entry. LINK-PROFILE? creates a symbolic link from
~/.guix-profile to the environment profile."
~/.guix-profile to the environment profile.
Preserve environment variables whose name matches the one of the regexps in
WHILE-LIST."
(define (optional-mapping->fs mapping)
(and (file-exists? (file-system-mapping-source mapping))
(file-system-mapping->bind-mount mapping)))
@ -487,6 +490,11 @@ (define (optional-mapping->fs mapping)
(group-entry (gid 65534) ;the overflow GID
(name "overflow"))))
(home-dir (password-entry-directory passwd))
(environ (filter (match-lambda
((variable . value)
(find (cut regexp-exec <> variable)
white-list)))
(get-environment-variables)))
;; Bind-mount all requisite store items, user-specified mappings,
;; /bin/sh, the current working directory, and possibly networking
;; configuration files within the container.
@ -555,6 +563,12 @@ (define (optional-mapping->fs mapping)
(override-user-dir user home cwd)
home-dir))
;; Set environment variables that match WHITE-LIST.
(for-each (match-lambda
((variable . value)
(setenv variable value)))
environ)
(primitive-exit/status
;; A container's environment is already purified, so no need to
;; request it be purified again.
@ -759,6 +773,7 @@ (define manifest
#:user-mappings mappings
#:profile profile
#:manifest manifest
#:white-list white-list
#:link-profile? link-prof?
#:network? network?
#:map-cwd? (not no-cwd?))))

View file

@ -44,6 +44,11 @@ else
test $? = 42
fi
# Make sure '--preserve' is honored.
result="`FOOBAR=42; export FOOBAR; guix environment -C --ad-hoc --bootstrap \
guile-bootstrap -E ^FOO -- guile -c '(display (getenv \"FOOBAR\"))'`"
test "$result" = "42"
# By default, the UID inside the container should be the same as outside.
uid="`id -u`"
inner_uid="`guix environment -C --ad-hoc --bootstrap guile-bootstrap \