linux-container: 'call-with-container' relays SIGTERM and SIGINT.

* gnu/build/linux-container.scm (call-with-container): Add #:relayed-signals.
[install-signal-handlers]: New procedure.
Call it.
This commit is contained in:
Ludovic Courtès 2022-04-16 19:26:11 +02:00
parent eaebc7f2b7
commit a76fa226c8
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5

View file

@ -303,6 +303,7 @@ (define (call-with-temporary-directory proc)
(define* (call-with-container mounts thunk #:key (namespaces %namespaces)
(host-uids 1) (guest-uid 0) (guest-gid 0)
(relayed-signals (list SIGINT SIGTERM))
(process-spawned-hook (const #t)))
"Run THUNK in a new container process and return its exit status; call
PROCESS-SPAWNED-HOOK with the PID of the new process that has been spawned.
@ -320,20 +321,27 @@ (define* (call-with-container mounts thunk #:key (namespaces %namespaces)
GUEST-UID and GUEST-GID specify the first UID (respectively GID) that host
UIDs (respectively GIDs) map to in the namespace.
RELAYED-SIGNALS is the list of signals that are \"relayed\" to the container
process when caught by its parent.
Note that if THUNK needs to load any additional Guile modules, the relevant
module files must be present in one of the mappings in MOUNTS and the Guile
load path must be adjusted as needed."
(define (install-signal-handlers pid)
;; Install handlers that forward signals to PID.
(define (relay-signal signal)
(false-if-exception (kill pid signal)))
(for-each (lambda (signal)
(sigaction signal relay-signal))
relayed-signals))
(call-with-temporary-directory
(lambda (root)
(let ((pid (run-container root mounts namespaces host-uids thunk
#:guest-uid guest-uid
#:guest-gid guest-gid)))
;; Catch SIGINT and kill the container process.
(sigaction SIGINT
(lambda (signum)
(false-if-exception
(kill pid SIGKILL))))
(install-signal-handlers pid)
(process-spawned-hook pid)
(match (waitpid pid)
((_ . status) status))))))