mirror of
https://git.in.rschanz.org/ryan77627/guix.git
synced 2024-12-24 21:38:07 -05:00
installer: final: Introduce call-with-mnt-container.
* gnu/installer/final.scm (call-with-mnt-container): New procedure, (install-system): use it instead of call-with-container, to make sure that the container is not jailed.
This commit is contained in:
parent
b3a83f1ece
commit
cafbc5f390
1 changed files with 16 additions and 3 deletions
|
@ -135,6 +135,20 @@ (define %not-nul
|
|||
(_ #f))))))
|
||||
pids)))
|
||||
|
||||
(define (call-with-mnt-container thunk)
|
||||
"This is a variant of call-with-container. Run THUNK in a new container
|
||||
process, within a separate MNT namespace. The container is not jailed so that
|
||||
it can interact with the rest of the system."
|
||||
(let ((pid (run-container "/" '() '(mnt) 1 thunk)))
|
||||
;; Catch SIGINT and kill the container process.
|
||||
(sigaction SIGINT
|
||||
(lambda (signum)
|
||||
(false-if-exception
|
||||
(kill pid SIGKILL))))
|
||||
|
||||
(match (waitpid pid)
|
||||
((_ . status) status))))
|
||||
|
||||
(define* (install-system locale #:key (users '()))
|
||||
"Create /etc/shadow and /etc/passwd on the installation target for USERS.
|
||||
Start COW-STORE service on target directory and launch guix install command in
|
||||
|
@ -181,7 +195,7 @@ (define (assert-exit x)
|
|||
;; To avoid this situation, mount the store overlay inside a container,
|
||||
;; and run the installation from within that container.
|
||||
(zero?
|
||||
(call-with-container '()
|
||||
(call-with-mnt-container
|
||||
(lambda ()
|
||||
(dynamic-wind
|
||||
(lambda ()
|
||||
|
@ -218,5 +232,4 @@ (define (assert-exit x)
|
|||
|
||||
;; Finally umount the cow-store and exit the container.
|
||||
(unmount-cow-store (%installer-target-dir) backing-directory)
|
||||
(assert-exit ret))))
|
||||
#:namespaces '(mnt)))))
|
||||
(assert-exit ret))))))))
|
||||
|
|
Loading…
Reference in a new issue