linux-container: Add #:guest-uid and #:guest-gid to 'eval/container'.

* gnu/system/linux-container.scm (eval/container): Add #:guest-uid
and #:guest-gid and honor them.
This commit is contained in:
Ludovic Courtès 2022-03-13 22:09:26 +01:00
parent c77544b387
commit cff9fee82a
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5

View file

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2016, 2017, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2016-2017, 2019-2022 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2019 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2020 Google LLC
@ -248,11 +248,13 @@ (define (explain pid)
(define* (eval/container exp
#:key
(mappings '())
(namespaces %namespaces))
(namespaces %namespaces)
(guest-uid 0) (guest-gid 0))
"Evaluate EXP, a gexp, in a new process executing in separate namespaces as
listed in NAMESPACES. Add MAPPINGS, a list of <file-system-mapping>, to the
set of directories visible in the process's mount namespace. Return the
process' exit status as a monadic value.
set of directories visible in the process's mount namespace. Inside the
namespaces, run code as GUEST-UID and GUEST-GID. Return the process' exit
status as a monadic value.
This is useful to implement processes that, unlike derivations, are not
entirely pure and need to access the outside world or to perform side
@ -292,4 +294,6 @@ (define items
(list "-c"
(object->string
(lowered-gexp-sexp lowered))))))
#:namespaces namespaces))))))
#:namespaces namespaces
#:guest-uid guest-uid
#:guest-gid guest-gid))))))