From cff9fee82a06f58b10a5b3a7743295c53f7988b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Sun, 13 Mar 2022 22:09:26 +0100 Subject: [PATCH] linux-container: Add #:guest-uid and #:guest-gid to 'eval/container'. * gnu/system/linux-container.scm (eval/container): Add #:guest-uid and #:guest-gid and honor them. --- gnu/system/linux-container.scm | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm index 415d6b9775..eeb0f68c02 100644 --- a/gnu/system/linux-container.scm +++ b/gnu/system/linux-container.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 David Thompson -;;; Copyright © 2016, 2017, 2019, 2020, 2021 Ludovic Courtès +;;; Copyright © 2016-2017, 2019-2022 Ludovic Courtès ;;; Copyright © 2019 Arun Isaac ;;; Copyright © 2020 Efraim Flashner ;;; Copyright © 2020 Google LLC @@ -248,11 +248,13 @@ (define (explain pid) (define* (eval/container exp #:key (mappings '()) - (namespaces %namespaces)) + (namespaces %namespaces) + (guest-uid 0) (guest-gid 0)) "Evaluate EXP, a gexp, in a new process executing in separate namespaces as listed in NAMESPACES. Add MAPPINGS, a list of , to the -set of directories visible in the process's mount namespace. Return the -process' exit status as a monadic value. +set of directories visible in the process's mount namespace. Inside the +namespaces, run code as GUEST-UID and GUEST-GID. Return the process' exit +status as a monadic value. This is useful to implement processes that, unlike derivations, are not entirely pure and need to access the outside world or to perform side @@ -292,4 +294,6 @@ (define items (list "-c" (object->string (lowered-gexp-sexp lowered)))))) - #:namespaces namespaces)))))) + #:namespaces namespaces + #:guest-uid guest-uid + #:guest-gid guest-gid))))))