linux-container: Add #:guest-uid and #:guest-gid to 'eval/container'.

* gnu/system/linux-container.scm (eval/container): Add #:guest-uid
and #:guest-gid and honor them.
This commit is contained in:
Ludovic Courtès 2022-03-13 22:09:26 +01:00
parent c77544b387
commit cff9fee82a
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5

View file

@ -1,6 +1,6 @@
;;; GNU Guix --- Functional package management for GNU ;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2015 David Thompson <davet@gnu.org> ;;; Copyright © 2015 David Thompson <davet@gnu.org>
;;; Copyright © 2016, 2017, 2019, 2020, 2021 Ludovic Courtès <ludo@gnu.org> ;;; Copyright © 2016-2017, 2019-2022 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2019 Arun Isaac <arunisaac@systemreboot.net> ;;; Copyright © 2019 Arun Isaac <arunisaac@systemreboot.net>
;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il> ;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il>
;;; Copyright © 2020 Google LLC ;;; Copyright © 2020 Google LLC
@ -248,11 +248,13 @@ (define (explain pid)
(define* (eval/container exp (define* (eval/container exp
#:key #:key
(mappings '()) (mappings '())
(namespaces %namespaces)) (namespaces %namespaces)
(guest-uid 0) (guest-gid 0))
"Evaluate EXP, a gexp, in a new process executing in separate namespaces as "Evaluate EXP, a gexp, in a new process executing in separate namespaces as
listed in NAMESPACES. Add MAPPINGS, a list of <file-system-mapping>, to the listed in NAMESPACES. Add MAPPINGS, a list of <file-system-mapping>, to the
set of directories visible in the process's mount namespace. Return the set of directories visible in the process's mount namespace. Inside the
process' exit status as a monadic value. namespaces, run code as GUEST-UID and GUEST-GID. Return the process' exit
status as a monadic value.
This is useful to implement processes that, unlike derivations, are not This is useful to implement processes that, unlike derivations, are not
entirely pure and need to access the outside world or to perform side entirely pure and need to access the outside world or to perform side
@ -292,4 +294,6 @@ (define items
(list "-c" (list "-c"
(object->string (object->string
(lowered-gexp-sexp lowered)))))) (lowered-gexp-sexp lowered))))))
#:namespaces namespaces)))))) #:namespaces namespaces
#:guest-uid guest-uid
#:guest-gid guest-gid))))))