services: quassel: Use 'least-authority-wrapper'.

* gnu/services/messaging.scm (quassel-shepherd-service): Use
'least-authority-wrapper' instead of
'make-forkexec-constructor/container'.
This commit is contained in:
Ludovic Courtès 2022-04-17 22:18:50 +02:00
parent 53dbc6fd9a
commit dac4efc466
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5

View file

@ -939,29 +939,31 @@ (define-record-type* <quassel-configuration>
(define quassel-shepherd-service
(match-lambda
(($ <quassel-configuration> quassel interface port loglevel)
(with-imported-modules (source-module-closure
'((gnu build shepherd)
(gnu system file-systems)))
(let ((quassel (least-authority-wrapper
(file-append quassel "/bin/quasselcore")
#:name "quasselcore"
#:mappings (list (file-system-mapping
(source "/var/lib/quassel")
(target source)
(writable? #t))
(file-system-mapping
(source "/var/log/quassel")
(target source)
(writable? #t)))
;; XXX: The daemon needs to live in the main user
;; namespace, as root, so it can access /var/lib/quassel
;; owned by "quasselcore".
#:namespaces (fold delq %namespaces '(net user)))))
(list (shepherd-service
(provision '(quassel))
(requirement '(user-processes networking))
(modules '((gnu build shepherd)
(gnu system file-systems)))
(start #~(make-forkexec-constructor/container
(list #$(file-append quassel "/bin/quasselcore")
"--configdir=/var/lib/quassel"
"--logfile=/var/log/quassel/core.log"
(string-append "--loglevel=" #$loglevel)
(string-append "--port=" (number->string #$port))
(string-append "--listen=" #$interface))
#:mappings (list (file-system-mapping
(source "/var/lib/quassel")
(target source)
(writable? #t))
(file-system-mapping
(source "/var/log/quassel")
(target source)
(writable? #t)))))
(start #~(make-forkexec-constructor
(list #$quassel
"--configdir=/var/lib/quassel"
"--logfile=/var/log/quassel/core.log"
(string-append "--loglevel=" #$loglevel)
(string-append "--port=" (number->string #$port))
(string-append "--listen=" #$interface))))
(stop #~(make-kill-destructor))))))))
(define %quassel-account