Commit graph

38 commits

Author SHA1 Message Date
Leo Nikkilä
841fd4880a
linux-container: Inherit essential services.
Currently it's not possible to set `essential-services' when building
operating systems for containers, since `container-essential-services'
always uses the defaults.

It's possible to reference `essential-services' from the operating
system that's passed in, but since it's thunked, the operating system
needs to be defined in two passes to avoid an infinite loop.

* gnu/system/linux-container.scm (container-essential-services): Use
operating-system-essential-services instead of the defaults to allow
overriding the base services.
(containerized-operating-system): Update accordingly.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I81452487ef1ad01d3fa874c26d93a67d58ce6062
2024-02-05 22:29:45 +01:00
Ludovic Courtès
ed5a9f5260
linux-container: Pass '--disable-chroot' to 'guix-daemon'.
This allows for the use of Guix within a non-privileged Docker container
produced by 'guix system image -t docker'.

* gnu/system/linux-container.scm (containerized-operating-system):
Change 'guix-configuration' to add "--disable-chroot".
2023-06-24 16:13:05 +02:00
Ludovic Courtès
44bbfc24e4
linux-container: Adjust to 'modify-services' semantic change.
This is a followup to dbbc7e9461:
'nscd-service-type' isn't necessarily present in OS, so we cannot use
the 'modify-services' as it would now error out.  This was happening
with the "guix system docker-image" test in 'tests/guix-system.sh'.

* gnu/system/linux-container.scm (containerized-operating-system): Use
'filter-map' instead of 'remove' + 'modify-services'.
2023-06-09 18:15:07 +02:00
Pierre Langlois
42fbe62d52
linux-container: Remove hosts-service-type when network is shared.
Fixes <https://issues.guix.gnu.org/61627>.

* gnu/system/linux-container.scm (container-essential-services): When
shared-network? is true, remove the hosts-service-type service kind.
2023-03-26 14:15:16 +01:00
Ricardo Wurmus
1a63aea943
linux-container: Do not replace nscd-service-type.
* gnu/system/linux-container.scm (containerized-operating-system): Respect
customizations to the nscd-service-type and only modify the caches field.
2022-12-01 19:52:13 +01:00
Ricardo Wurmus
26af06b66b
linux-container: container-script: Parse command line options.
* gnu/system/linux-container.scm (container-script): Accept command line
options to bind mount host directories into the container.
* doc/guix.texi (Invoking guix system): Document options.
2022-08-09 20:32:13 +02:00
Maxim Cournoyer
edac21bfc7
gnu: Remove wicd.
The last release is from 2017, stuck on Python 2.

* gnu/packages/wicd.scm: Delete file.
* gnu/packages/patches/wicd-bitrate-none-fix.patch: Delete file.
* gnu/packages/patches/wicd-get-selected-profile-fix.patch: Likewise.
* gnu/packages/patches/wicd-urwid-1.3.patch: Likewise.
* gnu/packages/patches/wicd-wpa2-ttls.patch: Likewise.
* gnu/local.mk: De-register them.
* gnu/services/networking.scm: Remove wicd service...
* doc/guix.texi: ... and its documentation.
* gnu/system/linux-container.scm (containerized-operating-system)
<services-to-drop>: Remove wicd-service-type.
2022-05-31 14:53:42 -04:00
Ludovic Courtès
cff9fee82a
linux-container: Add #:guest-uid and #:guest-gid to 'eval/container'.
* gnu/system/linux-container.scm (eval/container): Add #:guest-uid
and #:guest-gid and honor them.
2022-03-19 18:26:00 +01:00
Ludovic Courtès
c77544b387
linux-container: 'eval/container' honors #:namespaces.
* gnu/system/linux-container.scm (eval/container): Pass #:namespaces to
'call-with-container'.
2022-03-19 18:26:00 +01:00
Ludovic Courtès
0d22fc8d36
services: shepherd: 'shepherd-service-type' requires documentation.
* gnu/services/shepherd.scm (shepherd-service-type): Require a
'description' form.
* gnu/services/base.scm (root-file-system-service-type)
(rngd-service-type, host-name-service-type):
(virtual-terminal-service-type, console-keymap-service-type)
(syslog-service-type, swap-service-type)
(kmscon-service-type): Add description.
* gnu/services/networking.scm (dhcp-client-service-type): Likewise.
* gnu/system/install.scm (cow-store-service-type): Likewise.
* gnu/system/linux-container.scm (dummy-networking-service-type):
Likewise.
* gnu/system/mapped-devices.scm (device-mapping-service-type):
Likewise.
* tests/guix-system.sh: Likewise.
2021-01-13 22:24:18 +01:00
Jason Conroy
5627bfe45c
Instantiate nscd in each system container.
* gnu/system/linux-container.scm (%nscd-container-caches): New variable.
(containerized-operating-system): Instantiate nscd-service with smaller caches
and add it to the generated operating-system, replacing any nscd-service
specified by the caller.
* gnu/system/file-systems.scm: (%network-file-mappings): Remove "/var/run/nscd".

Signed-off-by: Mathieu Othacehe <othacehe@gnu.org>
2020-10-01 09:27:33 +02:00
Ludovic Courtès
0e5c2d5e14
services: system: Initial entries are non-monadic.
* gnu/system.scm (operating-system-directory-base-entries): Return a
regular, non-monadic value.
* gnu/services.scm (system-derivation): Adjust accordingly.
* gnu/system/linux-container.scm (container-essential-services): Likewise.
2020-04-26 22:49:49 +02:00
Efraim Flashner
c27710859c
system: linux-container: Recommend guix container.
* gnu/system/linux-container.scm (container-script)[script]: Recommend
using 'guix container' to get a shell inside the running container.
2020-01-06 12:20:21 +02:00
Ludovic Courtès
96b35998e6
linux-container: 'eval/container' correctly passes -L and -C flags.
This fixes a type error.

* gnu/system/linux-container.scm (eval/container): Use 'append-map', not
'map'.
* tests/containers.scm ("eval/container, non-empty load path"): New test.
2019-09-18 23:08:28 +02:00
Ludovic Courtès
d236cd16a7
linux-container: "run-container" scripts shows the container's PID.
* gnu/build/linux-container.scm (call-with-container): Add
 #:process-spawned-hook and honor it.
* gnu/system/linux-container.scm (container-script)[script]:
Define 'explain' and pass it as #:process-spawned-hook'.
2019-09-12 23:07:43 +02:00
Ludovic Courtès
da966a7a3d
linux-container: Exclude more services when sharing networking with the host.
* gnu/system/linux-container.scm (containerized-operating-system)[useless-services]:
Add more services to the list when SHARED-NETWORK? is true.
2019-09-12 23:07:42 +02:00
Ludovic Courtès
5ccec77176
file-systems: Add /var/run/nscd to '%network-file-mappings'.
This allows containers created by "guix environment -CN" or by
"guix system container -N" to talk to the host nscd.

* gnu/system/file-systems.scm (%network-file-mappings): Add
"/var/run/nscd".
* gnu/build/shepherd.scm (default-mounts)[nscd-socket]: Remove.
* gnu/system/linux-container.scm (container-script)[nscd-run-directory]
[nscd-mapping, nscd-os, nscd-specs]: Remove.
[script]: Filter out from SPECS bind-mounts where the device does not
exist.
* guix/scripts/environment.scm (launch-environment/container)
[optional-mapping->fs]: New procedure.
[mappings]: Remove %NETWORK-FILE-MAPPINGS.
[file-systems]: Add %NETWORK-FILE-MAPPINGS here, filtered through
'optional-mapping->fs'.
2019-09-12 23:07:42 +02:00
Ludovic Courtès
bacfec8611
linux-container: Add 'eval/container'.
* gnu/system/linux-container.scm (eval/container): New procedure.
* tests/containers.scm ("eval/container, exit status")
("eval/container, writable user mapping"): New tests.
2019-07-19 11:53:47 +02:00
Arun Isaac
b84c4cda04
linux-container: Remove networking service when network is shared with host.
* gnu/system/linux-container.scm (dummy-networking-service-type): New
variable.
(containerized-operating-system): If network is shared with host, replace
static-networking-service-type with dummy-networking-service-type.
2019-06-19 00:19:47 +05:30
Arun Isaac
d2928fa63f
linux-container: Check if nscd run directory exists when container is run.
* gnu/system/linux-container.scm (containerized-operating-system):
(container-script): Check for existence of the host nscd run directory in the
container script. This check should be run when the container is started, not
when the container script is created.
[network-mappings]: Delete variable.
[nscd-run-directory, nscd-mapping]: New variables.
2019-05-25 11:06:22 +05:30
Ludovic Courtès
3f9bed04f0
linux-container: Compute essential services for THIS-OPERATING-SYSTEM.
Previously, the 'essential-services' would correspond to the initial,
non-containerized OS.  Thus, all the file systems removed in
'container-essential-services' would actually still be there because the
essential services would be computed on the non-containerized OS.

This is a followup to 69cae3d335.

* gnu/system/linux-container.scm (container-essential-services): Call
'operating-system-default-essential-services' to get the baseline
services.
(containerized-operating-system): Pass THIS-OPERATING-SYSTEM, not OS, to
'container-essential-services'.
Add a dummy root file system to 'file-systems'.
(container-script)[mountable-file-system?]: New procedure.
Use it.
2019-05-15 16:36:21 +02:00
Ludovic Courtès
6edd5c546c
linux-container: Do not add %CONTAINER-FILE-SYSTEMS to Docker image OSes.
Previously, 'guix system docker-image' would end up providing an OS that
would try to mount all of %CONTAINER-FILE-SYSTEMS as well as /gnu/store,
which is bound to fail in unprivileged Docker.

This patch makes it so that 'guix system container' still gets those
file systems, but 'guix system docker-image' doesn't.

* gnu/system/linux-container.scm (containerized-operating-system): Add
 #:extra-file-systems parameter and honor it.  Do not include
 %STORE-MAPPING and SHARED-NETWORK-FILE-MAPPINGS.
(container-script): Add %STORE-MAPPING and optionally NETWORK-MAPPINGS
to MAPPINGS and pass #:extra-file-systems.
2019-05-15 16:36:21 +02:00
Arun Isaac
b33454ae0b
linux-container: Support container network sharing.
* gnu/system/linux-container.scm (container-essential-services): If network is
to be shared with the host, remove network configuration files from etc
service.
(containerized-operating-system): If network is to be shared with the host,
remove nscd service and map host's /var/run/nscd if it exists.
(container-script): If network is to be shared with the host, do not create
network namespace.
* guix/scripts/system.scm (system-derivation-for-action): Add
#:container-shared-network? argument.
(perform-action): Add #:container-shared-network? argument.
(show-help): Add "-N, --network" help information.
(%options): Add network option.
(process-action): Call perform-action with #container-shared-network? argument.
* doc/guix.texi (Invoking guix system): Document the "-N, --network" option.

Co-authored-by: Christopher Baines <mail@cbaines.net>
2019-05-14 02:54:58 +05:30
Ludovic Courtès
76ae10a1f4
linux-container: Improve filtering of unnecessary file systems.
* gnu/system/linux-container.scm (containerized-operating-system)[user-file-systems]:
Add trailing slash for the "/dev/" and "/sys/" prefixes.
2019-05-10 23:29:18 +02:00
Ludovic Courtès
86b8869fff
linux-container: Remove '%containerized-shepherd-service' hack.
This hack worked around a defect in the Shepherd 0.5.0 and is no longer
needed.

* gnu/services/shepherd.scm (%containerized-shepherd-service): Remove.
* gnu/system/linux-container.scm (container-essential-services): Don't
use it.
2019-04-23 16:38:12 +02:00
Ludovic Courtès
69cae3d335
system: Add 'essential-services' field to <operating-system>.
* gnu/system.scm (<operating-system>)[essential-services]: New field.
(operating-system-directory-base-entries): Remove #:container? keyword
and keep only the not-container branch.
(essential-services): Likewise.
(operating-system-services): Likewise, and call
'operating-system-essential-services' instead of 'essential-services'.
(operating-system-activation-script): Remove #:container?.
(operating-system-boot-script): Likewise.
(operating-system-derivation): Likewise.
* gnu/system/linux-container.scm (container-essential-services): New procedure.
(containerized-operating-system): Use it and set the
'essential-services' field.
(container-script): Remove call to 'operating-system-derivation'.
* gnu/system/vm.scm (system-docker-image): Likewise.
* doc/guix.texi (operating-system Reference): Document 'essential-services'.
2019-03-25 23:37:06 +01:00
Ludovic Courtès
b94c80ff5d
linux-container: 'containerized-operating-system' removes "useless" services.
Fixes <https://bugs.gnu.org/34211>.
Reported by Efraim Flashner <efraim@flashner.co.il>.

* gnu/system/linux-container.scm (containerized-operating-system)
[useless-services]: New variable.
Add 'services' field.
2019-03-13 23:12:44 +01:00
Ludovic Courtès
d2a5e6982d
file-systems: Add 'file-system-mapping->bind-mount'.
* gnu/system/file-systems.scm (file-system-mapping->bind-mount): New
procedure.
* gnu/system/linux-container.scm (mapping->file-system): Remove.
(containerized-operating-system)[mapping->fs]: Use
'file-system-mapping->bind-mount' instead of 'mapping->file-system'.
* guix/scripts/environment.scm (launch-environment/container): Likewise.
2017-02-03 00:23:28 +01:00
Ludovic Courtès
5970e8e248
container: Pass a list of <file-system> objects as things to mount.
* gnu/build/linux-container.scm (mount-file-systems): 'mounts' is now a
list of <file-system> objects instead of a list of lists ("specs").
Add call to 'file-system->spec' as the argument to 'mount-file-system'.
(run-container, call-with-container): Adjust docstring accordingly.
* gnu/system/file-systems.scm (spec->file-system): New procedure.
* gnu/system/linux-container.scm (container-script)[script]: Call
'spec->file-system' inside gexp.
* guix/scripts/environment.scm (launch-environment/container): Remove
call to 'file-system->spec'.
* tests/containers.scm ("call-with-container, mnt namespace")
("call-with-container, mnt namespace, wrong bind mount"): Pass a list of
<file-system> objects.
2016-11-10 18:01:44 +01:00
Ludovic Courtès
5e7eaccb14
linux-container: Use 'source-module-closure' when generating the script.
* gnu/system/linux-container.scm (container-script)[script]: Use
'source-module-closure' in 'with-imported-modules' form.
2016-11-10 18:01:44 +01:00
Ludovic Courtès
43dcce8674
linux-container: Fix list of imported modules.
This fixes a regression introduced in
958dd3ce68.

* gnu/system/linux-container.scm (container-script)[script]: Add (guix
combinators) to the list of imported modules.
2016-07-12 22:47:08 +02:00
Ludovic Courtès
4ee96a7912
gnu: Switch to 'with-imported-modules'.
* gnu/services.scm (directory-union): Use 'with-imported-modules'
instead of the '#:modules' argument of 'computed-file'.
* gnu/services/base.scm (udev-rules-union): Likewise.
* gnu/services/dbus.scm (system-service-directory): Likewise.
* gnu/services/desktop.scm (wrapped-dbus-service):
(polkit-directory): Likewise.
* gnu/services/networking.scm (tor-configuration->torrc): Likewise.
* gnu/services/xorg.scm (xorg-configuration-directory): Likewise.
* gnu/system/install.scm (self-contained-tarball): Likewise.
* gnu/system/linux-container.scm (container-script): Likewise.
* gnu/system/linux-initrd.scm (expression->initrd): Likewise, and
remove #:modules parameter.
(flat-linux-module-directory): Use 'with-imported-modules'.
(base-initrd): Likewise.
* gnu/system/locale.scm (locale-directory): Likewise.
* gnu/system/shadow.scm (default-skeletons): Likewise.
* gnu/system/vm.scm (expression->derivation-in-linux-vm): Likewise.
* gnu/tests/base.scm (run-basic-test): Likewise.
* gnu/tests/install.scm (run-install): Likewise.
* doc/guix.texi (Initial RAM Disk): Update 'expression->initrd'
documentation.
2016-07-12 22:47:08 +02:00
Ludovic Courtès
1f1ff6a0e7 linux-container: Accept file systems with a UUID 'source'.
* gnu/system/linux-container.scm (containerized-operating-system)[user-file-systems]:
Check whether SOURCE is a string before calling 'string-prefix?'.
2016-02-08 23:46:46 +01:00
Ludovic Courtès
6eb439070a file-systems: Spawn a Bournish REPL upon fsck failure.
Fixes <http://bugs.gnu.org/22588>.
Reported by Mark H Weaver <mhw@netris.org>.

* gnu/build/file-systems.scm (check-file-system): Pass
%BOURNISH-LANGUAGE as the argument to 'start-repl'.
* gnu/services.scm (activation-script): Add (guix build bournish).
* gnu/services/base.scm (file-system-shepherd-service)[imported-modules]:
Likewise.
* gnu/system/linux-container.scm (container-script): Likewise.
* gnu/system/vm.scm (expression->derivation-in-linux-vm): Likewise.
2016-02-08 23:46:46 +01:00
Ludovic Courtès
d62e201cfd services: Add 'system-service-type'.
* gnu/services.scm (system-derivation): New procedure.
  (system-service-type): New variable.
  (boot-script-entry): New procedure.
  (boot-service-type): Extend SYSTEM-SERVICE-TYPE.
  (etc-entry): New procedure.
  (etc-service-type): Extend SYSTEM-SERVICE-TYPE.
  (fold-services): Change default #:target-type to SYSTEM-SERVICE-TYPE.
* gnu/system.scm (operating-system-directory-base-entries): New procedure.
  (essential-services): Use it.  Add an instance of
  SYSTEM-SERVICE-TYPE.
  (operating-system-boot-script): Pass #:target-type to 'fold-services'.
  (operating-system-derivation): Rewrite in terms of 'fold-services'.
* gnu/system/linux-container.scm (system-container): Remove.
  (container-script): Use 'operating-system-derivation'.
* guix/scripts/system.scm (export-extension-graph): Replace
  BOOT-SERVICE-TYPE by SYSTEM-SERVICE-TYPE.
* doc/images/service-graph.dot: Add 'system' node and edges.
* doc/guix.texi (Service Composition): Mention SYSTEM-SERVICE-TYPE.
  (Service Reference): Document it.  Update 'fold-services'
  documentation.
2015-11-02 22:25:11 +01:00
David Thompson
1c8a81b1af scripts: system: Add 'container' action.
* guix/scripts/system.scm (show-help): Display 'container' action.
  (system-derivation-for-action, guix-system): Add 'container' case.
  (perform-action): Skip GRUB config generation when building a container.
* doc/guix.texi (Invoking guix system): Document it.
2015-10-30 13:22:59 -04:00
David Thompson
8e5999e0b0 system: container: Adjust to changes in gexps.
* gnu/system/linux-container.scm (system-container): 'etc' is no longer
  a monadic value, and the result of 'file-union' must be lowered.
2015-10-30 12:51:49 -04:00
David Thompson
239db054a7 gnu: system: Add Linux container module.
* gnu/system/linux-container.scm: New file.
* gnu-system.am (GNU_SYSTEM_MODULES): Add it.
* gnu/system.scm: Export 'operating-system-etc-directory',
  'operating-system-boot-script', 'operating-system-locale-directory', and
  'file-union'.
  (operating-system-boot-script): Add #:container? keyword argument.
  (operating-system-activation-script): Add #:container?  keyword argument.
  Don't call 'activate-firmware' or 'activate-ptrace-attach' when activating a
  container.
2015-09-14 08:30:46 -04:00