summaryrefslogtreecommitdiff
path: root/gnu/system/linux-container.scm
Commit message (Expand)AuthorAgeFilesLines
* linux-container: Inherit essential services.•••Currently it's not possible to set `essential-services' when building operating systems for containers, since `container-essential-services' always uses the defaults. It's possible to reference `essential-services' from the operating system that's passed in, but since it's thunked, the operating system needs to be defined in two passes to avoid an infinite loop. * gnu/system/linux-container.scm (container-essential-services): Use operating-system-essential-services instead of the defaults to allow overriding the base services. (containerized-operating-system): Update accordingly. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Change-Id: I81452487ef1ad01d3fa874c26d93a67d58ce6062 Leo Nikkilä2024-02-051-41/+47
* linux-container: Pass '--disable-chroot' to 'guix-daemon'.•••This allows for the use of Guix within a non-privileged Docker container produced by 'guix system image -t docker'. * gnu/system/linux-container.scm (containerized-operating-system): Change 'guix-configuration' to add "--disable-chroot". Ludovic Courtès2023-06-241-1/+12
* linux-container: Adjust to 'modify-services' semantic change.•••This is a followup to dbbc7e946131ba257728f1d05b96c4339b7ee88b: 'nscd-service-type' isn't necessarily present in OS, so we cannot use the 'modify-services' as it would now error out. This was happening with the "guix system docker-image" test in 'tests/guix-system.sh'. * gnu/system/linux-container.scm (containerized-operating-system): Use 'filter-map' instead of 'remove' + 'modify-services'. Ludovic Courtès2023-06-091-9/+12
* linux-container: Remove hosts-service-type when network is shared.•••Fixes <https://issues.guix.gnu.org/61627>. * gnu/system/linux-container.scm (container-essential-services): When shared-network? is true, remove the hosts-service-type service kind. Pierre Langlois2023-03-261-3/+7
* linux-container: Do not replace nscd-service-type.•••* gnu/system/linux-container.scm (containerized-operating-system): Respect customizations to the nscd-service-type and only modify the caches field. Ricardo Wurmus2022-12-011-15/+13
* linux-container: container-script: Parse command line options.•••* gnu/system/linux-container.scm (container-script): Accept command line options to bind mount host directories into the container. * doc/guix.texi (Invoking guix system): Document options. Ricardo Wurmus2022-08-091-25/+72
* gnu: Remove wicd.•••The last release is from 2017, stuck on Python 2. * gnu/packages/wicd.scm: Delete file. * gnu/packages/patches/wicd-bitrate-none-fix.patch: Delete file. * gnu/packages/patches/wicd-get-selected-profile-fix.patch: Likewise. * gnu/packages/patches/wicd-urwid-1.3.patch: Likewise. * gnu/packages/patches/wicd-wpa2-ttls.patch: Likewise. * gnu/local.mk: De-register them. * gnu/services/networking.scm: Remove wicd service... * doc/guix.texi: ... and its documentation. * gnu/system/linux-container.scm (containerized-operating-system) <services-to-drop>: Remove wicd-service-type. Maxim Cournoyer2022-05-311-2/+1
* linux-container: Add #:guest-uid and #:guest-gid to 'eval/container'.•••* gnu/system/linux-container.scm (eval/container): Add #:guest-uid and #:guest-gid and honor them. Ludovic Courtès2022-03-191-5/+9
* linux-container: 'eval/container' honors #:namespaces.•••* gnu/system/linux-container.scm (eval/container): Pass #:namespaces to 'call-with-container'. Ludovic Courtès2022-03-191-1/+2
* services: shepherd: 'shepherd-service-type' requires documentation.•••* gnu/services/shepherd.scm (shepherd-service-type): Require a 'description' form. * gnu/services/base.scm (root-file-system-service-type) (rngd-service-type, host-name-service-type): (virtual-terminal-service-type, console-keymap-service-type) (syslog-service-type, swap-service-type) (kmscon-service-type): Add description. * gnu/services/networking.scm (dhcp-client-service-type): Likewise. * gnu/system/install.scm (cow-store-service-type): Likewise. * gnu/system/linux-container.scm (dummy-networking-service-type): Likewise. * gnu/system/mapped-devices.scm (device-mapping-service-type): Likewise. * tests/guix-system.sh: Likewise. Ludovic Courtès2021-01-131-2/+5
* Instantiate nscd in each system container.•••* gnu/system/linux-container.scm (%nscd-container-caches): New variable. (containerized-operating-system): Instantiate nscd-service with smaller caches and add it to the generated operating-system, replacing any nscd-service specified by the caller. * gnu/system/file-systems.scm: (%network-file-mappings): Remove "/var/run/nscd". Signed-off-by: Mathieu Othacehe <othacehe@gnu.org> Jason Conroy2020-10-011-19/+40
* services: system: Initial entries are non-monadic.•••* gnu/system.scm (operating-system-directory-base-entries): Return a regular, non-monadic value. * gnu/services.scm (system-derivation): Adjust accordingly. * gnu/system/linux-container.scm (container-essential-services): Likewise. Ludovic Courtès2020-04-261-4/+2
* system: linux-container: Recommend guix container.•••* gnu/system/linux-container.scm (container-script)[script]: Recommend using 'guix container' to get a shell inside the running container. Efraim Flashner2020-01-061-3/+6
* linux-container: 'eval/container' correctly passes -L and -C flags.•••This fixes a type error. * gnu/system/linux-container.scm (eval/container): Use 'append-map', not 'map'. * tests/containers.scm ("eval/container, non-empty load path"): New test. Ludovic Courtès2019-09-181-5/+7
* linux-container: "run-container" scripts shows the container's PID.•••* gnu/build/linux-container.scm (call-with-container): Add #:process-spawned-hook and honor it. * gnu/system/linux-container.scm (container-script)[script]: Define 'explain' and pass it as #:process-spawned-hook'. Ludovic Courtès2019-09-121-2/+17
* linux-container: Exclude more services when sharing networking with the host.•••* gnu/system/linux-container.scm (containerized-operating-system)[useless-services]: Add more services to the list when SHARED-NETWORK? is true. Ludovic Courtès2019-09-121-1/+6
* file-systems: Add /var/run/nscd to '%network-file-mappings'.•••This allows containers created by "guix environment -CN" or by "guix system container -N" to talk to the host nscd. * gnu/system/file-systems.scm (%network-file-mappings): Add "/var/run/nscd". * gnu/build/shepherd.scm (default-mounts)[nscd-socket]: Remove. * gnu/system/linux-container.scm (container-script)[nscd-run-directory] [nscd-mapping, nscd-os, nscd-specs]: Remove. [script]: Filter out from SPECS bind-mounts where the device does not exist. * guix/scripts/environment.scm (launch-environment/container) [optional-mapping->fs]: New procedure. [mappings]: Remove %NETWORK-FILE-MAPPINGS. [file-systems]: Add %NETWORK-FILE-MAPPINGS here, filtered through 'optional-mapping->fs'. Ludovic Courtès2019-09-121-21/+14
* linux-container: Add 'eval/container'.•••* gnu/system/linux-container.scm (eval/container): New procedure. * tests/containers.scm ("eval/container, exit status") ("eval/container, writable user mapping"): New tests. Ludovic Courtès2019-07-191-1/+48
* linux-container: Remove networking service when network is shared with host.•••* gnu/system/linux-container.scm (dummy-networking-service-type): New variable. (containerized-operating-system): If network is shared with host, replace static-networking-service-type with dummy-networking-service-type. Arun Isaac2019-06-191-5/+24
* linux-container: Check if nscd run directory exists when container is run.•••* gnu/system/linux-container.scm (containerized-operating-system): (container-script): Check for existence of the host nscd run directory in the container script. This check should be run when the container is started, not when the container script is created. [network-mappings]: Delete variable. [nscd-run-directory, nscd-mapping]: New variables. Arun Isaac2019-05-251-22/+31
* linux-container: Compute essential services for THIS-OPERATING-SYSTEM.•••Previously, the 'essential-services' would correspond to the initial, non-containerized OS. Thus, all the file systems removed in 'container-essential-services' would actually still be there because the essential services would be computed on the non-containerized OS. This is a followup to 69cae3d3356a69b7fe69481338f760545995485e. * gnu/system/linux-container.scm (container-essential-services): Call 'operating-system-default-essential-services' to get the baseline services. (containerized-operating-system): Pass THIS-OPERATING-SYSTEM, not OS, to 'container-essential-services'. Add a dummy root file system to 'file-systems'. (container-script)[mountable-file-system?]: New procedure. Use it. Ludovic Courtès2019-05-151-4/+17
* linux-container: Do not add %CONTAINER-FILE-SYSTEMS to Docker image OSes.•••Previously, 'guix system docker-image' would end up providing an OS that would try to mount all of %CONTAINER-FILE-SYSTEMS as well as /gnu/store, which is bound to fail in unprivileged Docker. This patch makes it so that 'guix system container' still gets those file systems, but 'guix system docker-image' doesn't. * gnu/system/linux-container.scm (containerized-operating-system): Add #:extra-file-systems parameter and honor it. Do not include %STORE-MAPPING and SHARED-NETWORK-FILE-MAPPINGS. (container-script): Add %STORE-MAPPING and optionally NETWORK-MAPPINGS to MAPPINGS and pass #:extra-file-systems. Ludovic Courtès2019-05-151-24/+23
* linux-container: Support container network sharing.•••* gnu/system/linux-container.scm (container-essential-services): If network is to be shared with the host, remove network configuration files from etc service. (containerized-operating-system): If network is to be shared with the host, remove nscd service and map host's /var/run/nscd if it exists. (container-script): If network is to be shared with the host, do not create network namespace. * guix/scripts/system.scm (system-derivation-for-action): Add #:container-shared-network? argument. (perform-action): Add #:container-shared-network? argument. (show-help): Add "-N, --network" help information. (%options): Add network option. (process-action): Call perform-action with #container-shared-network? argument. * doc/guix.texi (Invoking guix system): Document the "-N, --network" option. Co-authored-by: Christopher Baines <mail@cbaines.net> Arun Isaac2019-05-141-11/+52
* linux-container: Improve filtering of unnecessary file systems.•••* gnu/system/linux-container.scm (containerized-operating-system)[user-file-systems]: Add trailing slash for the "/dev/" and "/sys/" prefixes. Ludovic Courtès2019-05-101-2/+2
* linux-container: Remove '%containerized-shepherd-service' hack.•••This hack worked around a defect in the Shepherd 0.5.0 and is no longer needed. * gnu/services/shepherd.scm (%containerized-shepherd-service): Remove. * gnu/system/linux-container.scm (container-essential-services): Don't use it. Ludovic Courtès2019-04-231-2/+1
* system: Add 'essential-services' field to <operating-system>.•••* gnu/system.scm (<operating-system>)[essential-services]: New field. (operating-system-directory-base-entries): Remove #:container? keyword and keep only the not-container branch. (essential-services): Likewise. (operating-system-services): Likewise, and call 'operating-system-essential-services' instead of 'essential-services'. (operating-system-activation-script): Remove #:container?. (operating-system-boot-script): Likewise. (operating-system-derivation): Likewise. * gnu/system/linux-container.scm (container-essential-services): New procedure. (containerized-operating-system): Use it and set the 'essential-services' field. (container-script): Remove call to 'operating-system-derivation'. * gnu/system/vm.scm (system-docker-image): Likewise. * doc/guix.texi (operating-system Reference): Document 'essential-services'. Ludovic Courtès2019-03-251-26/+43
* linux-container: 'containerized-operating-system' removes "useless" services.•••Fixes <https://bugs.gnu.org/34211>. Reported by Efraim Flashner <efraim@flashner.co.il>. * gnu/system/linux-container.scm (containerized-operating-system) [useless-services]: New variable. Add 'services' field. Ludovic Courtès2019-03-131-1/+13
* file-systems: Add 'file-system-mapping->bind-mount'.•••* gnu/system/file-systems.scm (file-system-mapping->bind-mount): New procedure. * gnu/system/linux-container.scm (mapping->file-system): Remove. (containerized-operating-system)[mapping->fs]: Use 'file-system-mapping->bind-mount' instead of 'mapping->file-system'. * guix/scripts/environment.scm (launch-environment/container): Likewise. Ludovic Courtès2017-02-031-18/+3
* container: Pass a list of <file-system> objects as things to mount.•••* gnu/build/linux-container.scm (mount-file-systems): 'mounts' is now a list of <file-system> objects instead of a list of lists ("specs"). Add call to 'file-system->spec' as the argument to 'mount-file-system'. (run-container, call-with-container): Adjust docstring accordingly. * gnu/system/file-systems.scm (spec->file-system): New procedure. * gnu/system/linux-container.scm (container-script)[script]: Call 'spec->file-system' inside gexp. * guix/scripts/environment.scm (launch-environment/container): Remove call to 'file-system->spec'. * tests/containers.scm ("call-with-container, mnt namespace") ("call-with-container, mnt namespace, wrong bind mount"): Pass a list of <file-system> objects. Ludovic Courtès2016-11-101-1/+2
* linux-container: Use 'source-module-closure' when generating the script.•••* gnu/system/linux-container.scm (container-script)[script]: Use 'source-module-closure' in 'with-imported-modules' form. Ludovic Courtès2016-11-101-8/+5
* linux-container: Fix list of imported modules.•••This fixes a regression introduced in 958dd3ce68733bcd5c1231424c7e4ad39e67594a. * gnu/system/linux-container.scm (container-script)[script]: Add (guix combinators) to the list of imported modules. Ludovic Courtès2016-07-121-0/+1
* gnu: Switch to 'with-imported-modules'.•••* gnu/services.scm (directory-union): Use 'with-imported-modules' instead of the '#:modules' argument of 'computed-file'. * gnu/services/base.scm (udev-rules-union): Likewise. * gnu/services/dbus.scm (system-service-directory): Likewise. * gnu/services/desktop.scm (wrapped-dbus-service): (polkit-directory): Likewise. * gnu/services/networking.scm (tor-configuration->torrc): Likewise. * gnu/services/xorg.scm (xorg-configuration-directory): Likewise. * gnu/system/install.scm (self-contained-tarball): Likewise. * gnu/system/linux-container.scm (container-script): Likewise. * gnu/system/linux-initrd.scm (expression->initrd): Likewise, and remove #:modules parameter. (flat-linux-module-directory): Use 'with-imported-modules'. (base-initrd): Likewise. * gnu/system/locale.scm (locale-directory): Likewise. * gnu/system/shadow.scm (default-skeletons): Likewise. * gnu/system/vm.scm (expression->derivation-in-linux-vm): Likewise. * gnu/tests/base.scm (run-basic-test): Likewise. * gnu/tests/install.scm (run-install): Likewise. * doc/guix.texi (Initial RAM Disk): Update 'expression->initrd' documentation. Ludovic Courtès2016-07-121-25/+23
* linux-container: Accept file systems with a UUID 'source'.•••* gnu/system/linux-container.scm (containerized-operating-system)[user-file-systems]: Check whether SOURCE is a string before calling 'string-prefix?'. Ludovic Courtès2016-02-081-1/+2
* file-systems: Spawn a Bournish REPL upon fsck failure.•••Fixes <http://bugs.gnu.org/22588>. Reported by Mark H Weaver <mhw@netris.org>. * gnu/build/file-systems.scm (check-file-system): Pass %BOURNISH-LANGUAGE as the argument to 'start-repl'. * gnu/services.scm (activation-script): Add (guix build bournish). * gnu/services/base.scm (file-system-shepherd-service)[imported-modules]: Likewise. * gnu/system/linux-container.scm (container-script): Likewise. * gnu/system/vm.scm (expression->derivation-in-linux-vm): Likewise. Ludovic Courtès2016-02-081-0/+1
* services: Add 'system-service-type'.•••* gnu/services.scm (system-derivation): New procedure. (system-service-type): New variable. (boot-script-entry): New procedure. (boot-service-type): Extend SYSTEM-SERVICE-TYPE. (etc-entry): New procedure. (etc-service-type): Extend SYSTEM-SERVICE-TYPE. (fold-services): Change default #:target-type to SYSTEM-SERVICE-TYPE. * gnu/system.scm (operating-system-directory-base-entries): New procedure. (essential-services): Use it. Add an instance of SYSTEM-SERVICE-TYPE. (operating-system-boot-script): Pass #:target-type to 'fold-services'. (operating-system-derivation): Rewrite in terms of 'fold-services'. * gnu/system/linux-container.scm (system-container): Remove. (container-script): Use 'operating-system-derivation'. * guix/scripts/system.scm (export-extension-graph): Replace BOOT-SERVICE-TYPE by SYSTEM-SERVICE-TYPE. * doc/images/service-graph.dot: Add 'system' node and edges. * doc/guix.texi (Service Composition): Mention SYSTEM-SERVICE-TYPE. (Service Reference): Document it. Update 'fold-services' documentation. Ludovic Courtès2015-11-021-15/+3
* scripts: system: Add 'container' action.•••* guix/scripts/system.scm (show-help): Display 'container' action. (system-derivation-for-action, guix-system): Add 'container' case. (perform-action): Skip GRUB config generation when building a container. * doc/guix.texi (Invoking guix system): Document it. David Thompson2015-10-301-1/+6
* system: container: Adjust to changes in gexps.•••* gnu/system/linux-container.scm (system-container): 'etc' is no longer a monadic value, and the result of 'file-union' must be lowered. David Thompson2015-10-301-6/+8
* gnu: system: Add Linux container module.•••* gnu/system/linux-container.scm: New file. * gnu-system.am (GNU_SYSTEM_MODULES): Add it. * gnu/system.scm: Export 'operating-system-etc-directory', 'operating-system-boot-script', 'operating-system-locale-directory', and 'file-union'. (operating-system-boot-script): Add #:container? keyword argument. (operating-system-activation-script): Add #:container? keyword argument. Don't call 'activate-firmware' or 'activate-ptrace-attach' when activating a container. David Thompson2015-09-141-0/+119