M aqwari/namespace.scm => aqwari/namespace.scm +5 -2
@@ 93,8 93,7 @@ string of key=value parameters for tmpfs(5)"
(((? string? target) (? gexp? source))
(make-bind-mount target source))
- ;; This is for convenience, so users don't have to wrap each package
- ;; in a gexp. We also mount any propagated inputs, so they are present
+ ;; For packages, mount any propagated inputs, so they are present
;; in the resulting namespace.
(((? string? target) (? package? pkg))
(apply values
@@ 111,6 110,10 @@ string of key=value parameters for tmpfs(5)"
(((? string? target) ((? string? pkgname) (? package? pkg) (? string? output)))
(make-bind-mount target (gexp (ungexp pkg output))))
+ ;; handles local-file, computed-file, plain-file and friends
+ (((? string? target) (? file-like? obj))
+ (bind->mount target (gexp (ungexp obj))))
+
(((? string? target) ($ <tmpfs-mount> _ options))
(make-tmpfs-mount target options))
A example/my-ns.scm => example/my-ns.scm +48 -0
@@ 0,0 1,48 @@
+;; To use:
+;;
+;; guix build -f my-ns.scm
+;;
+;; will produce the binary /gnu/store/xxx-namespace/exec
+;; you can then run
+;;
+;; $(guix build -f my-ns.scm)/exec /bin/sh
+;;
+;; which will construct a mount namespace based on the
+;; body of the (namespace ...) macro below, make it the
+;; new root directory, and execv(2) into /bin/sh.
+(use-modules
+ (aqwari namespace)
+ (guix gexp)
+
+ (gnu packages base)
+ (gnu packages busybox)
+ (gnu packages certs)
+ (gnu packages linux))
+
+(namespace
+ ;; You can include any number of other namespaces.
+ (include %namespace-minimal)
+
+ ;; Binding a path with no arguments binds that path in
+ ;; the parent namespace to the same path in the new
+ ;; namespace
+ (bind "/etc/resolv.conf")
+
+ ;; (bind (p1 ... pN)) is equivalent to (bind p1) ... (bind pN)
+ (bind '("/etc/gai.conf" "/etc/services"))
+ (bind '("/etc/passwd" "/etc/group" "/etc/nsswitch.conf"))
+
+ (bind "/tmp/" (tmpfs "size=100M"))
+
+ ;; You can bind a file or directory to anything with a gexp compiler.
+ (bind "/etc/hosts" (plain-file "hosts" "127.0.0.1 localhost\n"))
+
+ ;; You can bind multiple G-expressions or packages to the
+ ;; same directory. An overlay mount will be created with
+ ;; multiple lowerdir paths. This can be done with multiple
+ ;; (bind) expressions or a single (bind) expression with a
+ ;; list of sources.
+ (bind "/" (list busybox util-linux iproute))
+
+ ;; Including a tmpfs mount makes the overlay writable.
+ (bind "/" (tmpfs "nr_blocks=100k")))