From 986e734298113f9782f4ef7a238b12274bacde1e Mon Sep 17 00:00:00 2001 From: David Arroyo Date: Sun, 8 May 2022 13:16:13 -0400 Subject: [PATCH] Add generic support for lower-able objects, with example. --- aqwari/namespace.scm | 7 +++++-- example/my-ns.scm | 48 ++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+), 2 deletions(-) create mode 100644 example/my-ns.scm diff --git a/aqwari/namespace.scm b/aqwari/namespace.scm index 3e47d29..ea43c5f 100644 --- a/aqwari/namespace.scm +++ b/aqwari/namespace.scm @@ -93,8 +93,7 @@ string of key=value parameters for tmpfs(5)" (((? string? target) (? gexp? source)) (make-bind-mount target source)) - ;; This is for convenience, so users don't have to wrap each package - ;; in a gexp. We also mount any propagated inputs, so they are present + ;; For packages, mount any propagated inputs, so they are present ;; in the resulting namespace. (((? string? target) (? package? pkg)) (apply values @@ -111,6 +110,10 @@ string of key=value parameters for tmpfs(5)" (((? string? target) ((? string? pkgname) (? package? pkg) (? string? output))) (make-bind-mount target (gexp (ungexp pkg output)))) + ;; handles local-file, computed-file, plain-file and friends + (((? string? target) (? file-like? obj)) + (bind->mount target (gexp (ungexp obj)))) + (((? string? target) ($ _ options)) (make-tmpfs-mount target options)) diff --git a/example/my-ns.scm b/example/my-ns.scm new file mode 100644 index 0000000..d4af0cf --- /dev/null +++ b/example/my-ns.scm @@ -0,0 +1,48 @@ +;; To use: +;; +;; guix build -f my-ns.scm +;; +;; will produce the binary /gnu/store/xxx-namespace/exec +;; you can then run +;; +;; $(guix build -f my-ns.scm)/exec /bin/sh +;; +;; which will construct a mount namespace based on the +;; body of the (namespace ...) macro below, make it the +;; new root directory, and execv(2) into /bin/sh. +(use-modules + (aqwari namespace) + (guix gexp) + + (gnu packages base) + (gnu packages busybox) + (gnu packages certs) + (gnu packages linux)) + +(namespace + ;; You can include any number of other namespaces. + (include %namespace-minimal) + + ;; Binding a path with no arguments binds that path in + ;; the parent namespace to the same path in the new + ;; namespace + (bind "/etc/resolv.conf") + + ;; (bind (p1 ... pN)) is equivalent to (bind p1) ... (bind pN) + (bind '("/etc/gai.conf" "/etc/services")) + (bind '("/etc/passwd" "/etc/group" "/etc/nsswitch.conf")) + + (bind "/tmp/" (tmpfs "size=100M")) + + ;; You can bind a file or directory to anything with a gexp compiler. + (bind "/etc/hosts" (plain-file "hosts" "127.0.0.1 localhost\n")) + + ;; You can bind multiple G-expressions or packages to the + ;; same directory. An overlay mount will be created with + ;; multiple lowerdir paths. This can be done with multiple + ;; (bind) expressions or a single (bind) expression with a + ;; list of sources. + (bind "/" (list busybox util-linux iproute)) + + ;; Including a tmpfs mount makes the overlay writable. + (bind "/" (tmpfs "nr_blocks=100k"))) -- 2.45.2