Change container-script to share the host network

author: Christopher Baines <christopher.baines@digital.cabinet-office.gov.uk> 2016-11-14 09:45:27 +0000
committer: Christopher Baines <christopher.baines@digital.cabinet-office.gov.uk> 2016-11-14 15:08:25 +0000
commit: 81d9ad0858ac4103591d25c1e23e3b78d3e19d60 (patch)
tree: ca8a2d6b85971c6553fcc9ef15d130fda7231c91
parent: 5c66314bd98e4eb27f88a750cdd2812c62671fc6 (diff)
download: gnu-guix-81d9ad0858ac4103591d25c1e23e3b78d3e19d60.tar
gnu-guix-81d9ad0858ac4103591d25c1e23e3b78d3e19d60.tar.gz
1 files changed, 29 insertions, 2 deletions
diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm
index 24e61c3ead..da225cb035 100644
--- a/gnu/system/linux-container.scm
+++ b/gnu/system/linux-container.scm
@@ -75,11 +75,37 @@ containerized OS."
                           %container-file-systems
                           user-file-systems))))
 
+
+(define %network-configuration-files
+  '("/etc/resolv.conf"
+    "/etc/nsswitch.conf"
+    "/etc/services"
+    "/etc/hosts"))
+
 (define* (container-script os #:key (mappings '()))
   "Return a derivation of a script that runs OS as a Linux container.
 MAPPINGS is a list of <file-system> objects that specify the files/directories
 that will be shared with the host system."
-  (let* ((os           (containerized-operating-system os mappings))
+  (let* ((os           (containerized-operating-system
+                        os
+                        (append
+                         mappings
+                         (filter-map (lambda (file)
+                                       (and (file-exists? file)
+                                            (file-system-mapping
+                                             (source file)
+                                             (target file)
+                                             ;; XXX: On some GNU/Linux
+                                             ;; systems, /etc/resolv.conf is a
+                                             ;; symlink to a file in a tmpfs
+                                             ;; which, for an unknown reason,
+                                             ;; cannot be bind mounted
+                                             ;; read-only within the
+                                             ;; container.
+                                             (writable?
+                                              (string=? "/etc/resolv.conf")))))
+                                     %network-configuration-files))
+                         ))
          (file-systems (filter file-system-needed-for-boot?
                                (operating-system-file-systems os)))
          (specs        (map file-system->spec file-systems)))
@@ -108,6 +134,7 @@ that will be shared with the host system."
                 ;; users and groups, which is sufficient for most cases.
                 ;;
                 ;; See: http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--private-users=
-                #:host-uids 65536))))
+                #:host-uids 65536
+                #:namespaces (delq 'net %namespaces)))))
 
       (gexp->script "run-container" script))))
author	Christopher Baines <christopher.baines@digital.cabinet-office.gov.uk>	2016-11-14 09:45:27 +0000
committer	Christopher Baines <christopher.baines@digital.cabinet-office.gov.uk>	2016-11-14 15:08:25 +0000
commit	81d9ad0858ac4103591d25c1e23e3b78d3e19d60 (patch)
tree	ca8a2d6b85971c6553fcc9ef15d130fda7231c91
parent	5c66314bd98e4eb27f88a750cdd2812c62671fc6 (diff)
download	gnu-guix-81d9ad0858ac4103591d25c1e23e3b78d3e19d60.tar gnu-guix-81d9ad0858ac4103591d25c1e23e3b78d3e19d60.tar.gz