scripts: system: Add support for container network sharing.release_20

This is a port of the functionality in the Guix environment command to the guix system container command. This requires additional changes to the operating-system definitions used, in particular, networking related services may need removing if the host network is shared. * guix/scripts/system.scm (system-derivation-for-action): Add #:container-shared-network? argument. (perform-action): Add #:container-shared-network? argument. (show-help): Add "-N, --network" help information. (%options): Add network option. (process-action): Call perform-action with #:container-shared-network?. * gnu/system/linux-container.scm (%network-configuration-files): New variable. (container-script): Add support for returning a container script that shares the host network. * gnu/system.scm (essential-services): Add #:container-shared-network? argument. (operating-system-services): Add #:container-shared-network? argument. (operating-system-etc-service): Add #:container-shared-network? argument, and support for ommiting some configuration if the network is shared. (operating-system-activation-script): Add #:container-shared-network? argument, and pass this through to the operating-system-services procedure. (operating-system-boot-script): Add #:container-shared-network? argument, and pass this through to the operating-system-services procedure. (operating-system-derivation): Add the #:container-shared-network? argument, and pass this through to the operating-system-services procedure. (operating-system-profile): Add the #:container-shared-network? argument, and pass this through to the operating-system-services procedure.
author: Christopher Baines <mail@cbaines.net> 2017-01-27 06:15:09 +0000
committer: Christopher Baines <christopher.baines@digital.cabinet-office.gov.uk> 2018-04-22 14:16:22 +0100
commit: 351e483c610ccded85f74e575f37bf943dea0414 (patch)
tree: d7646d6acbfe205f6a640d253e2196ef33c5369a /gnu/system/linux-container.scm
parent: 1f9a98eb6b9f846562092d45011e358b80bc8b9c (diff)
download: gnu-guix-release_20.tar
gnu-guix-release_20.tar.gz
1 files changed, 41 insertions, 6 deletions
diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm
index bceea41332..538b1f19cb 100644
--- a/gnu/system/linux-container.scm
+++ b/gnu/system/linux-container.scm
@@ -60,18 +60,50 @@ containerized OS."
                           %container-file-systems
                           user-file-systems))))
 
-(define* (container-script os #:key (mappings '()))
+
+(define %network-configuration-files
+  '("/etc/resolv.conf"
+    "/etc/nsswitch.conf"
+    "/etc/services"
+    "/etc/hosts"))
+
+(define* (container-script os #:key (mappings '())
+                           container-shared-network?)
   "Return a derivation of a script that runs OS as a Linux container.
 MAPPINGS is a list of <file-system> objects that specify the files/directories
 that will be shared with the host system."
-  (let* ((os           (containerized-operating-system os mappings))
+  (let* ((os           (containerized-operating-system
+                        os
+                        (append
+                         mappings
+                         (if
+                          container-shared-network?
+                          (filter-map (lambda (file)
+                                        (and (file-exists? file)
+                                             (file-system-mapping
+                                              (source file)
+                                              (target file)
+                                              ;; XXX: On some GNU/Linux
+                                              ;; systems, /etc/resolv.conf is a
+                                              ;; symlink to a file in a tmpfs
+                                              ;; which, for an unknown reason,
+                                              ;; cannot be bind mounted
+                                              ;; read-only within the
+                                              ;; container.
+                                              (writable?
+                                               (string=?
+                                                file "/etc/resolv.conf")))))
+                                      %network-configuration-files)
+                          '()))))
          (file-systems (filter file-system-needed-for-boot?
                                (operating-system-file-systems os)))
          (specs        (map file-system->spec file-systems)))
 
-    (mlet* %store-monad ((os-drv (operating-system-derivation
-                                  os
-                                  #:container? #t)))
+    (mlet* %store-monad ((os-drv
+                          (operating-system-derivation
+                           os
+                           #:container? #t
+                           #:container-shared-network? container-shared-network?)))
 
       (define script
         (with-imported-modules (source-module-closure
@@ -93,6 +125,9 @@ that will be shared with the host system."
                 ;; users and groups, which is sufficient for most cases.
                 ;;
                 ;; See: http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--private-users=
-                #:host-uids 65536))))
+                #:host-uids 65536
+                #:namespaces (if #$container-shared-network?
+                                 (delq 'net %namespaces)
+                                 %namespaces)))))
 
       (gexp->script "run-container" script))))
author	Christopher Baines <mail@cbaines.net>	2017-01-27 06:15:09 +0000
committer	Christopher Baines <christopher.baines@digital.cabinet-office.gov.uk>	2018-04-22 14:16:22 +0100
commit	351e483c610ccded85f74e575f37bf943dea0414 (patch)
tree	d7646d6acbfe205f6a640d253e2196ef33c5369a /gnu/system/linux-container.scm
parent	1f9a98eb6b9f846562092d45011e358b80bc8b9c (diff)
download	gnu-guix-release_20.tar gnu-guix-release_20.tar.gz