diff options
author | Ludovic Courtès <ludovic.courtes@inria.fr> | 2020-05-07 22:49:20 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2020-05-14 17:21:27 +0200 |
commit | 6456232164890dbf5aa20394ee24637feb4b7b9e (patch) | |
tree | 8fbdad7a851dd1762756c7178864d6919a62c00f /doc | |
parent | 4449e7c5e4c8b746c786fc9a5ea82eab60f6c846 (diff) | |
download | guix-6456232164890dbf5aa20394ee24637feb4b7b9e.tar guix-6456232164890dbf5aa20394ee24637feb4b7b9e.tar.gz |
pack: Add relocation via ld.so and fakechroot.
* gnu/packages/aux-files/run-in-namespace.c (HAVE_EXEC_WITH_LOADER): New
macro.
(bind_mount): Rename to...
(mirror_directory): ... this. Add 'firmlink' argument and use it
instead of calling mkdir/open/close/mount directly.
(bind_mount, make_symlink): New functions.
(exec_in_user_namespace): Adjust accordingly.
(exec_with_loader) [HAVE_EXEC_WITH_LOADER]: New function.
(exec_performance): New function.
(engines): Add them.
* guix/scripts/pack.scm (wrapped-package)[fakechroot-library]
[audit-module]: New procedures.
[audit-source]: New variable.
[build](elf-interpreter, elf-loader-compile-flags): New procedures.
(build-wrapper): Use them.
* tests/guix-pack-relocatable.sh: Test with
'GUIX_EXECUTION_ENGINE=fakechroot'.
* doc/guix.texi (Invoking guix pack): Document the 'performance' and
'fakechroot' engines.
* gnu/packages/aux-files/pack-audit.c: New file.
* Makefile.am (AUX_FILES): Add it.
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guix.texi | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 906ebff555..a36b9691fb 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -5230,6 +5230,10 @@ following execution engines are supported: Try user namespaces and fall back to PRoot if user namespaces are not supported (see below). +@item performance +Try user namespaces and fall back to Fakechroot if user namespaces are +not supported (see below). + @item userns Run the program through user namespaces and abort if they are not supported. @@ -5241,6 +5245,15 @@ support for file system virtualization. It achieves that by using the @code{ptrace} system call on the running program. This approach has the advantage to work without requiring special kernel support, but it incurs run-time overhead every time a system call is made. + +@item fakechroot +Run through Fakechroot. @uref{https://github.com/dex4er/fakechroot/, +Fakechroot} virtualizes file system accesses by intercepting calls to C +library functions such as @code{open}, @code{stat}, @code{exec}, and so +on. Unlike PRoot, it incurs very little overhead. However, it does not +always work: for example, some file system accesses made from within the +C library are not intercepted, and file system accesses made @i{via} +direct syscalls are not intercepted either, leading to erratic behavior. @end table @vindex GUIX_EXECUTION_ENGINE |