aboutsummaryrefslogtreecommitdiff
path: root/doc
diff options
context:
space:
mode:
authorLudovic Courtès <ludovic.courtes@inria.fr>2020-05-07 22:49:20 +0200
committerLudovic Courtès <ludo@gnu.org>2020-05-14 17:21:27 +0200
commit6456232164890dbf5aa20394ee24637feb4b7b9e (patch)
tree8fbdad7a851dd1762756c7178864d6919a62c00f /doc
parent4449e7c5e4c8b746c786fc9a5ea82eab60f6c846 (diff)
downloadguix-6456232164890dbf5aa20394ee24637feb4b7b9e.tar
guix-6456232164890dbf5aa20394ee24637feb4b7b9e.tar.gz
pack: Add relocation via ld.so and fakechroot.
* gnu/packages/aux-files/run-in-namespace.c (HAVE_EXEC_WITH_LOADER): New macro. (bind_mount): Rename to... (mirror_directory): ... this. Add 'firmlink' argument and use it instead of calling mkdir/open/close/mount directly. (bind_mount, make_symlink): New functions. (exec_in_user_namespace): Adjust accordingly. (exec_with_loader) [HAVE_EXEC_WITH_LOADER]: New function. (exec_performance): New function. (engines): Add them. * guix/scripts/pack.scm (wrapped-package)[fakechroot-library] [audit-module]: New procedures. [audit-source]: New variable. [build](elf-interpreter, elf-loader-compile-flags): New procedures. (build-wrapper): Use them. * tests/guix-pack-relocatable.sh: Test with 'GUIX_EXECUTION_ENGINE=fakechroot'. * doc/guix.texi (Invoking guix pack): Document the 'performance' and 'fakechroot' engines. * gnu/packages/aux-files/pack-audit.c: New file. * Makefile.am (AUX_FILES): Add it.
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi13
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 906ebff555..a36b9691fb 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -5230,6 +5230,10 @@ following execution engines are supported:
Try user namespaces and fall back to PRoot if user namespaces are not
supported (see below).
+@item performance
+Try user namespaces and fall back to Fakechroot if user namespaces are
+not supported (see below).
+
@item userns
Run the program through user namespaces and abort if they are not
supported.
@@ -5241,6 +5245,15 @@ support for file system virtualization. It achieves that by using the
@code{ptrace} system call on the running program. This approach has the
advantage to work without requiring special kernel support, but it incurs
run-time overhead every time a system call is made.
+
+@item fakechroot
+Run through Fakechroot. @uref{https://github.com/dex4er/fakechroot/,
+Fakechroot} virtualizes file system accesses by intercepting calls to C
+library functions such as @code{open}, @code{stat}, @code{exec}, and so
+on. Unlike PRoot, it incurs very little overhead. However, it does not
+always work: for example, some file system accesses made from within the
+C library are not intercepted, and file system accesses made @i{via}
+direct syscalls are not intercepted either, leading to erratic behavior.
@end table
@vindex GUIX_EXECUTION_ENGINE