services: singularity: Migrate to (gnu system privilege).

* gnu/services/docker.scm (singularity-setuid-programs): Rename from this… (singularity-privileged-programs): …to this. Use <privileged-program>. (singularity-service-type): Extend the PRIVILEGED-PROGRAM-SERVICE-TYPE. Change-Id: I4d90f9a6d4759a24a818baab49b61be67c419bad
author: Tobias Geerinckx-Rice <me@tobias.gr> 2024-09-01 02:00:00 +0200
committer: Tobias Geerinckx-Rice <me@tobias.gr> 2024-09-01 02:00:00 +0200
commit: 98bc13b9ea5f22a60de6c289d59072638001e08e (patch)
tree: 87cc9f8c71fbd0395a3d21a30ad32f21094ef9f3 /gnu/services
parent: 76cb23c117e25eaec8f177076bd4eaa10e800672 (diff)
download: guix-98bc13b9ea5f22a60de6c289d59072638001e08e.tar
guix-98bc13b9ea5f22a60de6c289d59072638001e08e.tar.gz
1 files changed, 8 insertions, 7 deletions
diff --git a/gnu/services/docker.scm b/gnu/services/docker.scm
index 1963f3c4bd..f0ac69a87e 100644
--- a/gnu/services/docker.scm
+++ b/gnu/services/docker.scm
@@ -31,7 +31,7 @@
   #:use-module (gnu services shepherd)
   #:use-module (gnu system)
   #:use-module (gnu system image)
-  #:use-module (gnu system setuid)
+  #:use-module (gnu system privilege)
   #:use-module (gnu system shadow)
   #:use-module (gnu packages admin)               ;shadow
   #:use-module (gnu packages docker)
@@ -268,11 +268,11 @@ bundles in Docker containers.")
                   '("container" "final" "overlay" "session"))
         (chmod %mount-directory #o755))))
 
-(define (singularity-setuid-programs singularity)
-  "Return the setuid-root programs that SINGULARITY needs."
+(define (singularity-privileged-programs singularity)
+  "Return the privileged programs that SINGULARITY needs."
   (define helpers
     ;; The helpers, under a meaningful name.
-    (computed-file "singularity-setuid-helpers"
+    (computed-file "singularity-privileged-helpers"
                    #~(begin
                        (mkdir #$output)
                        (for-each (lambda (program)
@@ -286,7 +286,8 @@ bundles in Docker containers.")
                                                            "-helper")))
                                  '("action" "mount" "start")))))
 
-  (map file-like->setuid-program
+  (map (lambda (program) (privileged-program (program program)
+                                        (setuid? #t)))
        (list (file-append helpers "/singularity-action-helper")
              (file-append helpers "/singularity-mount-helper")
              (file-append helpers "/singularity-start-helper"))))
@@ -296,8 +297,8 @@ bundles in Docker containers.")
                 (description
                  "Install the Singularity application bundle tool.")
                 (extensions
-                 (list (service-extension setuid-program-service-type
-                                          singularity-setuid-programs)
+                 (list (service-extension privileged-program-service-type
+                                          singularity-privileged-programs)
                        (service-extension activation-service-type
                                           (const %singularity-activation))))
                 (default-value singularity)))
author	Tobias Geerinckx-Rice <me@tobias.gr>	2024-09-01 02:00:00 +0200
committer	Tobias Geerinckx-Rice <me@tobias.gr>	2024-09-01 02:00:00 +0200
commit	98bc13b9ea5f22a60de6c289d59072638001e08e (patch)
tree	87cc9f8c71fbd0395a3d21a30ad32f21094ef9f3 /gnu/services
parent	76cb23c117e25eaec8f177076bd4eaa10e800672 (diff)
download	guix-98bc13b9ea5f22a60de6c289d59072638001e08e.tar guix-98bc13b9ea5f22a60de6c289d59072638001e08e.tar.gz