diff options
| author | Christopher Baines <mail@cbaines.net> | 2017-01-27 06:15:09 +0000 |
|---|---|---|
| committer | Christopher Baines <mail@cbaines.net> | 2017-08-15 21:01:04 +0100 |
| commit | 52435fe90090db459d8946ecc993d47015f68c6d (patch) | |
| tree | 2e26925e284487bb1f6929276942c85a2a7b094f /gnu/system | |
| parent | 3f09b46d93388eb8193e89bdd8d8ba36ed7906b5 (diff) | |
| download | guix-52435fe90090db459d8946ecc993d47015f68c6d.tar guix-52435fe90090db459d8946ecc993d47015f68c6d.tar.gz | |
Add support for sharing the host network to guix system container
This is a port of the functionality in the Guix environment command to the
guix system container command.
This requires additional changes to the operating-system definitions used, in
particular, networking related services may need removing if the host network
is shared.
Diffstat (limited to 'gnu/system')
| -rw-r--r-- | gnu/system/linux-container.scm | 47 |
1 files changed, 41 insertions, 6 deletions
diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm index bceea41332..538b1f19cb 100644 --- a/gnu/system/linux-container.scm +++ b/gnu/system/linux-container.scm @@ -60,18 +60,50 @@ containerized OS." %container-file-systems user-file-systems)))) -(define* (container-script os #:key (mappings '())) + +(define %network-configuration-files + '("/etc/resolv.conf" + "/etc/nsswitch.conf" + "/etc/services" + "/etc/hosts")) + +(define* (container-script os #:key (mappings '()) + container-shared-network?) "Return a derivation of a script that runs OS as a Linux container. MAPPINGS is a list of <file-system> objects that specify the files/directories that will be shared with the host system." - (let* ((os (containerized-operating-system os mappings)) + (let* ((os (containerized-operating-system + os + (append + mappings + (if + container-shared-network? + (filter-map (lambda (file) + (and (file-exists? file) + (file-system-mapping + (source file) + (target file) + ;; XXX: On some GNU/Linux + ;; systems, /etc/resolv.conf is a + ;; symlink to a file in a tmpfs + ;; which, for an unknown reason, + ;; cannot be bind mounted + ;; read-only within the + ;; container. + (writable? + (string=? + file "/etc/resolv.conf"))))) + %network-configuration-files) + '())))) (file-systems (filter file-system-needed-for-boot? (operating-system-file-systems os))) (specs (map file-system->spec file-systems))) - (mlet* %store-monad ((os-drv (operating-system-derivation - os - #:container? #t))) + (mlet* %store-monad ((os-drv + (operating-system-derivation + os + #:container? #t + #:container-shared-network? container-shared-network?))) (define script (with-imported-modules (source-module-closure @@ -93,6 +125,9 @@ that will be shared with the host system." ;; users and groups, which is sufficient for most cases. ;; ;; See: http://www.freedesktop.org/software/systemd/man/systemd-nspawn.html#--private-users= - #:host-uids 65536)))) + #:host-uids 65536 + #:namespaces (if #$container-shared-network? + (delq 'net %namespaces) + %namespaces))))) (gexp->script "run-container" script)))) |