diff options
author | Ludovic Courtès <ludo@gnu.org> | 2017-04-12 16:44:18 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2017-04-13 00:12:42 +0200 |
commit | ee295346ce81c276ffb4ee34cc6f5b134b415097 (patch) | |
tree | b5ca1318d89f82e6d95724a847933f1a7a5fc23c /gnu | |
parent | bb5cad4eb2473889dd9938ab3d0453d30b0765e7 (diff) | |
download | patches-ee295346ce81c276ffb4ee34cc6f5b134b415097.tar patches-ee295346ce81c276ffb4ee34cc6f5b134b415097.tar.gz |
services: tor: Run in a container.
* gnu/services/networking.scm (tor-shepherd-service): Use (gnu build
shepherd) and use 'make-forkexec-constructor/container' instead of
'make-forkexec-constructor'.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/services/networking.scm | 32 |
1 files changed, 23 insertions, 9 deletions
diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 85fc0b843a..ae9b8f87cc 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -595,17 +595,31 @@ HiddenServicePort ~a ~a~%" (match config (($ <tor-configuration> tor) (let ((torrc (tor-configuration->torrc config))) - (list (shepherd-service - (provision '(tor)) + (with-imported-modules (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(tor)) - ;; Tor needs at least one network interface to be up, hence the - ;; dependency on 'loopback'. - (requirement '(user-processes loopback syslogd)) + ;; Tor needs at least one network interface to be up, hence the + ;; dependency on 'loopback'. + (requirement '(user-processes loopback syslogd)) - (start #~(make-forkexec-constructor - (list (string-append #$tor "/bin/tor") "-f" #$torrc))) - (stop #~(make-kill-destructor)) - (documentation "Run the Tor anonymous network overlay."))))))) + (modules '((gnu build shepherd) + (gnu system file-systems))) + + (start #~(make-forkexec-constructor/container + (list #$(file-append tor "/bin/tor") "-f" #$torrc) + + #:mappings (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") ;for syslog + (target source))))) + (stop #~(make-kill-destructor)) + (documentation "Run the Tor anonymous network overlay.")))))))) (define (tor-hidden-service-activation config) "Return the activation gexp for SERVICES, a list of hidden services." |