diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/guix.texi | 85 |
1 files changed, 84 insertions, 1 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 996255d9dc..bd0f3e8fd5 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4866,6 +4866,29 @@ advantage to work without requiring special kernel support, but it incurs run-time overhead every time a system call is made. @end quotation +@cindex entry point, for Docker images +@item --entry-point=@var{command} +Use @var{command} as the @dfn{entry point} of the resulting pack, if the pack +format supports it---currently @code{docker} and @code{squashfs} (Singularity) +support it. @var{command} must be relative to the profile contained in the +pack. + +The entry point specifies the command that tools like @code{docker run} or +@code{singularity run} automatically start by default. For example, you can +do: + +@example +guix pack -f docker --entry-point=bin/guile guile +@end example + +The resulting pack can easily be loaded and @code{docker run} with no extra +arguments will spawn @code{bin/guile}: + +@example +docker load -i pack.tar.gz +docker run @var{image-id} +@end example + @item --expression=@var{expr} @itemx -e @var{expr} Consider the package @var{expr} evaluates to. @@ -24090,7 +24113,7 @@ The following is an example @code{dicod-service} configuration. @cindex Docker @subsubheading Docker Service -The @code{(gnu services docker)} module provides the following service. +The @code{(gnu services docker)} module provides the following services. @defvr {Scheme Variable} docker-service-type @@ -24114,6 +24137,66 @@ The Containerd package to use. @end table @end deftp +@cindex Audit +@subsubheading Auditd Service + +The @code{(gnu services auditd)} module provides the following service. + +@defvr {Scheme Variable} auditd-service-type + +This is the type of the service that runs +@url{https://people.redhat.com/sgrubb/audit/,auditd}, +a daemon that tracks security-relevant information on your system. + +Examples of things that can be tracked: + +@enumerate +@item +File accesses +@item +System calls +@item +Invoked commands +@item +Failed login attempts +@item +Firewall filtering +@item +Network access +@end enumerate + +@command{auditctl} from the @code{audit} package can be used in order +to add or remove events to be tracked (until the next reboot). +In order to permanently track events, put the command line arguments +of auditctl into @file{/etc/audit/audit.rules}. +@command{aureport} from the @code{audit} package can be used in order +to view a report of all recorded events. +The audit daemon usually logs into the directory @file{/var/log/audit}. + +@end defvr + +@deftp {Data Type} auditd-configuration +This is the data type representing the configuration of auditd. + +@table @asis + +@item @code{audit} (default: @code{audit}) +The audit package to use. + +@end table +@end deftp + +@defvr {Scheme Variable} singularity-service-type +This is the type of the service that allows you to run +@url{https://www.sylabs.io/singularity/, Singularity}, a Docker-style tool to +create and run application bundles (aka. ``containers''). The value for this +service is the Singularity package to use. + +The service does not install a daemon; instead, it installs helper programs as +setuid-root (@pxref{Setuid Programs}) such that unprivileged users can invoke +@command{singularity run} and similar commands. +@end defvr + @node Setuid Programs @section Setuid Programs |