linux-container: Export ‘%writable-/tmp’ and use it.

Fixes guix/guix#1994.

* gnu/build/linux-container.scm (%writable-/tmp): New variable.
* guix/scripts/environment.scm (launch-environment/container): Remove ‘tmpfs’
and use it.  Adjust ‘file-system’ declaration for /run/user/$UID.
* guix/scripts/home.scm (spawn-home-container): Likewise.

Reported-by: Romain GARBAGE <romain.garbage@inria.fr>
Change-Id: Ia8289fb5386971738caf2ccc1e815daa6ac28459

1 files changed, 11 insertions, 0 deletions

diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index 3e5158c2fd7..b6f8563f7d0 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -30,6 +30,7 @@
             unprivileged-user-namespace-supported?
             setgroups-supported?
             %namespaces
+            %writable-/tmp
             run-container
             call-with-container
             container-excursion
@@ -387,6 +388,16 @@ if there are no child processes left."
       (+ 128 (or (status:term-sig status)
                  (status:stop-sig status)))))
 
+(define %writable-/tmp
+  ;; Writable and volatile /tmp.
+  (file-system
+    (device "none")
+    (mount-point "/tmp")
+    (type "tmpfs")
+    (flags '(no-suid no-dev))
+    (options "mode=755,size=10%")
+    (check? #f)))
+
 (define* (call-with-container mounts thunk #:key (namespaces %namespaces)
                               (host-uids 1) (guest-uid 0) (guest-gid 0)
                               (lock-mounts? #t)