linux-container: Lock mounts by default. - guix - GNU transactional package management, distribution, deployment, and more!

diff options

author	Ludovic Courtès <ludo@gnu.org>	2025-04-08 14:03:48 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2025-05-05 14:34:00 +0200
commit	a57ed987ffd1452ba5a4d70feb54893e99b8e076 (patch)
tree	7813ca0a8b517650db72af51a5920bf3ee187806 /gnu/packages/javascript.scm
parent	e1a0171a56602ecba193975ea2438329abb51c94 (diff)

linux-container: Lock mounts by default.

This makes it impossible to unmount or remount things from within ‘call-with-container’. * gnu/build/linux-container.scm (initialize-user-namespace): Add #:host-uid and #:host-gid. and honor them. (run-container): Add #:lock-mounts?. Honor it by calling ‘unshare’ followed by ‘initialize-user-namespace’. (call-with-container): Add #:lock-mounts? and pass it down. (container-excursion): Get the user namespace owning the PID namespace and join it, then join the remaining namespaces. * tests/containers.scm ("call-with-container, mnt namespace, locked mounts"): New test. ("container-excursion"): Pass #:lock-mounts? #f. Change-Id: I13be982aef99e68a653d472f0e595c81cfcfa392

Diffstat (limited to 'gnu/packages/javascript.scm')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: