| Age | Commit message (Collapse) | Author |
|---|
|
Previously the message would be something like:
shepherd[1]: could not mount partition efivarfs: ~A
* gnu/build/file-systems.scm (mount-file-system): On ‘system-error?’
destructure the arguments of C.
Change-Id: I4e84d8ce424dd1d07eae5e22389164479309bbfd
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #7463
|
|
Waits for devices specified by a string.
Fixes: #6134
Change-Id: I430483deccb70fad44fe0e141afc050ae41308dc
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
|
|
When a device with a UUID is missing, canonicalize-device-spec will throw an
error. This error is not handled for mount-may-fail? devices. That means
that if you use UUID device and it isn't available, the boot will hang on
the user-file-systems not being started. All user services depend on that
service.
Also added a test for this behavior.
* gnu/build/file-systems.scm
(mount-file-system): Guard canonicalize-device-spec call.
(canonicalize-device-spec): Throw &partition-lookup-error on missing
partition.
(&partition-lookup-error): New variable.
* gnu/tests/base.scm (%test-missing-file-system): New variable.
Change-Id: I3b8d652251cef421cff6d2fdafb8d9d7d1fc74b5
Reported-By: renbus, on IRC
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
|
|
Previously, copying skeleton ‘.config/nano/nanorc’ to user home won't make
‘~/.config/nano/nanorc’ writable.
* gnu/build/activation.scm (copy-account-skeletons)
[set-owner]: Make all copied skeleton writable.
Rename procedure to ‘set-permission’.
Change-Id: I24a2bda42bc5af803857dc090e487b6a040b58be
Signed-off-by: Hilton Chain <hako@ultrarare.space>
Merges: #6149
|
|
This option was removed from QEMU 10.2. 'make check-system TESTS=anonip',
which does a reboot and was the reason for its introduction still passes, so
apparently it's no longer needed.
* gnu/build/marionette.scm (make-marionette)
<extra-options>: Remove reconnect=1 chardev parameter.
Change-Id: Iaa225bc6a9f58cbbca74fc394ec2005f51e8491d
|
|
Change-Id: Id73c0c74600a3da3373b3a37236b505af65bfe31
|
|
This adds the possibility to parse /proc/consoles to find a primary console.
Then, on AArch64 this is used in the installation image. On AArch64, the boot
usually happens with chosen device tree that contains the serial console.
On x86_64, this does not happen so often, so we keep the installation iso
minimal there.
The primary console is chosen, but there is a fallback to any non-virtual one.
Virtual console (/dev/tty0) is skipped, because that one can point to any
console, like /dev/tty1 and so on. So it's not safe to register agetty on it.
* gnu/build/linux-boot.scm (read-linux-consoles): New variable.
* gnu/services/base.scm (default-serial-console): Use primary console as
fallback.
* gnu/system/install.scm (%installation-services): Add agetty tty for
consoles.
Change-Id: Iae01f7bc85b5ffdef2e52b1d0710889915b0f54a
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
|
|
The current version of `mkfs.btrfs` has a regression when combined with
`fakeroot` where it does not detect the faked root uid/gid of files when
building the filesystem. This produces partition images with `/` owned by
the guixbuild user when it should be owned by root.
Using `unshare` rather than `fakeroot` resolves this by doing the uid
mapping at the kernel level rather than overloading the `stat` function.
An equivalent issue was [reported and patched in
NixOS](https://github.com/NixOS/nixpkgs/pull/434122)
* gnu/build/image.scm (system-disk-image): Import `util-linux` instead of
`fakeroot`.
* gnu/system/image.scm (make-btrfs-image): Use `unshare --map-root-user`
Change-Id: Id4eeaf510f3ec5f4a23b4d700a73e2cf46da40b1
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #5536
|
|
When the body was not a single expression, quote would throw a syntax error.
* gnu/build/dbus-service.scm (with-retries): Ensure the body is a single
expression when quoted for the error message.
Change-Id: I44ec61bc26c8959b499bc94eb661762afdaf99ba
|
|
Because the linux image is called differently based on the architectures,
see system-linu/-image-file-name from gnu/system.scm, the kernel image
on aarch64, mips and armhf has still been compressed. This means that
grub cannot boot.
Man pages have moved from gz to zst, so compress them as well.
* gnu/build/image.scm (make-iso9660-image): Do not compress Image, vmlinuz and
zImage; Compress all man pages.
Change-Id: I68b35f383c84ff231865d580aa9e79d9fd88ace1
Signed-off-by: Rutherther <rutherther@ditigal.xyz>
|
|
Commit 7c70a1080a0823fd3dd0f7ee83e5d7654ab6a872 ("gnu/system: Simplify the
creation of /etc (was: Turn /etc/localtime into a symlink)") made all of the
files under /etc other than sudoers symlinks to their store target. This
causes a problem at least for the vpn-slice service, which expects to be able
to write to said file.
* gnu/build/activation.scm (activate-etc): Special-case /etc/hosts to make it
a regular file.
Change-Id: Ia42dacd8731edba5e72442ab0399bdc3f7101989
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
Modified-by: Maxim Cournoyer <maxim@guixotic.coop>
Fixes: #4800
|
|
https://codeberg.org/guix/guix/issues/3925 raised the inabilityy of the
subordinate IDs service of handling externally managed sub{u,g}id file
entries. This patch relaxes the checks in place for existing ranges,
by allowing subid-range records lower than %subordinate-id-min, leaving
all the space from subid 0 to %subordinate-id-min - 1 to external
users. Generic ranges are still allocated within %subordinate-id-min and
%subordinate-id-max.
* gnu/build/accounts.scm (<unused-id-range>)[min]: Change default value
to 0, allowing subid-ranges with a start lesser than
%subordinate-id-min.
(allocate-generic-range): Allocate generic ranges starting from
%subordinate-id-min, leaving ranges starting before %subordinate-id-min.
(allocate-specific-range): Move bounds check to...
(allocate-subids): ...here. Now bound validation is applied only to user
provided ranges.
* tests/accounts.scm: Test new behavior.
Fixes: guix/guix#3925
Change-Id: Id923b122c97a20f148684f5fb144fd9422810612
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Merges: #4235
|
|
Fixes a bug whereby the store in ext4 partitions created with
‘guix system image’ would be limited to 65,000 sub-directories.
* gnu/build/image.scm (make-ext-image): Invoke “e2fsck -fDy”.
Fixes: guix/guix#4396
Change-Id: I02d3470fac8bdd8971083be8fce192b72bf6510c
|
|
This is a fix up following commit c4298638ca27.
* gnu/build/activation.scm (canonicalize-path*): Replace warning-error-port
with current-warning-port.
Reported-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: I6ead2f0b529552c88cdf1676e6129d6d3474b099
|
|
Do not add a an extraneous /etc/static layer of indirection.
* gnu/build/activation.scm (activate-etc) <realpath>: New nested procedure.
Do not create /etc/static. Symlink instead of copy all files under /etc,
except for /etc/sudoers.
Change-Id: I8ea16d07de256482efac37d2ff9482a5f56bd585
Reviewed-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/build/image.scm (make-swap-image): New variable.
(make-partition-image): Support swap.
* gnu/system/image.scm (system-disk-image): Support swap.
* doc/guix.texi: (partition Reference): Support swap.
Change-Id: I1c201e6aa5dd207d53e5732617910860ee894990
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/build/image.scm (make-f2fs-image): New variable.
(make-partition-image): Support f2fs.
(estimate-partition-size): Add optional margin.
* gnu/system/image.scm (system-disk-image): Support f2fs.
* doc/guix.texi: (partition Reference): Support f2fs.
Change-Id: Ia7fc4483c3cc1af5f34fac86a529a90a1bd7c2c6
Signed-off-by: Denis 'GNUtoo' Carikli <GNUtoo@cyberdimension.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
This allows remounting file systems which are already mounted by
the initrd with custom mount options (e.g. /proc with hidepid=2).
* gnu/build/file-systems.scm (mount-flags->bit-mask): Map 'remount
to MS_REMOUNT.
* gnu/system/file-systems.scm (invalid-file-system-flags): Add
'remount to the list of KNOWN-FLAGS.
* doc/guix.texi (File Systems): Document it.
Fixes: guix/guix#3849
Change-Id: I0ab116a5b4f7bd201e955ecf022e260c63828dc4
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
This reverts commit 11cf5b2fe4882f123cd5e9eb385a773703dfe872.
|
|
This module has been included in Guile as (system vm elf) since around version
2.1.
* guix/elf.scm: Delete file.
* CODEOWNERS: De-register module.
* Makefile.am (MODULES): Likewise.
* etc/teams.scm (core): Likewise.
* gnu/build/linux-modules.scm: Adjust imports.
* gnu/packages/gnuzilla.scm (icecat-minimal) [modules]: Likewise.
* gnu/packages/librewolf.scm (librewolf): Likewise.
* gnu/packages/sequoia.scm (sequoia): Likewise.
* gnu/packages/tor-browsers.scm (make-torbrowser): Likewise.
* gnu/packages/version-control.scm (hg-commitsigs): Likewise.
* guix/build/debug-link.scm: Likewise.
* guix/build/gnu-build-system.scm: Likewise.
* guix/build/gremlin.scm: Likewise.
* guix/build/meson-build-system.scm: Likewise.
* guix/grafts.scm (graft-derivation/shallow): Likewise.
* guix/scripts/pack.scm (wrapped-package): Likewise.
* tests/debug-link.scm: ("elf-debuglink", "set-debuglink-crc"): Likewise.
* tests/gremlin.scm: Likewise.
* guix/build-system/gnu.scm (%default-gnu-imported-modules): Remove (guix elf).
Change-Id: I86ac4237fdd820a6b54dc0fe7a7d10403a290ef9
|
|
* guix/build/syscalls.scm (without-automatic-finalization): Accept multiple
expressions.
(without-garbage-collection): New syntax.
(without-threads): Likewise.
(ensure-signal-delivery-thread, safe-clone): New procedures.
* tests/syscalls.scm: ("clone and unshare triggers EINVAL")
("safe-clone and unshare succeeds"): New tests.
* gnu/build/linux-container.scm (run-container): Adjust to use 'safe-clone'.
Relates-to: #1169
Change-Id: I044c11a899e24e547a7aed97f30c8e7250ab5363
|
|
The `unshare' system call with `CLONE_NEWUSER' cannot be used in multithreaded
programs. Guile VM's automatic GC thread creation used to lead to
nondeterministic failures in container creation, which uses this system call.
* gnu/build/linux-container.scm (run-container): Disable GC in child after
`(clone)' and re-enable after `(unshare)'.
Fixes: #1169
Change-Id: I9df5412102509c13f74ab9911f6f06c0152d0a4f
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
|
|
This reverts commit e0e64be8de3d220a12612b3a2e4aee428277d865.
|
|
This reverts commits 437bb9ece55f37d4b5a62cafc98c0c3b848a53ce and
a57ed987ffd1452ba5a4d70feb54893e99b8e076, which were reported in
guix/guix#1169 to occasionally cause errors like:
guix shell: error: unshare : 268566528: Invalid argument
|
|
This corresponds to "_PATH_MOUNTED" in paths.h from libc.
* gnu/build/hurd-boot.scm (set-hurd-device-translators): Change etc/mtab to var/run/mtab.
Change-Id: I688289fe4b8143ae14a8eef5ba1625c4ebd2a209
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/build/file-systems.scm (linux-swap-superblock?)
(read-linux-swap-superblock, bcachefs-superblock?): Use "a" instead of
"an" before consonant sounds.
Change-Id: Ifb36a125733ff898ecbef0a0a546819130707fba
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/build/file-systems.scm (%linux-swsuspend-magic): New variable.
(linux-swsuspend-superblock?, read-linux-swsuspend-superblock): New
procedures.
(%partition-label-readers, %partition-uuid-readers): Add readers for
linux-swsuspend superblocks.
Change-Id: If77ca9b4ae1f72c4e9ce52149b10d331566b0030
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
|
* gnu/build/secret-service.scm (secret-service-receive-secrets):
Add #:timeout parameter and honor it.
Change-Id: I4b6720444a28e1424ede07b6c329cd355b27b5e3
|
|
* gnu/build/secret-service.scm (secret-service-receive-secrets)
[wait-for-client]: Pass ‘SOCK_NONBLOCK’ to ‘socket’. Use
‘wait-for-readable-fd’ instead of ‘select’. Pass flags to ‘accept’.
Change-Id: I1d5ff8e286942838af5b77fbb4068689a0529ed1
|
|
* gnu/build/secret-service.scm (secret-service-receive-secrets)[dump]: Remove.
Use ‘dump-port’ from (guix build utils) instead.
Change-Id: I5a098a6f4f6629cf275862e9f10c9a2718bb27a1
|
|
The previous code was tentatively written to run either in a Fibers context or
in a non-Fibers context. Drop the non-Fibers code since this always runs
within ‘shepherd’, which is fiberized.
* gnu/build/secret-service.scm (with-modules): Remove.
(wait-for-readable-fd): Rewrite using regular Fibers operations.
(secret-service-send-secrets): Use ‘SOCK_NONBLOCK’. Simplify ‘sleep’ binding.
Change-Id: Ic05d0bc54e6d2df89b6602bc716402067c845792
|
|
This reverts commit a7db92d9b389cbe565395523882c34c6eff2c21a, this time with
the more careful command, to avoid a world rebuild:
grep -rl --exclude-dir=build --exclude-dir=patches --exclude=ld-wrapper.in \
--exclude=sitecustomize.py --exclude=guix-emacs.el maxim.cournoyer@gmail.com |
xargs sed -i 's/maxim.cournoyer@gmail.com/maxim@guixotic.coop/g'
Change-Id: I0871f5cf9ace79e34e78e24154d0da6ea95a3a91
|
|
This reverts commit d0d87a744d724b7e7d5ac013c586039652087bb3. Oops! This
caused a world rebuild.
Change-Id: I25fff644b2b61d0ee93d69b457b04c72b5b74d15
|
|
The change was automated via:
git grep -l maxim.cournoyer@gmail.com |
xargs sed -i 's/maxim.cournoyer@gmail.com/maxim@guixotic.coop/g'
* .mailmap: New entry.
Change-Id: Iaa88b1e51c94159c49138fb43910badb990eb169
|
|
Fixes guix/guix#1994.
* gnu/build/linux-container.scm (%writable-/tmp): New variable.
* guix/scripts/environment.scm (launch-environment/container): Remove ‘tmpfs’
and use it. Adjust ‘file-system’ declaration for /run/user/$UID.
* guix/scripts/home.scm (spawn-home-container): Likewise.
Reported-by: Romain GARBAGE <romain.garbage@inria.fr>
Change-Id: Ia8289fb5386971738caf2ccc1e815daa6ac28459
|
|
This patch implements a generalization of the
oci-container-service-type, which consequently is made deprecated. The
oci-service-type, in addition to all the features from the
oci-container-service-type, can now provision OCI networks and volumes.
It only handles OCI objects creation, the user is supposed to handle
state once the objects are provsioned.
It currently supports two different OCI runtimes: Docker and rootless
Podman. Both runtimes are tested to make sure provisioned containers
can connect to each other through provisioned networks and can
read/write data with provisioned volumes.
At last the Scheme API is thought to facilitate the implementation of a
Guix Home service in the future.
* gnu/build/oci-containers.scm: New file containg OCI runtime business
logic used in OCI backed Shepherd services.
oci-read-lines
(oci-system*,oci-object-exists?,oci-object-service-available?
oci-image-load,oci-log-verbose,oci-container-execlp,oci-object-create):
New procedures.
* gnu/local.mk: Add it.
* gnu/services/containers.scm (list-of-oci-containers?,
list-of-oci-networks?,list-of-oci-volumes?,%oci-supported-runtimes,
oci-runtime?,oci-runtime-system-environment,oci-runtime-system-extra-arguments,
oci-runtime-system-requirement,oci-runtime-cli,oci-runtime-system-cli,
oci-runtime-home-cli,oci-runtime-name,oci-runtime-group,
oci-container-shepherd-name,oci-networks-shepherd-name,
oci-networks-home-shepherd-name,oci-volumes-shepherd-name,
oci-volumes-home-shepherd-name,oci-container-configuration->options,
oci-network-configuration->options,oci-volume-configuration->options,
oci-container-shepherd-service,oci-objects-merge-lst,oci-extension-merge,
oci-service-accounts,oci-service-profile,oci-service-subids,
oci-configuration->shepherd-services,oci-configuration-extend): New
procedures.
(image-reference): Implement unambiguous naming convention, that paired
with the new implementation for listing caches images with docker ls or
podman ls, allows for more efficient image caching.
(oci-container-configuration)[user,group]: Change default-type to
maybe-string, since by default containers will run under the user and
group declared in oci-configuration records. When unset the
oci-service-type will derive their value from the OCI runtime state.
[runtime,host-environment,environment,shepherd-actions,ports,extra-arguments]:
define a predicate and use it as a type in the configuration. This
way errors are reported with source location information.
(lower-manifest): Defer to caller the logic of setting up an image tag.
(lower-oci-image): Rename to load-oci-image-state.
(oci-runtime-state): Intermediate representation of the OCI runtime
details. It is supposed to be an internal API.
(oci-state): Intermediate representation of the OCI provisioning state,
such as containers and networks. It is supposed to be an internal API.
(oci-container-invocation): Intermediate representation of the OCI
runtime run command to start a container. It is supposed to be an
internal API.
(%oci-image-loader): Rename to oci-image-loader and use
oci-runtime-state and (gnu build oci-containers).
(oci-container-shepherd-service): Use oci-state and oci-runtime-state,
add command-line action.
(oci-network-configuration,oci-volume-configuration,oci-configuration,
oci-extension): New record types.
(oci-service-type): New service-type.
* doc/guix.texi: Document it.
* gnu/tests/containers.scm: Test it.
* gnu/services/docker.scm: Deprecate the oci-container-service-type.
Change-Id: I656b3db85832e42d53072fcbfb91d1226f39ef38
Modified-by: Maxim Cournoyer <maxim@guixotic.coop>
Signed-off-by: Maxim Cournoyer <maxim@guixotic.coop>
|
|
* gnu/build/linux-container.scm (mount-file-systems): Fix typo in
docstring.
Change-Id: I973a65a6574078bc72fd9e1aa7424a68e2b21268
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>
|
|
* gnu/build/file-systems.scm (fat16-superblock?): Support FAT12.
Change-Id: Ia14899134e02bda54b0796efb0bc1c6f89e95c0d
Signed-off-by: Danny Milosavljevic <dannym@friendly-machines.com>
|
|
This makes it impossible to unmount or remount things from within
‘call-with-container’.
* gnu/build/linux-container.scm (initialize-user-namespace):
Add #:host-uid and #:host-gid. and honor them.
(run-container): Add #:lock-mounts?. Honor it by calling ‘unshare’
followed by ‘initialize-user-namespace’.
(call-with-container): Add #:lock-mounts? and pass it down.
(container-excursion): Get the user namespace owning the PID namespace
and join it, then join the remaining namespaces.
* tests/containers.scm ("call-with-container, mnt namespace, locked mounts"):
New test.
("container-excursion"): Pass #:lock-mounts? #f.
Change-Id: I13be982aef99e68a653d472f0e595c81cfcfa392
|
|
* gnu/build/linux-container.scm (run-container): Add #:loopback-network?
and honor it via #:populate-file-system.
(call-with-container): Add #:loopback-network? and pass it to
‘run-container’.
* guix/scripts/environment.scm (launch-environment/container): Remove
call to ‘set-network-interface-up’ and remove generation of /etc/hosts.
* guix/scripts/home.scm (spawn-home-container): Likewise.
Change-Id: I5933a4e8dc6d8e19235a79696b62299d74d1ba21
|
|
Until now, the read-only file system set up by ‘call-with-container’
would always be writable. With this change, it can be made read-only.
With this patch, only ‘least-authority-wrapper’ switches to a read-only
root file system.
* gnu/build/linux-container.scm (remount-read-only): New procedure.
(mount-file-systems): Add #:writable-root? and #:populate-file-system
and honor them.
(run-container): Likewise.
(call-with-container): Likewise.
* gnu/system/linux-container.scm (container-script): Pass #:writable-root?
to ‘call-with-container’.
(eval/container): Add #:populate-file-system and #:writable-root? and
honor them.
* guix/scripts/environment.scm (launch-environment/container):
Pass #:writable-root? to ‘call-with-container’.
* guix/scripts/home.scm (spawn-home-container): Likewise.
* tests/containers.scm ("call-with-container, mnt namespace, read-only root")
("call-with-container, mnt namespace, writable root"): New tests.
Change-Id: I603e2fd08851338b737bb16c8af3f765e2538906
|
|
This should be about twice as fast as the default zlib compressor used for
qcow2, and potentially multi-thread aware given some improvements to qemu-img
in the future (zstd supports its but it's not currently used by QEMU).
* gnu/build/image.scm (convert-disk-image): Specify 'compression_type=zstd'
option.
Change-Id: Ie9c66f0c13e789ec863c95a5e549f035b6a17bf9
|
|
This doesn't seem to change anything currently (the default is 8). Perhaps
useful in the future, for example if the compressor used by qemu-img starts
honoring it.
* gnu/build/image.scm (convert-disk-image): Specify the '-m' option.
Change-Id: Ia288c85af8a0621d61cf6b9f0d3f73f5a3026d66
|
|
Fixes <https://issues.guix.gnu.org/77992>.
Fixes a bug whereby ‘mkdir-p/perms’ would throw an exception on the
Hurd:
In gnu/build/activation.scm:
97:20 1 (mkdir-p/perms _ #("ludo" "x" 1000 998 "Ludovic…" …) …)
In unknown file:
0 (open "." 7340032 #<undefined>)
ERROR: In procedure open:
In procedure scm_fdes_to_port: requested file mode not available on fdes
This, in turn, would cause ‘user-homes’ to fail to start on the Hurd
since commit da741d89310efd0530351670d9c55ec2f952ab98.
* gnu/build/activation.scm (mkdir-p/perms): Add O_RDONLY to ‘open-flags’.
Reported-by: Yelninei <yelninei@tutamail.com>
Change-Id: I74f90599338772ba4341067215b864273aa30b3e
|
|
Otherwise the code would be evaluated instead of shown.
* gnu/build/dbus-service.scm (with-retries): Quote the body data in the error
message.
Change-Id: I7a06f08327bdc7df70ae56a146855bc32ad3e63e
|
|
* gnu/build/bootloader.scm (install-efi): Add riscv64 case.
Change-Id: I1c6c7949f0057f600817f09b5f52dca0644e3d88
|
|
non-Linux.
Previously this procedure would return #t on non-Linux systems.
* gnu/build/linux-container.scm (unprivileged-user-namespace-supported?):
When USERNS-FILE doesn’t exist, return (user-namespace-supported?).
Reported-by: Reepca Russelstein <reepca@russelstein.xyz>
Change-Id: I92050338b8b68bc3bd87100317eba69fcdf14a0a
|
|
* gnu/build/marionette.scm (make-marionette): Add 'reconnect=1' socket
parameter.
* gnu/system/vm.scm (common-qemu-options): Remove '-no-reboot' option.
Change-Id: I5e100543ddddba0aea3ebe4e2f5cb8b0261c0d73
|
|
Fixes <https://issues.guix.gnu.org/61690>.
Until now, this would work:
guix shell --no-cwd -CWP -- guix shell -C coreutils -- ls -R /home
… but this would not:
$ guix shell --no-cwd -CWPN -- guix shell -C coreutils -- ls -R /home
guix shell: error: mount: mount "none" on "/tmp/guix-directory.Wnc2OI/sys": Operation not permitted
This is annoying and hardly understandable. Since we already disable
/sys mounts when sharing the global network namespace is asked (as in
‘guix shell -CN‘), for the very same reason, we can just as well disable
/sys mounts anytime it fails with EPERM.
* gnu/build/linux-container.scm (mount-file-systems): Silently ignore
EPERM when attempting to mount /sys.
Change-Id: If85b1d703ab58a98ea9873f4f8fed71a06b7aa63
|
|
This commit adds a Guix System service to handle allocation of subuid
and subgid requests. Users that don't care can just add themselves as a
subid-range and don't need to specify anything but their user name.
Users that care about specific ranges, such as possibly LXD, can specify
a start and a count.
* doc/guix.texi (Miscellaneous Services): Document it.
* gnu/build/activation.scm (activate-subuids+subgids): New variable.
* gnu/local.mk: Add gnu/tests/shadow.scm.
* gnu/system/accounts.scm (sexp->subid-range): New variable.
* gnu/system/shadow.scm (%root-subid): New variable;
(subids-configuration): new record;
(subid-range->gexp): new variable;
(assert-valid-subids): new variable;
(delete-duplicate-ranges): new variable;
(subids-activation): new variable;
(subids-extension): new record;
(append-subid-ranges): new variable;
(subids-extension-merge): new variable;
(subids-service-type): new variable.
* gnu/tests/shadow.scm (subids): New system test.
Change-Id: I3755e1c75771220c74fe8ae5de1a7d90f2376635
Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
