GNU bug report logs - #28128
[PATCH] scripts: system: Add support for container network sharing.

Previous Next

Full log

View this message in rfc822 format

From: ludo <at> gnu.org (Ludovic Courtès)
To: Christopher Baines <mail <at> cbaines.net>
Cc: 28128 <at> debbugs.gnu.org
Subject: [bug#28128] [PATCH] scripts: system: Add support for container network sharing.
Date: Tue, 19 Sep 2017 23:39:34 +0200

Hi!

Sorry for the delay!

Christopher Baines <mail <at> cbaines.net> skribis:

> This is a port of the functionality in the Guix environment command to the
> guix system container command.
>
> This requires additional changes to the operating-system definitions used, in
> particular, networking related services may need removing if the host network
> is shared.
>
> * guix/scripts/system.scm (system-derivation-for-action): Add
>   #:container-shared-network? argument.
>   (perform-action): Add #:container-shared-network? argument.
>   (show-help): Add "-N, --network" help information.
>   (%options): Add network option.
>   (process-action): Call perform-action with #:container-shared-network?.
> * gnu/system/linux-container.scm (%network-configuration-files): New variable.
>   (container-script): Add support for returning a container script that shares
>   the host network.
> * gnu/system.scm (essential-services): Add #:container-shared-network?
>   argument.
>   (operating-system-services): Add #:container-shared-network? argument.
>   (operating-system-etc-service): Add #:container-shared-network? argument,
>   and support for ommiting some configuration if the network is shared.
>   (operating-system-activation-script): Add #:container-shared-network?
>   argument, and pass this through to the operating-system-services procedure.
>   (operating-system-boot-script): Add #:container-shared-network? argument,
>   and pass this through to the operating-system-services procedure.
>   (operating-system-derivation): Add the #:container-shared-network? argument,
>   and pass this through to the operating-system-services procedure.
>   (operating-system-profile): Add the #:container-shared-network? argument,
>   and pass this through to the operating-system-services procedure.

My gut reaction was “hey this is cool!”, and then “wait, it doesn’t feel
right to pass that argument around everywhere!”.   :-)

We already have that with #:container?, and I think that’s a bit of a
problem.  The ‘linux-bare-metal’ service addresses it somewhat in a more
elegant way, I think.

What about this:

  1. Remove from ‘operating-system-etc-service’ all the
     shared-network-related files;

  2. Add a ‘shared-network-service’ that simply adds those file to /etc;

  3. Add a ‘containerized-operating-system’ that removes it.

There’s the problem, though, that /etc/hosts can only be added from
‘essential-services’.

Now, this:

+(define %network-configuration-files
+  '("/etc/resolv.conf"
+    "/etc/nsswitch.conf"
+    "/etc/services"
+    "/etc/hosts"))

… is exactly what (gnu system file-systems) defines.

Also, we should map the host’s /var/run/nscd/socket (if it exists) in
the guest, and remove nscd from the guest.

Thoughts?

Ludo’.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.