From unknown Sat Jun 21 10:07:21 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#41573 <41573@debbugs.gnu.org> To: bug#41573 <41573@debbugs.gnu.org> Subject: Status: [PATCH Shepherd] shepherd: service: Add #:supplementary-groups. Reply-To: bug#41573 <41573@debbugs.gnu.org> Date: Sat, 21 Jun 2025 17:07:21 +0000 retitle 41573 [PATCH Shepherd] shepherd: service: Add #:supplementary-group= s. reassign 41573 guix-patches submitter 41573 Oleg Pykhalov severity 41573 normal tag 41573 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Thu May 28 01:19:38 2020 Received: (at submit) by debbugs.gnu.org; 28 May 2020 05:19:38 +0000 Received: from localhost ([127.0.0.1]:50665 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jeAx8-0000kk-46 for submit@debbugs.gnu.org; Thu, 28 May 2020 01:19:38 -0400 Received: from lists.gnu.org ([209.51.188.17]:46274) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jeAx5-0000kb-0u for submit@debbugs.gnu.org; Thu, 28 May 2020 01:19:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:35136) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jeAx4-00069E-RS for guix-patches@gnu.org; Thu, 28 May 2020 01:19:34 -0400 Received: from mail-lj1-x236.google.com ([2a00:1450:4864:20::236]:39850) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jeAx3-0006Du-Aa for guix-patches@gnu.org; Thu, 28 May 2020 01:19:34 -0400 Received: by mail-lj1-x236.google.com with SMTP id o9so77468ljj.6 for ; Wed, 27 May 2020 22:19:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:subject:date:message-id:user-agent:mime-version; bh=laD4u4siQ0xe7+zXd4/3hKllNkjv6RBFybj6ZMnYUbs=; b=a1sNeftSmJ8CWsmZnsp89Se65wfgCb5S9DgAb6NyeexpYxP9e4G55/5NldmANgMCaa 91PuCcIEwhok/fWNfkMqCzDz+IHDbKINRljmQXyu1uOH8bCDcwdyyzE+1h0fU6wl0GgX SX/1T15rAea3dQP7UZyhLHuuB9H5A0EhtZJ65szOkxTdBg8/XudOXjLuMEyM7umxld3w 4oW/DoDNQ79cqSP/3qSalxR4feK47Ynq67C8Kwq/vNMRZ4QZEuLUb4L5w/xyn5P9vDXp 3rDlM95TdY33yipaInaujC50thyPKGwrB/EQMJ4R/1F5yecinPMyOih2AiKTCr8YssEa HYZQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:user-agent :mime-version; bh=laD4u4siQ0xe7+zXd4/3hKllNkjv6RBFybj6ZMnYUbs=; b=qzBjlGDQvMHrnAhkkR6ID9W411vpEo2bqhxUtONJGQVreCocUhxyZigLRG8r+hXZR/ hAVUAp6nX5hq+WnxJSNHnsYgEfk7Z3TRwhdtVP9JdGh51PgERgCB7vjxtWIzol6SRwkj OPM0+Vl6i5VIUwKioe3ZrF1s1KEsrtk24eOof+5SPcfcNSpuY9P+rzWyg2UXIpe6q27c MTYK16YYuPRS3uySQ0wt+NWoFtpJunkJg3my69l9hxhVcissaTSYRW6L1YlGrujS/vY5 ezkbCNOwCoRfEgCEFindRjCpJF3BCvpu6ypNn+sOsHT9B8+sa0icibuTubRcbozziFNP 2oTA== X-Gm-Message-State: AOAM531cdaZGs3sACyfZKDj4EtmoD9W/UYBEpezyEWxlKEhMbCuqmgHR KxTVSVvUWnx0VAjiC9Ov+PvE7gqE X-Google-Smtp-Source: ABdhPJx7/dpqvWcOSM7ygOGkusAWpvfX+BmkJhFuwCp64fadkdXmGmhoDc1zWhneZvHtXiSUtZctrw== X-Received: by 2002:a2e:5808:: with SMTP id m8mr546202ljb.244.1590643170663; Wed, 27 May 2020 22:19:30 -0700 (PDT) Received: from guixsd (92-100-136-169.dynamic.avangarddsl.ru. [92.100.136.169]) by smtp.gmail.com with ESMTPSA id f9sm1327714ljf.99.2020.05.27.22.19.29 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 27 May 2020 22:19:29 -0700 (PDT) From: Oleg Pykhalov To: guix-patches Subject: [PATCH Shepherd] shepherd: service: Add #:supplementary-groups. Date: Thu, 28 May 2020 08:19:27 +0300 Message-ID: <87a71sbpr4.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Received-SPF: pass client-ip=2a00:1450:4864:20::236; envelope-from=go.wigust@gmail.com; helo=mail-lj1-x236.google.com X-detected-operating-system: by eggs.gnu.org: No matching host in p0f cache. That's all we know. X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001 autolearn=_AUTOLEARN X-Spam_action: no action X-Spam-Score: 0.7 (/) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello Guix, This patch provides a way to specify supplementary groups for services. It's useful for services which could be used with a Docker group, e.g. Jenkins. =E2=80=98shepherd=E2=80=99 package in Guix succeeded to build with current = patch. And I succeeded to pull and reconfigure my Guix system with it. Also =E2=80=98ma= ke check=E2=80=99 in Shepherd's Git repository passes tests. --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0001-service-Add-supplementary-groups.patch Content-Transfer-Encoding: quoted-printable Content-Description: [PATCH Shepherd] shepherd: service: Add #:supplementary-groups. From=205718eb5f4130530b48df896d7f7e4a126e08428a Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Sun, 24 May 2020 20:30:27 +0300 Subject: [PATCH] service: Add #:supplementary-groups. * modules/shepherd/service.scm (format-supplementary-groups): New procedure. (exec-command, fork+exec-command, make-forkexec-constructor): Add '#:supplementary-groups'. * doc/shepherd.texi (Service De- and Constructors): Document this. =2D-- doc/shepherd.texi | 39 +++++++++++++++++++++--------------- modules/shepherd/service.scm | 16 ++++++++++++++- 2 files changed, 38 insertions(+), 17 deletions(-) diff --git a/doc/shepherd.texi b/doc/shepherd.texi index 7217ec2..56ef03d 100644 =2D-- a/doc/shepherd.texi +++ b/doc/shepherd.texi @@ -11,7 +11,8 @@ @copying Copyright @copyright{} @value{OLD-YEARS} Wolfgang J@"ahrling@* Copyright @copyright{} @value{NEW-YEARS} Ludovic Court=C3=A8s@* =2DCopyright @copyright{} 2020 Brice Waegeneire +Copyright @copyright{} 2020 Brice Waegeneire@* +Copyright @copyright{} 2020 Oleg Pykhalov =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -893,21 +894,24 @@ execution of the @var{command} was successful, @code{= #t} if not. @deffn {procedure} make-forkexec-constructor @var{command} @ [#:user #f] @ [#:group #f] @ + [#:supplementary-groups '()] @ [#:pid-file #f] [#:pid-file-timeout (default-pid-file-timeout)] @ [#:log-file #f] @ [#:directory (default-service-directory)] @ [#:file-creation-mask #f] @ [#:environment-variables (default-environment-variables)] Return a procedure that forks a child process, closes all file =2Ddescriptors except the standard output and standard error descriptors, s= ets =2Dthe current directory to @var{directory}, sets the umask to =2D@var{file-creation-mask} unless it is @code{#f}, changes the environment= to =2D@var{environment-variables} (using the @code{environ} procedure), sets t= he =2Dcurrent user to @var{user} and the current group to @var{group} unless t= hey =2Dare @code{#f}, and executes @var{command} (a list of strings.) The resu= lt of =2Dthe procedure will be the PID of the child process. Note that this will =2Dnot work as expected if the process ``daemonizes'' (forks); in that =2Dcase, you will need to pass @code{#:pid-file}, as explained below. +descriptors except the standard output and standard error descriptors, +sets the current directory to @var{directory}, sets the umask to +@var{file-creation-mask} unless it is @code{#f}, changes the environment +to @var{environment-variables} (using the @code{environ} procedure), +sets the current user to @var{user} the current group to @var{group} +unless they are @code{#f} and supplementary groups to +@var{supplementary-groups} unless they are @code{'()}, and executes +@var{command} (a list of strings.) The result of the procedure will be +the PID of the child process. Note that this will not work as expected +if the process ``daemonizes'' (forks); in that case, you will need to +pass @code{#:pid-file}, as explained below. =20 When @var{pid-file} is true, it must be the name of a PID file associated with the process being launched; the return value is the PID @@ -937,6 +941,7 @@ procedures. @deffn {procedure} exec-command @var{command} @ [#:user #f] @ [#:group #f] @ + [#:supplementary-groups '()] @ [#:log-file #f] @ [#:directory (default-service-directory)] @ [#:file-creation-mask #f] @ @@ -944,6 +949,7 @@ procedures. @deffnx {procedure} fork+exec-command @var{command} @ [#:user #f] @ [#:group #f] @ + [#:supplementary-groups '()] @ [#:directory (default-service-directory)] @ [#:file-creation-mask #f] @ [#:environment-variables (default-environment-variables)] @@ -955,12 +961,13 @@ if it's true, whereas file descriptor 0 (standard input) points to @file{/dev/null}; all other file descriptors are closed prior to yielding control to @var{command}. =20 =2DBy default, @var{command} is run as the current user. If the =2D@var{user} keyword argument is present and not false, change to =2D@var{user} immediately before invoking @var{command}. @var{user} may =2Dbe a string, indicating a user name, or a number, indicating a user =2DID. Likewise, @var{command} will be run under the current group, =2Dunless the @var{group} keyword argument is present and not false. +By default, @var{command} is run as the current user. If the @var{user} +keyword argument is present and not false, change to @var{user} +immediately before invoking @var{command}. @var{user} may be a string, +indicating a user name, or a number, indicating a user ID. Likewise, +@var{command} will be run under the current group, unless the +@var{group} keyword argument is present and not false, and +supplementary-groups is not '(). =20 @code{fork+exec-command} does the same as @code{exec-command}, but in a separate process whose PID it returns. diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index 45fcf32..03bdc02 100644 =2D-- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -6,6 +6,7 @@ ;; Copyright (C) 2018 Carlo Zancanaro ;; Copyright (C) 2019 Ricardo Wurmus ;; Copyright (C) 2020 Mathieu Othacehe +;; Copyright (C) 2020 Oleg Pykhalov ;; ;; This file is part of the GNU Shepherd. ;; @@ -772,10 +773,17 @@ daemon writing FILE is running in a separate PID name= space." (try-again) (apply throw args))))))) =20 +(define (format-supplementary-groups supplementary-groups) + (if (vector? supplementary-groups) + supplementary-groups + (list->vector (map (lambda (group) (group:gid (getgr group))) + supplementary-groups)))) + (define* (exec-command command #:key (user #f) (group #f) + (supplementary-groups '()) (log-file #f) (directory (default-service-directory)) (file-creation-mask #f) @@ -831,7 +839,7 @@ false." (catch #t (lambda () ;; Clear supplementary groups. =2D (setgroups #()) + (setgroups (format-supplementary-groups supplementary-groups)) (setgid (group:gid (getgr group)))) (lambda (key . args) (format (current-error-port) @@ -874,6 +882,7 @@ false." #:key (user #f) (group #f) + (supplementary-groups '()) (log-file #f) (directory (default-service-directory)) (file-creation-mask #f) @@ -901,6 +910,8 @@ its PID." (exec-command command #:user user #:group group + #:supplementary-groups (format-supplementary-groups + supplementary-groups) #:log-file log-file #:directory directory #:file-creation-mask file-creation-mask @@ -914,6 +925,7 @@ its PID." #:key (user #f) (group #f) + (supplementary-groups '()) (directory (default-service-directory)) (environment-variables (default-environment-variables)) @@ -951,6 +963,8 @@ start." (let ((pid (fork+exec-command command #:user user #:group group + #:supplementary-groups + (format-supplementary-groups supplementa= ry-groups) #:log-file log-file #:directory directory #:file-creation-mask file-creation-mask =2D-=20 2.26.2 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAl7PSd8ACgkQFn+OpQAa +pwzyRAAnJ0ze5KPWRpyuhVORlqC7supHpNRwulvAdgU9pJwBCmljITiwvyyqsgw e0kXK6K6El5/YvDLKg2NTiEDGXP8blZPQnPEHBdJ9H42jvs1RckKMF/DgjhZEkrv A009d4QpMgO34s2RL5uLhygpapLhairTwbd7C7xhzb96rqgZiUuk5AP7Y1T2OHMI uJ9HNbQS0MuzCvMWJ8fUke6veX3yxfHSPPSeNyNF6yeGTQMCHf0YGxWJlEkArPtQ yLru7hQqKLFNdloDMy0UpzXYGYn0CASl3mVZhNyzUqKl7m+LbcpsLlAVg8QuDjND y/5BFjiFhJjOrMB6cC8sD2W1uiaLN9FTU137g0Evo8TnzZu6TgHGByWFa5xS1O7I muO9epqJpABvgHqHs7TQ9dluGAtsaYwpySrN87NIYZ/52RcOPir2bHWEz1h8Nij9 G48+drDchVbcCaq+38iqHU3CGyM7QWeSMcvjQRJEm+XUCpZTXP3hKmmPIq5iOjJ7 GlyqT4lC+XAjJOwsd8h4ftQSiT327ESyPY8wQtsB1+xpYpxbsyZiH+VsDcJG6q3z SU8OiPWuyMn4EUDGNRhvj+lKXmZ8t1Ulc7JCVlSr2FkyzseH8avpaGADxCpY8Wqh 8SY6UqAqYlzVeyRP4FYVeMFk+1G2rZaBJVqFD1ceYGZJOEUbTo0= =daKp -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Sun Jun 14 16:53:23 2020 Received: (at 41573) by debbugs.gnu.org; 14 Jun 2020 20:53:23 +0000 Received: from localhost ([127.0.0.1]:44600 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jkZd5-0000c8-Ar for submit@debbugs.gnu.org; Sun, 14 Jun 2020 16:53:23 -0400 Received: from eggs.gnu.org ([209.51.188.92]:42930) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jkZd3-0000bv-WB for 41573@debbugs.gnu.org; Sun, 14 Jun 2020 16:53:22 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:52888) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jkZcy-0002Wg-Lc; Sun, 14 Jun 2020 16:53:16 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=43792 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jkZcx-0000PC-T6; Sun, 14 Jun 2020 16:53:16 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Oleg Pykhalov Subject: Re: [bug#41573] [PATCH Shepherd] shepherd: service: Add #:supplementary-groups. References: <87a71sbpr4.fsf@gmail.com> Date: Sun, 14 Jun 2020 22:53:14 +0200 In-Reply-To: <87a71sbpr4.fsf@gmail.com> (Oleg Pykhalov's message of "Thu, 28 May 2020 08:19:27 +0300") Message-ID: <87mu55s72d.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 41573 Cc: 41573@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hello, Oleg Pykhalov skribis: > From 5718eb5f4130530b48df896d7f7e4a126e08428a Mon Sep 17 00:00:00 2001 > From: Oleg Pykhalov > Date: Sun, 24 May 2020 20:30:27 +0300 > Subject: [PATCH] service: Add #:supplementary-groups. > > * modules/shepherd/service.scm (format-supplementary-groups): New procedu= re. > (exec-command, fork+exec-command, make-forkexec-constructor): Add > '#:supplementary-groups'. > * doc/shepherd.texi (Service De- and Constructors): Document this. [...] > +(define (format-supplementary-groups supplementary-groups) > + (if (vector? supplementary-groups) > + supplementary-groups > + (list->vector (map (lambda (group) (group:gid (getgr group))) > + supplementary-groups)))) Perhaps we should remove the =E2=80=98vector?=E2=80=99 case, no? I find it= clearer when the interface accepts just one single data type. Apart from that, it LGTM! Note that for compatibility reasons we=E2=80=99ll have to wait before using= it in Guix System. Thanks, Ludo=E2=80=99. From debbugs-submit-bounces@debbugs.gnu.org Thu Jun 18 21:29:17 2020 Received: (at 41573) by debbugs.gnu.org; 19 Jun 2020 01:29:18 +0000 Received: from localhost ([127.0.0.1]:54740 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm5qH-00014j-EJ for submit@debbugs.gnu.org; Thu, 18 Jun 2020 21:29:17 -0400 Received: from mail-lf1-f50.google.com ([209.85.167.50]:38549) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jm5qE-00014Q-2c for 41573@debbugs.gnu.org; Thu, 18 Jun 2020 21:29:15 -0400 Received: by mail-lf1-f50.google.com with SMTP id d27so4599625lfq.5 for <41573@debbugs.gnu.org>; Thu, 18 Jun 2020 18:29:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:references:date:in-reply-to:message-id :user-agent:mime-version; bh=Yp/bOstr02hA5EuLdWSZzIuYDBQ4PR5MvToI06DU+hU=; b=rMnqVZMSiJnfb5YtvTAz9dD4vynVLlo70UNoqv2vEbzMD8cjUmiNsQ49JsatOyMYvD hqz7TR7+et62O4XEPfbBxz/we0DLC/0/kRbKoi4c+GhMX4eBgQPuVgHtoyMtQLH39G8r SOwQW4iY8PCpazpRHKreaB5IN6DNEDlduES6R9Ju6Ya8DSgZ/4PxD4gCIQeQna1dWJ1h kkiSOz17mJScODv1G1x/z1qR/GaiQdCE3qlxF7+LMYk60fmrIMf6tf37pmXxe+w9V/KN JqRaDzZKKkUEC0HAKHm2yYSsjaKz5dtJGBXuKZ7yCd9n08cQJJemsMQD86CAVHOyyPGK c3DQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:references:date:in-reply-to :message-id:user-agent:mime-version; bh=Yp/bOstr02hA5EuLdWSZzIuYDBQ4PR5MvToI06DU+hU=; b=tFfnOAVZqmewimlrfcDWUePbELZxHe2sLIJSnge2Lk8ZxJv252EU1klA31AJgU4SaZ m0//0IqX+DY5dSj+Z38gBorZNL01UlL5jVKqQPk9kCi+0dyCaYlfDlQqvFlVV5Wa5zGy d3Q2cH2RRVj/hIMACxBTHOusE5kIjWdTmNcWTZ2ZxFWiozesi4GgKVMFsoJ2/+z0hK5f VnUQh2KOljfULtp34wqJLDvuBGrZdnpqgoWWY81/pxaRtr7TKYCeoDWq3QDm+UiqKadz dnnA96gNWSPedJE4EpP5R+1L8hgFSkz6oddwG9ddRNbJ71LzJ/rOIyrK7TZlzyJmvE0o RosQ== X-Gm-Message-State: AOAM532GBh65fYn8i5d2ErRVEi66vkiZd2UB/3giwAymnfyDOh4G/Icg mDtO0pub0LWzUQIe5E+F8i3u7xbuyTA= X-Google-Smtp-Source: ABdhPJyRJI36fjwENdBCjg9m3t2tcBXhjsNhyIy9wn4omVEv1ZGsw2klRV3e5bW7NW0H9eFPdqvjjQ== X-Received: by 2002:a19:ca11:: with SMTP id a17mr544400lfg.120.1592530147397; Thu, 18 Jun 2020 18:29:07 -0700 (PDT) Received: from guixsd (ppp91-122-98-213.pppoe.avangarddsl.ru. [91.122.98.213]) by smtp.gmail.com with ESMTPSA id p2sm920565ljg.95.2020.06.18.18.29.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 18 Jun 2020 18:29:05 -0700 (PDT) From: Oleg Pykhalov To: Ludovic =?utf-8?Q?Court=C3=A8s?= Subject: Re: [bug#41573] [PATCH Shepherd] shepherd: service: Add #:supplementary-groups. References: <87a71sbpr4.fsf@gmail.com> <87mu55s72d.fsf@gnu.org> Date: Fri, 19 Jun 2020 04:28:57 +0300 In-Reply-To: <87mu55s72d.fsf@gnu.org> ("Ludovic \=\?utf-8\?Q\?Court\=C3\=A8s\=22'\?\= \=\?utf-8\?Q\?s\?\= message of "Sun, 14 Jun 2020 22:53:14 +0200") Message-ID: <871rmb4zdy.fsf@gmail.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/signed; boundary="==-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 41573 Cc: 41573@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -1.0 (-) --==-=-= Content-Type: multipart/mixed; boundary="=-=-=" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hello, Ludovic Court=C3=A8s writes: > Oleg Pykhalov skribis: > >> From 5718eb5f4130530b48df896d7f7e4a126e08428a Mon Sep 17 00:00:00 2001 >> From: Oleg Pykhalov >> Date: Sun, 24 May 2020 20:30:27 +0300 >> Subject: [PATCH] service: Add #:supplementary-groups. >> >> * modules/shepherd/service.scm (format-supplementary-groups): New proced= ure. >> (exec-command, fork+exec-command, make-forkexec-constructor): Add >> '#:supplementary-groups'. >> * doc/shepherd.texi (Service De- and Constructors): Document this. > > [...] > >> +(define (format-supplementary-groups supplementary-groups) >> + (if (vector? supplementary-groups) >> + supplementary-groups >> + (list->vector (map (lambda (group) (group:gid (getgr group))) >> + supplementary-groups)))) > > Perhaps we should remove the =E2=80=98vector?=E2=80=99 case, no? I find = it clearer when > the interface accepts just one single data type. OK. > Apart from that, it LGTM! > > Note that for compatibility reasons we=E2=80=99ll have to wait before usi= ng it > in Guix System. No problem. I updated the patch and tested it again with make check and reconfiguring my system. --=-=-= Content-Type: text/x-patch; charset=utf-8 Content-Disposition: attachment; filename=0001-service-Add-supplementary-groups.patch Content-Transfer-Encoding: quoted-printable Content-Description: [PATCH] service: Add #:supplementary-groups. From=2020a08c750c4d6126d36835c64fed211299cb03e3 Mon Sep 17 00:00:00 2001 From: Oleg Pykhalov Date: Sun, 24 May 2020 20:30:27 +0300 Subject: [PATCH] service: Add #:supplementary-groups. * modules/shepherd/service.scm (format-supplementary-groups): New procedure. (exec-command, fork+exec-command, make-forkexec-constructor): Add '#:supplementary-groups'. * doc/shepherd.texi (Service De- and Constructors): Document this. =2D-- doc/shepherd.texi | 39 +++++++++++++++++++++--------------- modules/shepherd/service.scm | 12 ++++++++++- 2 files changed, 34 insertions(+), 17 deletions(-) diff --git a/doc/shepherd.texi b/doc/shepherd.texi index 1de49af..18f1a4d 100644 =2D-- a/doc/shepherd.texi +++ b/doc/shepherd.texi @@ -11,7 +11,8 @@ @copying Copyright @copyright{} @value{OLD-YEARS} Wolfgang J@"ahrling@* Copyright @copyright{} @value{NEW-YEARS} Ludovic Court=C3=A8s@* =2DCopyright @copyright{} 2020 Brice Waegeneire +Copyright @copyright{} 2020 Brice Waegeneire@* +Copyright @copyright{} 2020 Oleg Pykhalov =20 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.3 or @@ -893,21 +894,24 @@ execution of the @var{command} was successful, @code{= #t} if not. @deffn {procedure} make-forkexec-constructor @var{command} @ [#:user #f] @ [#:group #f] @ + [#:supplementary-groups '()] @ [#:pid-file #f] [#:pid-file-timeout (default-pid-file-timeout)] @ [#:log-file #f] @ [#:directory (default-service-directory)] @ [#:file-creation-mask #f] @ [#:environment-variables (default-environment-variables)] Return a procedure that forks a child process, closes all file =2Ddescriptors except the standard output and standard error descriptors, s= ets =2Dthe current directory to @var{directory}, sets the umask to =2D@var{file-creation-mask} unless it is @code{#f}, changes the environment= to =2D@var{environment-variables} (using the @code{environ} procedure), sets t= he =2Dcurrent user to @var{user} and the current group to @var{group} unless t= hey =2Dare @code{#f}, and executes @var{command} (a list of strings.) The resu= lt of =2Dthe procedure will be the PID of the child process. Note that this will =2Dnot work as expected if the process ``daemonizes'' (forks); in that =2Dcase, you will need to pass @code{#:pid-file}, as explained below. +descriptors except the standard output and standard error descriptors, +sets the current directory to @var{directory}, sets the umask to +@var{file-creation-mask} unless it is @code{#f}, changes the environment +to @var{environment-variables} (using the @code{environ} procedure), +sets the current user to @var{user} the current group to @var{group} +unless they are @code{#f} and supplementary groups to +@var{supplementary-groups} unless they are @code{'()}, and executes +@var{command} (a list of strings.) The result of the procedure will be +the PID of the child process. Note that this will not work as expected +if the process ``daemonizes'' (forks); in that case, you will need to +pass @code{#:pid-file}, as explained below. =20 When @var{pid-file} is true, it must be the name of a PID file associated with the process being launched; the return value is the PID @@ -937,6 +941,7 @@ procedures. @deffn {procedure} exec-command @var{command} @ [#:user #f] @ [#:group #f] @ + [#:supplementary-groups '()] @ [#:log-file #f] @ [#:directory (default-service-directory)] @ [#:file-creation-mask #f] @ @@ -944,6 +949,7 @@ procedures. @deffnx {procedure} fork+exec-command @var{command} @ [#:user #f] @ [#:group #f] @ + [#:supplementary-groups '()] @ [#:directory (default-service-directory)] @ [#:file-creation-mask #f] @ [#:environment-variables (default-environment-variables)] @@ -955,12 +961,13 @@ if it's true, whereas file descriptor 0 (standard input) points to @file{/dev/null}; all other file descriptors are closed prior to yielding control to @var{command}. =20 =2DBy default, @var{command} is run as the current user. If the =2D@var{user} keyword argument is present and not false, change to =2D@var{user} immediately before invoking @var{command}. @var{user} may =2Dbe a string, indicating a user name, or a number, indicating a user =2DID. Likewise, @var{command} will be run under the current group, =2Dunless the @var{group} keyword argument is present and not false. +By default, @var{command} is run as the current user. If the @var{user} +keyword argument is present and not false, change to @var{user} +immediately before invoking @var{command}. @var{user} may be a string, +indicating a user name, or a number, indicating a user ID. Likewise, +@var{command} will be run under the current group, unless the +@var{group} keyword argument is present and not false, and +supplementary-groups is not '(). =20 @code{fork+exec-command} does the same as @code{exec-command}, but in a separate process whose PID it returns. diff --git a/modules/shepherd/service.scm b/modules/shepherd/service.scm index 347b8cc..587ff68 100644 =2D-- a/modules/shepherd/service.scm +++ b/modules/shepherd/service.scm @@ -6,6 +6,7 @@ ;; Copyright (C) 2018 Carlo Zancanaro ;; Copyright (C) 2019 Ricardo Wurmus ;; Copyright (C) 2020 Mathieu Othacehe +;; Copyright (C) 2020 Oleg Pykhalov ;; ;; This file is part of the GNU Shepherd. ;; @@ -773,10 +774,15 @@ daemon writing FILE is running in a separate PID name= space." (try-again) (apply throw args))))))) =20 +(define (format-supplementary-groups supplementary-groups) + (list->vector (map (lambda (group) (group:gid (getgr group))) + supplementary-groups))) + (define* (exec-command command #:key (user #f) (group #f) + (supplementary-groups '()) (log-file #f) (directory (default-service-directory)) (file-creation-mask #f) @@ -832,7 +838,7 @@ false." (catch #t (lambda () ;; Clear supplementary groups. =2D (setgroups #()) + (setgroups (format-supplementary-groups supplementary-groups)) (setgid (group:gid (getgr group)))) (lambda (key . args) (format (current-error-port) @@ -879,6 +885,7 @@ false." #:key (user #f) (group #f) + (supplementary-groups '()) (log-file #f) (directory (default-service-directory)) (file-creation-mask #f) @@ -909,6 +916,7 @@ its PID." (exec-command command #:user user #:group group + #:supplementary-groups supplementary-groups #:log-file log-file #:directory directory #:file-creation-mask file-creation-mask @@ -919,6 +927,7 @@ its PID." #:key (user #f) (group #f) + (supplementary-groups '()) (directory (default-service-directory)) (environment-variables (default-environment-variables)) @@ -956,6 +965,7 @@ start." (let ((pid (fork+exec-command command #:user user #:group group + #:supplementary-groups supplementary-gro= ups #:log-file log-file #:directory directory #:file-creation-mask file-creation-mask =2D-=20 2.26.2 --=-=-=-- --==-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEcjhxI46s62NFSFhXFn+OpQAa+pwFAl7sFNkACgkQFn+OpQAa +pyehRAAt4NZd8bLMQq1GSTyJNaJqeOT7gwOiEtUIDgQqw+Nk1+M15ocKNveZlxC gPE73iTM5U5hXdzWXILi0UkSQYY0C7cbvg1vOgDcv1vn4QEmCFrUAmZR8QO7GPUX aeXfkUm3JBGDXWybFyArkC2dMF0kfe0k8UjgGjmtlap1dC/sLRVVgJZqZV+Z0/Vz v2eJ/6zmYdqOgYqHbIwgCXeYm2hT1n6RFF2KpszjAcwdHWbjezuwzDTOdUeXCecB 8p44o56pZ4BpJkahrz8JtLwiRGTE/1Sq4A38j6uJzT14DTKWgTfp2oHxv9EVkAbU y/HRlPJ1KHYGhKEXGAEaPZ0YhryzUoBgX4/4QsKidVAMdH3wNv0jAZSwwnhrYR3H kn6pPKcuZ8Uc68IE5Ta7MCJ1oeT66Dg9ZsyFX3NAOvB3pvL13CGD2bGZPDOs95D1 94ORqtzWehikRSRq/JYYwfDlzvL2RMnzSHQAIbZQHvUJX4FNUOoSBcujTYNIbOTI hVqBe2PdY/ipfMG4NzlIdlaz0QMqehj/muPfpFlp0Q9B7EJ7WVJ/5oYsE95k+UI0 ge/EHUNwfpr8G3odHwRJqbkHliew6NCBZeEVqIiq/8DcIkYbxcV2Tb8t0UCeE6yC 0hQciC59OGpicOgQKOCLzTpnKQYTABzIl/AsyWuLBDwn8ypySks= =C1QS -----END PGP SIGNATURE----- --==-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Fri Jun 19 03:56:33 2020 Received: (at 41573-done) by debbugs.gnu.org; 19 Jun 2020 07:56:33 +0000 Received: from localhost ([127.0.0.1]:55055 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jmBt3-0004TB-6c for submit@debbugs.gnu.org; Fri, 19 Jun 2020 03:56:33 -0400 Received: from eggs.gnu.org ([209.51.188.92]:59872) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1jmBt1-0004Sw-D8 for 41573-done@debbugs.gnu.org; Fri, 19 Jun 2020 03:56:31 -0400 Received: from fencepost.gnu.org ([2001:470:142:3::e]:57646) by eggs.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1jmBsw-00070w-2y; Fri, 19 Jun 2020 03:56:26 -0400 Received: from [2a01:e0a:1d:7270:af76:b9b:ca24:c465] (port=37268 helo=ribbon) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1jmBsu-0003Bq-KG; Fri, 19 Jun 2020 03:56:25 -0400 From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Oleg Pykhalov Subject: Re: [bug#41573] [PATCH Shepherd] shepherd: service: Add #:supplementary-groups. References: <87a71sbpr4.fsf@gmail.com> <87mu55s72d.fsf@gnu.org> <871rmb4zdy.fsf@gmail.com> X-URL: http://www.fdn.fr/~lcourtes/ X-Revolutionary-Date: 2 Messidor an 228 de la =?utf-8?Q?R=C3=A9volution?= X-PGP-Key-ID: 0x090B11993D9AEBB5 X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5 X-OS: x86_64-pc-linux-gnu Date: Fri, 19 Jun 2020 09:56:22 +0200 In-Reply-To: <871rmb4zdy.fsf@gmail.com> (Oleg Pykhalov's message of "Fri, 19 Jun 2020 04:28:57 +0300") Message-ID: <871rmbij4p.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (gnu/linux) MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 41573-done Cc: 41573-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi, Oleg Pykhalov skribis: > From 20a08c750c4d6126d36835c64fed211299cb03e3 Mon Sep 17 00:00:00 2001 > From: Oleg Pykhalov > Date: Sun, 24 May 2020 20:30:27 +0300 > Subject: [PATCH] service: Add #:supplementary-groups. > > * modules/shepherd/service.scm (format-supplementary-groups): New procedu= re. > (exec-command, fork+exec-command, make-forkexec-constructor): Add > '#:supplementary-groups'. > * doc/shepherd.texi (Service De- and Constructors): Document this. Applied with the change below, thanks! Ludo=E2=80=99. --=-=-= Content-Type: text/x-patch Content-Disposition: inline diff --git a/doc/shepherd.texi b/doc/shepherd.texi index 18f1a4d..696477e 100644 --- a/doc/shepherd.texi +++ b/doc/shepherd.texi @@ -967,7 +967,7 @@ immediately before invoking @var{command}. @var{user} may be a string, indicating a user name, or a number, indicating a user ID. Likewise, @var{command} will be run under the current group, unless the @var{group} keyword argument is present and not false, and -supplementary-groups is not '(). +@var{supplementary-groups} is not @code{'()}. @code{fork+exec-command} does the same as @code{exec-command}, but in a separate process whose PID it returns. --=-=-=-- From unknown Sat Jun 21 10:07:21 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Fri, 17 Jul 2020 11:24:07 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator