From unknown Tue Jun 17 03:40:02 2025
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Mailer: MIME-tools 5.509 (Entity 5.509)
Content-Type: text/plain; charset=utf-8
From: bug#52887 <52887@debbugs.gnu.org>
To: bug#52887 <52887@debbugs.gnu.org>
Subject: Status: [PATCH staging] containers: Add CLONE_NEWCGROUP cgroup
 namespace support
Reply-To: bug#52887 <52887@debbugs.gnu.org>
Date: Tue, 17 Jun 2025 10:40:02 +0000

retitle 52887 [PATCH staging] containers: Add CLONE_NEWCGROUP cgroup namesp=
ace support
reassign 52887 guix-patches
submitter 52887 Ryan Sundberg <ryan@arctype.co>
severity 52887 normal
tag 52887 patch

thanks


From debbugs-submit-bounces@debbugs.gnu.org Wed Dec 29 22:53:04 2021
Received: (at submit) by debbugs.gnu.org; 30 Dec 2021 03:53:04 +0000
Received: from localhost ([127.0.0.1]:50842 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1n2mUy-00080K-8v
	for submit@debbugs.gnu.org; Wed, 29 Dec 2021 22:53:04 -0500
Received: from lists.gnu.org ([209.51.188.17]:47662)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ryan@arctype.co>) id 1n2mUw-000802-NU
 for submit@debbugs.gnu.org; Wed, 29 Dec 2021 22:53:03 -0500
Received: from eggs.gnu.org ([209.51.188.92]:50178)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <ryan@arctype.co>) id 1n2mUv-0003UD-RA
 for guix-patches@gnu.org; Wed, 29 Dec 2021 22:53:01 -0500
Received: from mail.arctype.co ([138.68.9.245]:42661)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <ryan@arctype.co>) id 1n2mUt-0001CQ-Ou
 for guix-patches@gnu.org; Wed, 29 Dec 2021 22:53:01 -0500
Received: from authenticated-user (mail.arctype.co [138.68.9.245])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
 (No client certificate requested)
 by mail.arctype.co (Postfix) with ESMTPSA id 70F4913B22C;
 Thu, 30 Dec 2021 03:52:26 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=arctype.co; s=mail;
 t=1640836346; bh=eo3JTf1A4eSXvlGbTeDy0wnQmd5ETyyyakDjxJUTIUE=;
 h=From:To:Cc:Subject:Date:From;
 b=O6qD6HdvfYgE2CSqdZ24QVYcvSvT2s9AbpUnJDHaVq2aSjXa9f8k2p+mXufk5ecu5
 UfEJFIiCq6Ukp1G4VD4i1mFWhvuiCugOmylWU7yfqWnV4OraQMGylbbijKwueCsM8i
 VJnegW3WUpf5nWa5IHmuaS/GM4FJ0xvtigmM/UeUYFipcduMjAjiTkrAA05EHHgI5k
 jn33fghLE5d2eWY7+c8dgvXSdcgr5PLtH6BliV5o8v/iN7s8IlR2HGT3FmUileLAsU
 eFfVbL4836nD+JHm3vVuufE/A5Ea+ABpuQqVYd+juPo51eUK5KtFk9flOPF/J4uumN
 YaIC/1bHjIRRw==
From: Ryan Sundberg <ryan@arctype.co>
To: guix-patches@gnu.org
Subject: [PATCH staging] containers: Add CLONE_NEWCGROUP cgroup namespace
 support
Date: Wed, 29 Dec 2021 19:52:16 -0800
Message-Id: <20211230035215.14477-1-ryan@arctype.co>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=138.68.9.245; envelope-from=ryan@arctype.co;
 helo=mail.arctype.co
X-Spam_score_int: -1
X-Spam_score: -0.2
X-Spam_bar: /
X-Spam_report: (-0.2 / 5.0 requ) DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
 DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=unavailable autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.4 (-)
X-Debbugs-Envelope-To: submit
Cc: Ryan Sundberg <ryan@arctype.co>
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -2.4 (--)

Adds low-level support for launching linux containers with cgroup namespaces.

gnu/build/linux-container.scm (%namespaces): Add 'cgroup
guix/build/syscalls.scm (CLONE_NEWCGROUP): Add flag definition
---
 gnu/build/linux-container.scm | 3 ++-
 guix/build/syscalls.scm       | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index 4a8bed5a9a..bdeca2cdb9 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -52,7 +52,7 @@ exists."
   (file-exists? "/proc/self/setgroups"))
 
 (define %namespaces
-  '(mnt pid ipc uts user net))
+  '(cgroup mnt pid ipc uts user net))
 
 (define (call-with-clean-exit thunk)
   "Apply THUNK, but exit with a status code of 1 if it fails."
@@ -210,6 +210,7 @@ corresponds to the symbols in NAMESPACES."
   ;; Use the same flags as fork(3) in addition to the namespace flags.
   (apply logior SIGCHLD
          (map (match-lambda
+               ('cgroup  CLONE_NEWCGROUP)
                ('mnt  CLONE_NEWNS)
                ('uts  CLONE_NEWUTS)
                ('ipc  CLONE_NEWIPC)
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 45f95c509d..a7401fd73f 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -132,6 +132,7 @@
 
             CLONE_CHILD_CLEARTID
             CLONE_CHILD_SETTID
+            CLONE_NEWCGROUP
             CLONE_NEWNS
             CLONE_NEWUTS
             CLONE_NEWIPC
@@ -1025,6 +1026,7 @@ caller lacks root privileges."
 ;; Linux clone flags, from linux/sched.h
 (define CLONE_CHILD_CLEARTID #x00200000)
 (define CLONE_CHILD_SETTID   #x01000000)
+(define CLONE_NEWCGROUP      #x02000000)
 (define CLONE_NEWNS          #x00020000)
 (define CLONE_NEWUTS         #x04000000)
 (define CLONE_NEWIPC         #x08000000)
-- 
2.31.1





From debbugs-submit-bounces@debbugs.gnu.org Wed Jan 05 16:58:46 2022
Received: (at 52887-done) by debbugs.gnu.org; 5 Jan 2022 21:58:46 +0000
Received: from localhost ([127.0.0.1]:39110 helo=debbugs.gnu.org)
	by debbugs.gnu.org with esmtp (Exim 4.84_2)
	(envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
	id 1n5EIw-0000M9-MR
	for submit@debbugs.gnu.org; Wed, 05 Jan 2022 16:58:46 -0500
Received: from hera.aquilenet.fr ([185.233.100.1]:45258)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <ludo@gnu.org>) id 1n5EIu-0000Ls-Gq
 for 52887-done@debbugs.gnu.org; Wed, 05 Jan 2022 16:58:45 -0500
Received: from localhost (localhost [127.0.0.1])
 by hera.aquilenet.fr (Postfix) with ESMTP id B5F53103;
 Wed,  5 Jan 2022 22:58:37 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at aquilenet.fr
Received: from hera.aquilenet.fr ([127.0.0.1])
 by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id l8jfj9XupCnQ; Wed,  5 Jan 2022 22:58:37 +0100 (CET)
Received: from ribbon (91-160-117-201.subs.proxad.net [91.160.117.201])
 by hera.aquilenet.fr (Postfix) with ESMTPSA id C3660FF;
 Wed,  5 Jan 2022 22:58:36 +0100 (CET)
From: =?utf-8?Q?Ludovic_Court=C3=A8s?= <ludo@gnu.org>
To: Ryan Sundberg <ryan@arctype.co>
Subject: Re: bug#52887: [PATCH staging] containers: Add CLONE_NEWCGROUP
 cgroup namespace support
References: <20211230035215.14477-1-ryan@arctype.co>
Date: Wed, 05 Jan 2022 22:58:36 +0100
In-Reply-To: <20211230035215.14477-1-ryan@arctype.co> (Ryan Sundberg's message
 of "Wed, 29 Dec 2021 19:52:16 -0800")
Message-ID: <87k0fdj14j.fsf@gnu.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spamd-Bar: /
Authentication-Results: hera.aquilenet.fr;
	none
X-Rspamd-Server: hera
X-Rspamd-Queue-Id: B5F53103
X-Spamd-Result: default: False [-0.10 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 MIME_GOOD(-0.10)[text/plain]; RCPT_COUNT_TWO(0.00)[2];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 MID_RHS_MATCH_FROM(0.00)[]
X-Spam-Score: 1.0 (+)
X-Debbugs-Envelope-To: 52887-done
Cc: 52887-done@debbugs.gnu.org
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit@debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request@debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, 
 <mailto:debbugs-submit-request@debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces@debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
X-Spam-Score: -0.0 (/)

Hi,

Ryan Sundberg <ryan@arctype.co> skribis:

> Adds low-level support for launching linux containers with cgroup namespa=
ces.
>
> gnu/build/linux-container.scm (%namespaces): Add 'cgroup
> guix/build/syscalls.scm (CLONE_NEWCGROUP): Add flag definition

I tweaked the commit log and applied to =E2=80=98master=E2=80=99, thanks!

Ludo=E2=80=99.




From unknown Tue Jun 17 03:40:02 2025
Received: (at fakecontrol) by fakecontrolmessage;
To: internal_control@debbugs.gnu.org
From: Debbugs Internal Request <help-debbugs@gnu.org>
Subject: Internal Control
Message-Id: bug archived.
Date: Thu, 03 Feb 2022 12:24:10 +0000
User-Agent: Fakemail v42.6.9

# This is a fake control message.
#
# The action:
# bug archived.
thanks
# This fakemail brought to you by your local debbugs
# administrator