GNU bug report logs - #54997
[PATCH 00/12] Add "least authority" program wrapper

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Sun, 17 Apr 2022 21:02:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: 54997 <at> debbugs.gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>
Subject: [bug#54997] [PATCH v2 12/15] services: wesnothd: Grant write access to /var/run/wesnothd.
Date: Wed, 27 Apr 2022 18:56:32 +0200

* gnu/services/games.scm (wesnothd-shepherd-service): Augment 'modules'
field.  Pass #:mappings argument to 'make-forkexec-constructor/container'.
(wesnothd-activation): New variable.
(wesnothd-service-type): Extend ACTIVATION-SERVICE-TYPE.
---
 gnu/services/games.scm | 24 ++++++++++++++++++++++--
 1 file changed, 22 insertions(+), 2 deletions(-)

diff --git a/gnu/services/games.scm b/gnu/services/games.scm
index b743f6a4b6..dc0bfbe9dc 100644
--- a/gnu/services/games.scm
+++ b/gnu/services/games.scm
@@ -1,5 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2018 Arun Isaac <arunisaac <at> systemreboot.net>
+;;; Copyright © 2022 Ludovic Courtès <ludo <at> gnu.org>
 ;;;
 ;;; This file is part of GNU Guix.
 ;;;
@@ -57,18 +58,35 @@ (define wesnothd-shepherd-service
   (match-lambda
     (($ <wesnothd-configuration> package port)
      (with-imported-modules (source-module-closure
-                             '((gnu build shepherd)))
+                             '((gnu build shepherd)
+                               (gnu system file-systems)))
        (shepherd-service
         (documentation "The Battle for Wesnoth server")
         (provision '(wesnoth-daemon))
         (requirement '(networking))
-        (modules '((gnu build shepherd)))
+        (modules '((gnu build shepherd)
+                   (gnu system file-systems)))
         (start #~(make-forkexec-constructor/container
                   (list #$(file-append package "/bin/wesnothd")
                         "-p" #$(number->string port))
+                  #:mappings (list (file-system-mapping
+                                    (source "/var/run/wesnothd")
+                                    (target source)
+                                    (writable? #t)))
                   #:user "wesnothd" #:group "wesnothd"))
         (stop #~(make-kill-destructor)))))))
 
+(define wesnothd-activation
+  (with-imported-modules '((guix build utils))
+    #~(begin
+        (use-modules (guix build utils))
+
+        (let* ((user (getpw "wesnothd"))
+               (directory "/var/run/wesnothd"))
+          ;; wesnothd creates a Unix-domain socket in DIRECTORY.
+          (mkdir-p directory)
+          (chown directory (passwd:uid user) (passwd:gid user))))))
+
 (define wesnothd-service-type
   (service-type
    (name 'wesnothd)
@@ -77,6 +95,8 @@ (define wesnothd-service-type
    (extensions
     (list (service-extension account-service-type
                              (const %wesnothd-accounts))
+          (service-extension activation-service-type
+                             (const wesnothd-activation))
           (service-extension shepherd-root-service-type
                              (compose list wesnothd-shepherd-service))))
    (default-value (wesnothd-configuration))))
-- 
2.35.1
This bug report was last modified 3 years and 72 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.