GNU bug report logs -
#54997
[PATCH 00/12] Add "least authority" program wrapper
Previous Next
Reported by: Ludovic Courtès <ludo <at> gnu.org>
Date: Sun, 17 Apr 2022 21:02:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
Full log
View this message in rfc822 format
* gnu/services/messaging.scm (quassel-shepherd-service): Use
'least-authority-wrapper' instead of
'make-forkexec-constructor/container'.
---
gnu/services/messaging.scm | 42 ++++++++++++++++++++------------------
1 file changed, 22 insertions(+), 20 deletions(-)
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm
index 7fdd8cf285..05bf6e784b 100644
--- a/gnu/services/messaging.scm
+++ b/gnu/services/messaging.scm
@@ -939,29 +939,31 @@ (define-record-type* <quassel-configuration>
(define quassel-shepherd-service
(match-lambda
(($ <quassel-configuration> quassel interface port loglevel)
- (with-imported-modules (source-module-closure
- '((gnu build shepherd)
- (gnu system file-systems)))
+ (let ((quassel (least-authority-wrapper
+ (file-append quassel "/bin/quasselcore")
+ #:name "quasselcore"
+ #:mappings (list (file-system-mapping
+ (source "/var/lib/quassel")
+ (target source)
+ (writable? #t))
+ (file-system-mapping
+ (source "/var/log/quassel")
+ (target source)
+ (writable? #t)))
+ ;; XXX: The daemon needs to live in the main user
+ ;; namespace, as root, so it can access /var/lib/quassel
+ ;; owned by "quasselcore".
+ #:namespaces (fold delq %namespaces '(net user)))))
(list (shepherd-service
(provision '(quassel))
(requirement '(user-processes networking))
- (modules '((gnu build shepherd)
- (gnu system file-systems)))
- (start #~(make-forkexec-constructor/container
- (list #$(file-append quassel "/bin/quasselcore")
- "--configdir=/var/lib/quassel"
- "--logfile=/var/log/quassel/core.log"
- (string-append "--loglevel=" #$loglevel)
- (string-append "--port=" (number->string #$port))
- (string-append "--listen=" #$interface))
- #:mappings (list (file-system-mapping
- (source "/var/lib/quassel")
- (target source)
- (writable? #t))
- (file-system-mapping
- (source "/var/log/quassel")
- (target source)
- (writable? #t)))))
+ (start #~(make-forkexec-constructor
+ (list #$quassel
+ "--configdir=/var/lib/quassel"
+ "--logfile=/var/log/quassel/core.log"
+ (string-append "--loglevel=" #$loglevel)
+ (string-append "--port=" (number->string #$port))
+ (string-append "--listen=" #$interface))))
(stop #~(make-kill-destructor))))))))
(define %quassel-account
--
2.35.1
This bug report was last modified 3 years and 72 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.