GNU bug report logs - #54997
[PATCH 00/12] Add "least authority" program wrapper

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Sun, 17 Apr 2022 21:02:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: Maxime Devos <maximedevos <at> telenet.be>
Cc: 54997 <at> debbugs.gnu.org
Subject: [bug#54997] [PATCH 00/12] Add "least authority" program wrapper
Date: Tue, 26 Apr 2022 22:22:42 +0200

Hi Maxime,

Maxime Devos <maximedevos <at> telenet.be> skribis:

> Ludovic Courtès schreef op zo 17-04-2022 om 23:01 [+0200]:
>> Hello Guix!
>> 
>> So we have this fancy ‘make-forkexec-constructor/container’ thing
>> to spawn Shepherd services in a container:
>> 
>>   https://guix.gnu.org/en/blog/2017/running-system-services-in-containers/
>> 
>> It’s nice, but it doesn’t compose.  What if you want an inetd-style
>> service *and* have it run in a container?  We certainly don’t want to
>> end up defining ‘make-inetd-constructor/container’ and so on.
>
> Currently, it doesn't compose, but can it be made composable?
> More concretely, maybe there could be a set of ‘process procedures’
> implementable by record types:
>
>   ;; Inspired by <https://docs.racket-lang.org/reference/subprocess.html>,
>   ;; with some differences
>   (define (subprocess-start/separate process) ...)  ; run it in a separate process
>   (define (subprocess-start/replace process) ...) ; run it with 'exec'
>   (define (subprocess-kill process) ...)
>   (define (subprocess-wait process) ...)
>   (define (subprocess-status process) ...)
>
>   ;; Basic process constructor, doesn't do containers
>   (define (command-process ...) ...)
>
>   ;; Container
>   (define (contain inner #:key container-stuff ...)
>     subprocess-start/separate: (run-container ... (lambda () (subprocess-start/replace inner)))
>     other procedures ...
>     return the record)
>
> Then make-inetd-constructor could be changed to accept a lambda producing
> 'subprocess' records.  By passing it a subprocess wrapped by 'contain', it would
> automatically support container things:
>
> (define (make-inetd-constructor/container-command command* ...)
>   (make-inetd-constructor (lambda () (contain (command-process comand*))) ...))

A (sub)process abstraction could be useful, indeed.

But like you write, we’d need further changes in shepherd itself, which
makes it less appealing IMO.  I like that the “POLA wrapper” allows us
to deal with this aspect in a fairly orthogonal fashion.

Thanks!

Ludo’.
This bug report was last modified 3 years and 72 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.