GNU bug report logs - #64105
[PATCH] linux-container: Pass '--disable-chroot' to 'guix-daemon'.

Previous Next

Package: guix-patches;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Fri, 16 Jun 2023 08:56:02 UTC

Severity: normal

Tags: patch

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Ludovic Courtès <ludo <at> gnu.org>
To: guix-patches <at> gnu.org
Cc: Ludovic Courtès <ludo <at> gnu.org>
Subject: [PATCH] linux-container: Pass '--disable-chroot' to 'guix-daemon'.
Date: Fri, 16 Jun 2023 10:55:08 +0200

This allows for the use of Guix within a non-privileged Docker container
produced by 'guix system image -t docker'.

* gnu/system/linux-container.scm (containerized-operating-system):
Change 'guix-configuration' to add "--disable-chroot".
---
 gnu/system/linux-container.scm | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm
index 7c45dbccaf..485baea4c5 100644
--- a/gnu/system/linux-container.scm
+++ b/gnu/system/linux-container.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet <at> gnu.org>
-;;; Copyright © 2016-2017, 2019-2022 Ludovic Courtès <ludo <at> gnu.org>
+;;; Copyright © 2016-2017, 2019-2023 Ludovic Courtès <ludo <at> gnu.org>
 ;;; Copyright © 2019 Arun Isaac <arunisaac <at> systemreboot.net>
 ;;; Copyright © 2020 Efraim Flashner <efraim <at> flashner.co.il>
 ;;; Copyright © 2020 Google LLC
@@ -160,6 +160,17 @@ (define* (containerized-operating-system os mappings
                                            (nscd-configuration
                                             (inherit (service-value s))
                                             (caches %nscd-container-caches))))
+                                 ((eq? guix-service-type (service-kind s))
+                                  ;; Pass '--disable-chroot' so that
+                                  ;; guix-daemon can build thing even in
+                                  ;; Docker without '--privileged'.
+                                  (service guix-service-type
+                                           (guix-configuration
+                                            (inherit (service-value s))
+                                            (extra-options
+                                             (cons "--disable-chroot"
+                                                   (guix-configuration-extra-options
+                                                    (service-value s)))))))
                                  (else s)))
                          (operating-system-user-services os))))
     (file-systems (append (map mapping->fs

base-commit: 31336e9f5d68512a9c1c6826bce9f17c892a2125
-- 
2.40.1
This bug report was last modified 2 years and 24 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.