From unknown Sun Jun 22 22:43:47 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#68553 <68553@debbugs.gnu.org> To: bug#68553 <68553@debbugs.gnu.org> Subject: Status: [PATCH] gnu: linux-container: Inherit essential services. Reply-To: bug#68553 <68553@debbugs.gnu.org> Date: Mon, 23 Jun 2025 05:43:47 +0000 retitle 68553 [PATCH] gnu: linux-container: Inherit essential services. reassign 68553 guix-patches submitter 68553 Leo Nikkil=C3=A4 severity 68553 normal tag 68553 patch thanks From debbugs-submit-bounces@debbugs.gnu.org Wed Jan 17 16:52:16 2024 Received: (at submit) by debbugs.gnu.org; 17 Jan 2024 21:52:16 +0000 Received: from localhost ([127.0.0.1]:53685 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rQDpU-0001F7-Vs for submit@debbugs.gnu.org; Wed, 17 Jan 2024 16:52:16 -0500 Received: from lists.gnu.org ([2001:470:142::17]:33308) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rQDpS-0001Eq-LM for submit@debbugs.gnu.org; Wed, 17 Jan 2024 16:52:11 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rQDpM-0004o3-1D for guix-patches@gnu.org; Wed, 17 Jan 2024 16:52:04 -0500 Received: from wout1-smtp.messagingengine.com ([64.147.123.24]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rQDpJ-0005Ep-Uf for guix-patches@gnu.org; Wed, 17 Jan 2024 16:52:03 -0500 Received: from compute4.internal (compute4.nyi.internal [10.202.2.44]) by mailout.west.internal (Postfix) with ESMTP id C19F73200AF2; Wed, 17 Jan 2024 16:51:57 -0500 (EST) Received: from mailfrontend1 ([10.202.2.162]) by compute4.internal (MEProxy); Wed, 17 Jan 2024 16:51:58 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lnikki.la; h=cc :cc:content-transfer-encoding:content-type:content-type:date :date:from:from:in-reply-to:message-id:mime-version:reply-to :subject:subject:to:to; s=fm1; t=1705528317; x=1705614717; bh=tF ShOWtdhiaZ0MVcNPjIdgtoS891QC/M6QMtDPYmbRs=; b=F2p3WcnIRKCbT4BBkX aFoE0/CTvMnS96+Y/dBgJtrm2NN7weiw5QiHW1He1GyCYq76p6zI8QCxDWN4LWYR lvQCHpiBY+cW69O8+smlxwqx2ZQPQDNtXJzRYpfzlkopuSmyUQFw3ZtK0HI+2+v0 CxWo6kPunfauzjToMBDlvcMERruX02B5bmOsDLgnWP+WG64OKCbWPwpVYwvvsjiA aIHi70HxDPAgC2CXiQNzJHX7KtgUtJKYye5m4bDILVWKkdjY2t3tIetbHkNMkel5 yVObDhNka47ISvmI/Jh/qj3EqJrToqobphCAVZIR4nZ9kt7v8mvvPr8FN/5GC9eI 9dUg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-transfer-encoding :content-type:content-type:date:date:feedback-id:feedback-id :from:from:in-reply-to:message-id:mime-version:reply-to:subject :subject:to:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm3; t=1705528317; x=1705614717; bh=tFShOWtdhiaZ0 MVcNPjIdgtoS891QC/M6QMtDPYmbRs=; b=BhN4TKsYO9oUcsmQ0A5W+n8Q+6v35 IKhQbOlZNool8HxBvqulCYAuwdKqIQi8qk4XZ0t/Eo/O9niHVzwdyg0sz0mVzZim deXTnEu6dl/cI1PBhq8AVQ8UnVBSxC0NtPHPqJwRgzJdxhuNuMmRxk2h3wiOpgho 0mRVXtGi/4ORO1LEOY5aj1dzM3Z6L46EsRocNwf24VuNHlBApma0U+GBGzp4Baiw YJtq+abV1KhMQ5Xh6DR1lpaB8HEnhBOXRNzQU8R1IQ68UkFy00pFJfKpzLwxyEA5 z3upFu+ewlixhMwTgs+3IwHP8+mt04DFo0weZdh9F0dthERAnRVg0Wwtw== X-ME-Sender: X-ME-Received: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvkedrvdejhedgudeglecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecunecujfgurhephffvvefufffkofggtgfgsehtke ertdertdejnecuhfhrohhmpefnvghoucfpihhkkhhilhomuceohhgvlhhloheslhhnihhk khhirdhlrgeqnecuggftrfgrthhtvghrnheptdffudehleevjedtvefghfeihefhueduge eiheejgeehgfdvffegjeefvdetvdegnecuvehluhhsthgvrhfuihiivgeptdenucfrrghr rghmpehmrghilhhfrhhomhephhgvlhhloheslhhnihhkkhhirdhlrg X-ME-Proxy: Feedback-ID: i41f146a7:Fastmail Received: by mail.messagingengine.com (Postfix) with ESMTPA; Wed, 17 Jan 2024 16:51:56 -0500 (EST) From: =?utf-8?Q?Leo=20Nikkil=C3=A4?= To: guix-patches@gnu.org Subject: [PATCH] gnu: linux-container: Inherit essential services. Date: Wed, 17 Jan 2024 23:48:35 +0200 Message-ID: <20240117215123.13492-1-hello@lnikki.la> X-Mailer: git-send-email 2.41.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=64.147.123.24; envelope-from=hello@lnikki.la; helo=wout1-smtp.messagingengine.com X-Spam_score_int: -27 X-Spam_score: -2.8 X-Spam_bar: -- X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit Cc: =?UTF-8?q?Leo=20Nikkil=C3=A4?= X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) Currently it's not possible to set `essential-services' when building operating systems for containers, since `container-essential-services' always uses the defaults. It's possible to reference `essential-services' from the operating system that's passed in, but since it's thunked, the operating system needs to be defined in two passes to avoid an infinite loop. * gnu/system/linux-container.scm (container-essential-services): Use operating-system-essential-services instead of the defaults to allow overriding the base services. (containerized-operating-system): Update accordingly. --- gnu/system/linux-container.scm | 88 ++++++++++++++++++---------------- 1 file changed, 47 insertions(+), 41 deletions(-) diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm index 485baea4c5..c780b68fba 100644 --- a/gnu/system/linux-container.scm +++ b/gnu/system/linux-container.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2020 Google LLC ;;; Copyright © 2022 Ricardo Wurmus ;;; Copyright © 2023 Pierre Langlois +;;; Copyright © 2024 Leo Nikkilä ;;; ;;; This file is part of GNU Guix. ;;; @@ -56,7 +57,7 @@ (define base (if shared-network? (list hosts-service-type) '())))) - (operating-system-default-essential-services os))) + (operating-system-essential-services os))) (cons (service system-service-type `(("locale" ,(operating-system-locale-directory os)))) @@ -144,48 +145,53 @@ (define services-to-add (list (service dummy-networking-service-type)) '())) + (define os-with-base-essential-services + (operating-system + (inherit os) + (swap-devices '()) ; disable swap + (services + (append services-to-add + (filter-map (lambda (s) + (cond ((memq (service-kind s) services-to-drop) + #f) + ((eq? nscd-service-type (service-kind s)) + (service nscd-service-type + (nscd-configuration + (inherit (service-value s)) + (caches %nscd-container-caches)))) + ((eq? guix-service-type (service-kind s)) + ;; Pass '--disable-chroot' so that + ;; guix-daemon can build thing even in + ;; Docker without '--privileged'. + (service guix-service-type + (guix-configuration + (inherit (service-value s)) + (extra-options + (cons "--disable-chroot" + (guix-configuration-extra-options + (service-value s))))))) + (else s))) + (operating-system-user-services os)))) + (file-systems (append (map mapping->fs + (if shared-network? + (append %network-file-mappings mappings) + mappings)) + extra-file-systems + user-file-systems + + ;; Provide a dummy root file system so we can create + ;; a 'boot-parameters' file. + (list (file-system + (mount-point "/") + (device "nothing") + (type "dummy"))))))) + + ;; `essential-services' is thunked, we need to evaluate it separately. (operating-system - (inherit os) - (swap-devices '()) ; disable swap + (inherit os-with-base-essential-services) (essential-services (container-essential-services - this-operating-system - #:shared-network? shared-network?)) - (services - (append services-to-add - (filter-map (lambda (s) - (cond ((memq (service-kind s) services-to-drop) - #f) - ((eq? nscd-service-type (service-kind s)) - (service nscd-service-type - (nscd-configuration - (inherit (service-value s)) - (caches %nscd-container-caches)))) - ((eq? guix-service-type (service-kind s)) - ;; Pass '--disable-chroot' so that - ;; guix-daemon can build thing even in - ;; Docker without '--privileged'. - (service guix-service-type - (guix-configuration - (inherit (service-value s)) - (extra-options - (cons "--disable-chroot" - (guix-configuration-extra-options - (service-value s))))))) - (else s))) - (operating-system-user-services os)))) - (file-systems (append (map mapping->fs - (if shared-network? - (append %network-file-mappings mappings) - mappings)) - extra-file-systems - user-file-systems - - ;; Provide a dummy root file system so we can create - ;; a 'boot-parameters' file. - (list (file-system - (mount-point "/") - (device "nothing") - (type "dummy"))))))) + os-with-base-essential-services + #:shared-network? shared-network?)))) (define* (container-script os #:key (mappings '()) shared-network?) "Return a derivation of a script that runs OS as a Linux container. base-commit: 270570f09030f8888f613ed18e7b78ae6a7156e0 -- 2.41.0 From debbugs-submit-bounces@debbugs.gnu.org Mon Feb 05 16:29:55 2024 Received: (at 68553-done) by debbugs.gnu.org; 5 Feb 2024 21:29:55 +0000 Received: from localhost ([127.0.0.1]:52400 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rX6XL-0006N1-8n for submit@debbugs.gnu.org; Mon, 05 Feb 2024 16:29:55 -0500 Received: from eggs.gnu.org ([2001:470:142:3::10]:54250) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1rX6XG-0006Mj-5g for 68553-done@debbugs.gnu.org; Mon, 05 Feb 2024 16:29:53 -0500 Received: from fencepost.gnu.org ([2001:470:142:3::e]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1rX6Wx-0007vY-RU; Mon, 05 Feb 2024 16:29:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org; s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To: From; bh=n/L9Dn7RXvZYFn5fegEzt7TN2V9kt6v1rVorR9KJlCw=; b=o/7eqQdEM4E765XJCd3F Wu0ukJbmmJmPFyfXssYDu2cpOYpf0TyG3ECSRdT1KjGrjr5AXE8BlNOJ2ZDRDiCEvXNxSXr/sbT2O jku/nVhHFLBpUlXMsrZh9I2uAhg6tbMdj+M70kJM30i8kr49SNbPcvKmEuHq49Wo54Fq0Kf8kofvn ZGuS52W9/eVIvqhHhyeQEXRkhaSpI9rwZWV/C5IGMmGqDeKILm3sVQlycsmRSDcDmpA5fqHQxvyIk INpVdrAs0nSPFWfCbjng1hpdQRzMQxtfIG1ICvHTZMq91+9mgbnlrhxQuJRA8FIO5ZtL7wwEDNr4B G/pFkfApQ7wKRA==; From: =?utf-8?Q?Ludovic_Court=C3=A8s?= To: Leo =?utf-8?Q?Nikkil=C3=A4?= Subject: Re: [bug#68553] [PATCH] gnu: linux-container: Inherit essential services. In-Reply-To: <20240117215123.13492-1-hello@lnikki.la> ("Leo =?utf-8?Q?Nikk?= =?utf-8?Q?il=C3=A4=22's?= message of "Wed, 17 Jan 2024 23:48:35 +0200") References: <20240117215123.13492-1-hello@lnikki.la> Date: Mon, 05 Feb 2024 22:29:28 +0100 Message-ID: <87il32bnwn.fsf@gnu.org> User-Agent: Gnus/5.13 (Gnus v5.13) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 68553-done Cc: 68553-done@debbugs.gnu.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Hi Leo, Leo Nikkil=C3=A4 skribis: > Currently it's not possible to set `essential-services' when building > operating systems for containers, since `container-essential-services' > always uses the defaults. > > It's possible to reference `essential-services' from the operating > system that's passed in, but since it's thunked, the operating system > needs to be defined in two passes to avoid an infinite loop. > > * gnu/system/linux-container.scm (container-essential-services): Use > operating-system-essential-services instead of the defaults to allow > overriding the base services. > (containerized-operating-system): Update accordingly. I recently ran into this very problem (I wanted to build a container image with a custom shepherd) so I=E2=80=99m glad you=E2=80=99re providing = a fix. Applied, thanks! Ludo=E2=80=99. From unknown Sun Jun 22 22:43:47 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Tue, 05 Mar 2024 12:24:12 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator