GNU bug report logs - #77396
[PATCH] services: Add ngircd-service-type.

Previous Next

Package: guix-patches;

Reported by: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Date: Mon, 31 Mar 2025 02:29:07 UTC

Severity: normal

Tags: patch

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #14 received at 77396 <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: 77396 <at> debbugs.gnu.org
Cc: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Subject: [PATCH v2 1/2] least-authority: Preserve systemd LISTEN_* environment
 variables.
Date: Thu,  3 Apr 2025 15:43:24 +0900

Otherwise, combining make-systemd-constructor with least-authority-wrapper
would not work correctly out of the box.

* guix/least-authority.scm (%precious-variables): Rename to...
(%default-preserved-environment-variables): ... this, and export it.
Add "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES" environment variables.
(least-authority-wrapper): Adjust accordingly.

Change-Id: Idd259b15463920965f530e1917d76bf97def3b7b
---
 guix/least-authority.scm | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/guix/least-authority.scm b/guix/least-authority.scm
index 3465fe9a48..cd846aaa61 100644
--- a/guix/least-authority.scm
+++ b/guix/least-authority.scm
@@ -26,7 +26,8 @@ (define-module (guix least-authority)
                                           spec->file-system
                                           file-system->spec
                                           file-system-mapping->bind-mount)
-  #:export (least-authority-wrapper))
+  #:export (least-authority-wrapper
+            %default-preserved-environment-variables))
 
 ;;; Commentary:
 ;;;
@@ -35,9 +36,10 @@ (define-module (guix least-authority)
 ;;;
 ;;; Code:
 
-(define %precious-variables
+(define %default-preserved-environment-variables
   ;; Environment variables preserved by the wrapper by default.
-  '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER"))
+  '("HOME" "USER" "LOGNAME" "DISPLAY" "XAUTHORITY" "TERM" "TZ" "PAGER"
+    "LISTEN_PID" "LISTEN_FDS" "LISTEN_FDNAMES")) ;for make-systemd-constructor
 
 (define* (least-authority-wrapper program
                                   #:key (name "pola-wrapper")
@@ -49,7 +51,7 @@ (define* (least-authority-wrapper program
                                   (namespaces %namespaces)
                                   (directory "/")
                                   (preserved-environment-variables
-                                   %precious-variables))
+                                   %default-preserved-environment-variables))
   "Return a wrapper of PROGRAM that executes it with the least authority.
 
 PROGRAM is executed in separate namespaces according to NAMESPACES, a list of

base-commit: 8c43056aabc2d22da61dc86049b143f7ae1ef516
-- 
2.49.0
This bug report was last modified 35 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.