[PATCH 2/2] gnu: Add lxc.

  • Done
  • quality assurance status badge
Details
2 participants
  • ???
  • Marius Bakke
Owner
unassigned
Submitted by
???
Severity
normal
?
?
??? wrote on 13 Jul 2017 13:31
(address . guix-patches@gnu.org)(name . ???)(address . iyzsong@member.fsf.org)
20170713113157.1565-2-iyzsong@member.fsf.org
* gnu/packages/virtualization.scm (lxc): New package.
---
gnu/packages/virtualization.scm | 47 +++++++++++++++++++++++++++++++++++++++++
1 file changed, 47 insertions(+)

Toggle diff (67 lines)
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 79209c300..25abaaa88 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -42,6 +42,7 @@
#:use-module (gnu packages pkg-config)
#:use-module (gnu packages polkit)
#:use-module (gnu packages python)
+ #:use-module (gnu packages selinux)
#:use-module (gnu packages sdl)
#:use-module (gnu packages spice)
#:use-module (gnu packages texinfo)
@@ -266,6 +267,52 @@ all common programming languages. Vala bindings are also provided.")
;; files in the "tools" directory are released under GPLv2+.
(license (list lgpl2.1+ gpl2+))))
+(define-public lxc
+ (package
+ (name "lxc")
+ (version "2.0.8")
+ (source (origin
+ (method url-fetch)
+ (uri (string-append
+ "https://linuxcontainers.org/downloads/lxc/lxc-"
+ version ".tar.gz"))
+ (sha256
+ (base32
+ "15449r56rqg3487kzsnfvz0w4p5ajrq0krcsdh6c9r6g0ark93hd"))))
+ (build-system gnu-build-system)
+ (native-inputs
+ `(("pkg-config" ,pkg-config)))
+ (inputs
+ `(("gnutls" ,gnutls)
+ ("libcap" ,libcap)
+ ("libseccomp" ,libseccomp)
+ ("libselinux" ,libselinux)))
+ (arguments
+ '(#:configure-flags
+ '("--sysconfdir=/etc"
+ "--localstatedir=/var")
+ #:phases
+ (modify-phases %standard-phases
+ (replace 'install
+ (lambda* (#:key outputs #:allow-other-keys)
+ (let* ((out (assoc-ref outputs "out"))
+ (bashcompdir (string-append out "/etc/bash_completion.d")))
+ (zero? (system*
+ "make" "install"
+ (string-append "bashcompdir=" bashcompdir)
+ ;; Thoses files will be handled by system services.
+ "LXCPATH=/tmp/var/lib/lxc"
+ "localstatedir=/tmp/var"
+ "sysconfdir=/tmp/etc"
+ "sysconfigdir=/tmp/etc/default"))))))))
+ (synopsis "Linux container tools")
+ (home-page "https://linuxcontainers.org/")
+ (description
+ "LXC is a userspace interface for the Linux kernel containment features.
+Through a powerful API and simple tools, it lets Linux users easily create and
+manage system or application containers.")
+ (license lgpl2.1+)))
+
(define-public libvirt
(package
(name "libvirt")
--
2.12.2
M
M
Marius Bakke wrote on 14 Jul 2017 19:09
(name . ???)(address . iyzsong@member.fsf.org)
87zic7hrml.fsf@fastmail.com
??? <iyzsong@member.fsf.org> writes:

Toggle quote (2 lines)
> * gnu/packages/virtualization.scm (lxc): New package.

Thanks!

[...]

Toggle quote (19 lines)
> + (arguments
> + '(#:configure-flags
> + '("--sysconfdir=/etc"
> + "--localstatedir=/var")
> + #:phases
> + (modify-phases %standard-phases
> + (replace 'install
> + (lambda* (#:key outputs #:allow-other-keys)
> + (let* ((out (assoc-ref outputs "out"))
> + (bashcompdir (string-append out "/etc/bash_completion.d")))
> + (zero? (system*
> + "make" "install"
> + (string-append "bashcompdir=" bashcompdir)
> + ;; Thoses files will be handled by system services.
> + "LXCPATH=/tmp/var/lib/lxc"
> + "localstatedir=/tmp/var"
> + "sysconfdir=/tmp/etc"
> + "sysconfigdir=/tmp/etc/default"))))))))

If these are not important, why not set them to $out/etc, $out/var and
so on? /tmp seems like a dangerous default to me, since any unprivileged
user can populate these directories.

LGTM apart from that.
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEu7At3yzq9qgNHeZDoqBt8qM6VPoFAllo+uIACgkQoqBt8qM6
VPpEzgf5AUrW2xes7mPGxotkEflZk+ZavpuFRFnyLHT4UynZ0E/6yiiQ5HRt2dU8
LSo66FmfmMiRG0OxpyLP8r8T9UP7vtw6yQ643uRTkg1E8MwPA4BqGvzF2XzZd6Q6
NXXvXgshMrj8958mM3DxEn93p2pJWqU4MweG018DXnIIsjRHV7BasyZa485sE1tX
I4XQMivF/8EXGlBdH7hyKU3KPp8Ku/lyHsYDLkyMKs250lB4ezRF/9XXzZpmJDFY
PBIcfN2dUJAmfXW/lcd4EZUtWxaS2t4Xp74lY99CxGDtDv7o5jqq3O7fvXggn46j
T0e/N4CzJlJqQhbBzZzaHpROHDjUrg==
=0hWm
-----END PGP SIGNATURE-----

?
?
??? wrote on 15 Jul 2017 13:20
(address . 27682-done@debbugs.gnu.org)
87eftiymje.fsf@member.fsf.org
Pushed.
Closed
?
?
??? wrote on 15 Jul 2017 12:58
(name . Marius Bakke)(address . mbakke@fastmail.com)(address . 27682@debbugs.gnu.org)
87iniuynjd.fsf@member.fsf.org
Marius Bakke <mbakke@fastmail.com> writes:

Toggle quote (31 lines)
> ??? <iyzsong@member.fsf.org> writes:
>
>> * gnu/packages/virtualization.scm (lxc): New package.
>
> Thanks!
>
> [...]
>
>> + (arguments
>> + '(#:configure-flags
>> + '("--sysconfdir=/etc"
>> + "--localstatedir=/var")
>> + #:phases
>> + (modify-phases %standard-phases
>> + (replace 'install
>> + (lambda* (#:key outputs #:allow-other-keys)
>> + (let* ((out (assoc-ref outputs "out"))
>> + (bashcompdir (string-append out "/etc/bash_completion.d")))
>> + (zero? (system*
>> + "make" "install"
>> + (string-append "bashcompdir=" bashcompdir)
>> + ;; Thoses files will be handled by system services.
>> + "LXCPATH=/tmp/var/lib/lxc"
>> + "localstatedir=/tmp/var"
>> + "sysconfdir=/tmp/etc"
>> + "sysconfigdir=/tmp/etc/default"))))))))
>
> If these are not important, why not set them to $out/etc, $out/var and
> so on? /tmp seems like a dangerous default to me, since any unprivileged
> user can populate these directories.

Those paths are configured to '/var/lib/lxc', '/var' etc. The install
phase drop them to avoid touching system directories in the builder.
The effective paths are still '/var/lib/lxc', owned by root, which will
be handled by lxc-service-type and alike.
?