[PATCH staging] containers: Add CLONE_NEWCGROUP cgroup namespace support

  • Done
  • quality assurance status badge
Details
2 participants
  • Ludovic Courtès
  • Ryan Sundberg
Owner
unassigned
Submitted by
Ryan Sundberg
Severity
normal

Debbugs page

Ryan Sundberg wrote 3 years ago
(address . guix-patches@gnu.org)(name . Ryan Sundberg)(address . ryan@arctype.co)
20211230035215.14477-1-ryan@arctype.co
Adds low-level support for launching linux containers with cgroup namespaces.

gnu/build/linux-container.scm (%namespaces): Add 'cgroup
guix/build/syscalls.scm (CLONE_NEWCGROUP): Add flag definition
---
gnu/build/linux-container.scm | 3 ++-
guix/build/syscalls.scm | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)

Toggle diff (43 lines)
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index 4a8bed5a9a..bdeca2cdb9 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -52,7 +52,7 @@ exists."
(file-exists? "/proc/self/setgroups"))
(define %namespaces
- '(mnt pid ipc uts user net))
+ '(cgroup mnt pid ipc uts user net))
(define (call-with-clean-exit thunk)
"Apply THUNK, but exit with a status code of 1 if it fails."
@@ -210,6 +210,7 @@ corresponds to the symbols in NAMESPACES."
;; Use the same flags as fork(3) in addition to the namespace flags.
(apply logior SIGCHLD
(map (match-lambda
+ ('cgroup CLONE_NEWCGROUP)
('mnt CLONE_NEWNS)
('uts CLONE_NEWUTS)
('ipc CLONE_NEWIPC)
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 45f95c509d..a7401fd73f 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -132,6 +132,7 @@
CLONE_CHILD_CLEARTID
CLONE_CHILD_SETTID
+ CLONE_NEWCGROUP
CLONE_NEWNS
CLONE_NEWUTS
CLONE_NEWIPC
@@ -1025,6 +1026,7 @@ caller lacks root privileges."
;; Linux clone flags, from linux/sched.h
(define CLONE_CHILD_CLEARTID #x00200000)
(define CLONE_CHILD_SETTID #x01000000)
+(define CLONE_NEWCGROUP #x02000000)
(define CLONE_NEWNS #x00020000)
(define CLONE_NEWUTS #x04000000)
(define CLONE_NEWIPC #x08000000)
--
2.31.1
Ludovic Courtès wrote 3 years ago
(name . Ryan Sundberg)(address . ryan@arctype.co)(address . 52887-done@debbugs.gnu.org)
87k0fdj14j.fsf@gnu.org
Hi,

Ryan Sundberg <ryan@arctype.co> skribis:

Toggle quote (5 lines)
> Adds low-level support for launching linux containers with cgroup namespaces.
>
> gnu/build/linux-container.scm (%namespaces): Add 'cgroup
> guix/build/syscalls.scm (CLONE_NEWCGROUP): Add flag definition

I tweaked the commit log and applied to ‘master’, thanks!

Ludo’.
Closed
?
Your comment

This issue is archived.

To comment on this conversation send an email to 52887@debbugs.gnu.org

To respond to this issue using the mumi CLI, first switch to it
mumi current 52887
Then, you may apply the latest patchset in this issue (with sign off)
mumi am -- -s
Or, compose a reply to this issue
mumi compose
Or, send patches to this issue
mumi send-email *.patch
You may also tag this issue. See list of standard tags. For example, to set the confirmed and easy tags
mumi command -t +confirmed -t +easy
Or, remove the moreinfo tag and set the help tag
mumi command -t -moreinfo -t +help