From debbugs-submit-bounces@debbugs.gnu.org Sun Feb 24 11:12:26 2019 Received: (at submit) by debbugs.gnu.org; 24 Feb 2019 16:12:26 +0000 Received: from localhost ([127.0.0.1]:50375 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gxwOA-000342-7U for submit@debbugs.gnu.org; Sun, 24 Feb 2019 11:12:26 -0500 Received: from eggs.gnu.org ([209.51.188.92]:48891) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gxwO7-00033p-4Z for submit@debbugs.gnu.org; Sun, 24 Feb 2019 11:12:23 -0500 Received: from lists.gnu.org ([209.51.188.17]:38777) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1gxwO2-00040a-1X for submit@debbugs.gnu.org; Sun, 24 Feb 2019 11:12:18 -0500 Received: from eggs.gnu.org ([209.51.188.92]:35038) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gxwO1-0000IC-57 for guix-patches@gnu.org; Sun, 24 Feb 2019 11:12:17 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gxwO0-0003wj-12 for guix-patches@gnu.org; Sun, 24 Feb 2019 11:12:17 -0500 Received: from mira.cbaines.net ([2a01:7e00::f03c:91ff:fe69:8da9]:34030) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gxwNz-0003sH-PE for guix-patches@gnu.org; Sun, 24 Feb 2019 11:12:15 -0500 Received: from localhost (cpc102582-walt20-2-0-cust14.13-2.cable.virginm.net [86.27.34.15]) by mira.cbaines.net (Postfix) with ESMTPSA id 63DED16C20 for ; Sun, 24 Feb 2019 16:12:11 +0000 (GMT) Received: from capella (localhost [127.0.0.1]) by localhost (OpenSMTPD) with ESMTP id 5a94c0be for ; Sun, 24 Feb 2019 16:12:11 +0000 (UTC) User-agent: mu4e 1.0; emacs 26.1 From: Christopher Baines To: guix-patches@gnu.org Subject: [PATCH 0/4] Isolated inferiors. Date: Sun, 24 Feb 2019 16:12:08 +0000 Message-ID: <875zt9go87.fsf@cbaines.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2a01:7e00::f03c:91ff:fe69:8da9 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.6.x X-Spam-Score: 1.0 (+) X-Debbugs-Envelope-To: submit X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.0 (/) --=-=-= Content-Type: text/plain These patches form a prototype for Guix inferiors, that are isolated. Access to the inferior Guix is done through running a REPL as a separate process. These patches provide a way of launching that REPL in an isolated environment through Linux namespaces, providing some isolation from the wider system. These patches should work, at least enough to get the derivations for packages within the inferior Guix, as well as doing 'guix pull' within the inferior Guix. They're not ready to be merged just yet though. I think some of the approaches are a little odd (e.g. using (ice-9 popen) internals) and I've got no idea if the isolation is actually working properly. Christopher Baines (4): utils: Add #:base-directory to call-with-temporary-directory. linux-container: Add 'start-child-in-container'. inferior: Add a shared-directory field to inferior: Add 'open-inferior/container'. gnu/build/linux-container.scm | 82 +++++++++++++++++++++++++++++++ guix/inferior.scm | 90 ++++++++++++++++++++++++++++++----- guix/utils.scm | 4 +- 3 files changed, 163 insertions(+), 13 deletions(-) --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEEPonu50WOcg2XVOCyXiijOwuE9XcFAlxywlhfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDNF ODlFRUU3NDU4RTcyMEQ5NzU0RTBCMjVFMjhBMzNCMEI4NEY1NzcACgkQXiijOwuE 9XfDjg//W/v3E1k3KSBgq/cbEB3eDzShPBdOfQjXsm+8NtdZUtmifuzomzQPbSRb MdtFZzv1u91baWGc7OcArUujtDb7BJJFOdPLbaU+X5ypEsvdNHdndJTuPSefQS4V rAmbJFLi7vdgqguO8kp5UqT/mHoLDqNPcvCMYQFrlpF6hu1nIHGxtKyTX7TmGVOD amLBFkHr1IF47Fy8+gahkz50jvW5bvc2kyUwXGFUU4xfB/shgKHuq7tZQDHbZwrz IwHEBT2Db4g6bJYb5XP0MpqBLaN9CSCCjaNUTo7Y4rxDxCiiOfkwLZtdugt1ghH7 RnYApd9SMNf90VSjVJithX8Y/FtTCOsh+DVqPwEW0fVIDM0XZJ1a7V7JE3WKAy9+ sNMX0AF4o9VxSSJXupAYb/vqXD3DhctY17VszZDVimkuyAvb3IAipdMiRe5rbQ0O 8SSFXxmvQ+eQsSQ5YF5oq462DZmJ9yhkEXApIS3bwhWXqZw9gzxX8IPUWfAobVtc CpSYhsNDwyz5h0Iult+9rovwDBWu4DtsmRs7L1tykbvSNWOWhgFAqpTf+lx2V6J/ F/XQe6dFuy26c3vH0xVbjSZsWRiqhBXBsRyHtiijI8ctZ5w2fbkzKH3F04st3yRv ARqN+r66Zi207Y5HiSVGxZiYReFoS9i+RL9IJWcxdcMsPJDm0Dk= =PrMq -----END PGP SIGNATURE----- --=-=-=--