04/06: services: oci: Fix OCI backed Shepherd services HOME variable.

[guix-commits]

guix_mirror_bot pushed a commit to branch master
in repository guix.

commit 877610c1ce3efa1743643a7589e4079cfd0b1917
Author: Giacomo Leidi <goodoldp...@autistici.org>
AuthorDate: Wed Sep 10 09:21:53 2025 +0200

    services: oci: Fix OCI backed Shepherd services HOME variable.
    
    This patch allows containers run with podman to run each with their own
    specific user.
    
    * doc/guix.texi: Fix wrong type for oci-container-configuration's
    shepherd-dependencies field.
    * gnu/services/containers.scm (oci-container-shepherd-service): In case
    a specific container is not run through the user provisioned by the
    oci-service-type, its environment is different from the globally
    provisioned one and must be recomputed.
    
    Change-Id: I5d636ad0616ced0af124002de4403da3067334de
    Signed-off-by: Ludovic Courtès <l...@gnu.org>
---
 doc/guix.texi               | 2 +-
 gnu/services/containers.scm | 7 ++++++-
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 0924aebf4a..00d235b3b0 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -44867,7 +44867,7 @@ is @code{#f}, the service has to be started manually 
with @command{herd start}.
 Whether to have Shepherd restart the service when it stops, for instance when
 the underlying process dies.
 
-@item @code{shepherd-actions} (default: @code{'()}) (type: list-of-symbols)
+@item @code{shepherd-actions} (default: @code{'()}) (type: 
list-of-shepherd-actions)
 This is a list of @code{shepherd-action} records defining actions supported
 by the service.
 
diff --git a/gnu/services/containers.scm b/gnu/services/containers.scm
index c9eadea9b4..0c3d6463e4 100644
--- a/gnu/services/containers.scm
+++ b/gnu/services/containers.scm
@@ -1277,7 +1277,12 @@ by CONFIG through RUNTIME-CLI."
     (define environment-variables
       #~(append
          (list #$@host-environment)
-         (list #$@(oci-runtime-state-runtime-environment runtime-state))))
+         ;; In case this specific container is not run through the user
+         ;; provisioned by the oci-service-type, its environment is different
+         ;; from the globally provisioned one and must be recomputed.
+         (list #$@(if (maybe-value-set? user)
+                      (oci-runtime-system-environment runtime user)
+                      (oci-runtime-state-runtime-environment runtime-state)))))
     (define invocation
       (oci-container-run-invocation
        (oci-container-configuration->oci-container-invocation