Re: [PATCH 11/15] gnu: system: Add Linux container module.
"Thompson, David" skribis: > From 7c41e765a91f6a4c50b692f6230d6e0e3e3b7099 Mon Sep 17 00:00:00 2001 > From: David Thompson > Date: Mon, 8 Jun 2015 08:59:00 -0400 > Subject: [PATCH] gnu: system: Add Linux container module. > > * gnu/system/linux-container.scm: New file. > * gnu-system.am (GNU_SYSTEM_MODULES): Add it. > * gnu/system.scm: Export 'operating-system-etc-directory', > 'operating-system-boot-script', 'operating-system-locale-directory', and > 'file-union'. > (operating-system-boot-script): Add #:container? keyword argument. > (operating-system-activation-script): Add #:container? keyword argument. > Don't call 'activate-firmware' or 'activate-ptrace-attach' when activating a > container. LGTM! Ludo'.
Re: [PATCH 11/15] gnu: system: Add Linux container module.
On Tue, Jul 7, 2015 at 9:55 AM, Ludovic Courtès wrote: > David Thompson skribis: > >> * gnu/system/linux-container.scm: New file. >> * gnu-system.am (GNU_SYSTEM_MODULES): Add it. >> * gnu/system.scm: Export 'operating-system-etc-directory', >> 'operating-system-boot-script', 'operating-system-locale-directory', and >> 'file-union'. >> (operating-system-boot-script): Add #:container? keyword argument. >> (operating-system-activation-script): Add #:container? keyword argument. >> Don't call 'activate-firmware' or 'activate-ptrace-attach' when activating >> a >> container. > > [...] > >> +(define* (operating-system-boot-script os #:key container?) >>"Return the boot script for OS---i.e., the code started by the initrd once >> we're running in the final root." > > Augment the docstring with something like: > > When CONTAINER? is true, skip all hardware-related operations as > necessary when booting a Linux container. > >> +(define (system-container os) > > docstring > >> +(define* (container-script os #:key (mappings '())) > > docstring > > OK with these changes! I made these changes and added a 'containerized-operating-system' procedure to the module that does something similar to 'virtualized-operating-system' in (gnu system vm), as discussed in the main thread. Updated patch attached. WDYT? - Dave - Dave From 7c41e765a91f6a4c50b692f6230d6e0e3e3b7099 Mon Sep 17 00:00:00 2001 From: David Thompson Date: Mon, 8 Jun 2015 08:59:00 -0400 Subject: [PATCH] gnu: system: Add Linux container module. * gnu/system/linux-container.scm: New file. * gnu-system.am (GNU_SYSTEM_MODULES): Add it. * gnu/system.scm: Export 'operating-system-etc-directory', 'operating-system-boot-script', 'operating-system-locale-directory', and 'file-union'. (operating-system-boot-script): Add #:container? keyword argument. (operating-system-activation-script): Add #:container? keyword argument. Don't call 'activate-firmware' or 'activate-ptrace-attach' when activating a container. --- gnu-system.am | 1 + gnu/system.scm | 30 +++ gnu/system/linux-container.scm | 118 + 3 files changed, 139 insertions(+), 10 deletions(-) create mode 100644 gnu/system/linux-container.scm diff --git a/gnu-system.am b/gnu-system.am index d6369b5..83d04d8 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -346,6 +346,7 @@ GNU_SYSTEM_MODULES =\ gnu/system/grub.scm\ gnu/system/install.scm \ gnu/system/linux.scm\ + gnu/system/linux-container.scm \ gnu/system/linux-initrd.scm \ gnu/system/locale.scm\ gnu/system/nss.scm\ diff --git a/gnu/system.scm b/gnu/system.scm index efad145..3ec1a4c 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -82,6 +82,11 @@ operating-system-derivation operating-system-profile operating-system-grub.cfg +operating-system-etc-directory +operating-system-locale-directory +operating-system-boot-script + +file-union local-host-aliases %setuid-programs @@ -679,7 +684,7 @@ variable is not set---hence the need for this wrapper." (apply execl #$modprobe (cons #$modprobe (cdr (command-line -(define (operating-system-activation-script os) +(define* (operating-system-activation-script os #:key container?) "Return the activation script for OS---i.e., the code that \"activates\" the stateful part of OS, including user accounts and groups, special directories, etc." @@ -753,12 +758,15 @@ etc." ;; Tell the kernel to use our 'modprobe' command. (activate-modprobe #$modprobe) -;; Tell the kernel where firmware is. -(activate-firmware - (string-append #$firmware "/lib/firmware")) - -;; Let users debug their own processes! -(activate-ptrace-attach) +;; Tell the kernel where firmware is, unless we are +;; activating a container. +#$@(if container? + #~() + ;; Tell the kernel where firmware is. + #~((activate-firmware + (string-append #$firmware "/lib/firmware")) + ;; Let users debug their own processes! + (activate-ptrace-attach))) ;; Run the services' activation snippets. ;; TODO: Use 'load-compiled'. @@ -767,11 +775,13 @@ etc." ;; Set up /run/current-system. (activate-current-system) -(define (operating-system-boot-script os) +(define* (operating-system-boot-script os #:key container?) "Return the boot script for OS---i.e., the code started by the initrd
Re: [PATCH 11/15] gnu: system: Add Linux container module.
David Thompson skribis: > * gnu/system/linux-container.scm: New file. > * gnu-system.am (GNU_SYSTEM_MODULES): Add it. > * gnu/system.scm: Export 'operating-system-etc-directory', > 'operating-system-boot-script', 'operating-system-locale-directory', and > 'file-union'. > (operating-system-boot-script): Add #:container? keyword argument. > (operating-system-activation-script): Add #:container? keyword argument. > Don't call 'activate-firmware' or 'activate-ptrace-attach' when activating a > container. [...] > +(define* (operating-system-boot-script os #:key container?) >"Return the boot script for OS---i.e., the code started by the initrd once > we're running in the final root." Augment the docstring with something like: When CONTAINER? is true, skip all hardware-related operations as necessary when booting a Linux container. > +(define (system-container os) docstring > +(define* (container-script os #:key (mappings '())) docstring OK with these changes! Ludo’.
[PATCH 11/15] gnu: system: Add Linux container module.
From: David Thompson * gnu/system/linux-container.scm: New file. * gnu-system.am (GNU_SYSTEM_MODULES): Add it. * gnu/system.scm: Export 'operating-system-etc-directory', 'operating-system-boot-script', 'operating-system-locale-directory', and 'file-union'. (operating-system-boot-script): Add #:container? keyword argument. (operating-system-activation-script): Add #:container? keyword argument. Don't call 'activate-firmware' or 'activate-ptrace-attach' when activating a container. --- gnu-system.am | 1 + gnu/system.scm | 27 - gnu/system/linux-container.scm | 90 ++ 3 files changed, 109 insertions(+), 9 deletions(-) create mode 100644 gnu/system/linux-container.scm diff --git a/gnu-system.am b/gnu-system.am index 48dbc5f..cfc2999 100644 --- a/gnu-system.am +++ b/gnu-system.am @@ -346,6 +346,7 @@ GNU_SYSTEM_MODULES =\ gnu/system/grub.scm \ gnu/system/install.scm \ gnu/system/linux.scm \ + gnu/system/linux-container.scm \ gnu/system/linux-initrd.scm \ gnu/system/locale.scm\ gnu/system/nss.scm \ diff --git a/gnu/system.scm b/gnu/system.scm index 82b7fbc..476d901 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -82,6 +82,11 @@ operating-system-derivation operating-system-profile operating-system-grub.cfg +operating-system-etc-directory +operating-system-locale-directory +operating-system-boot-script + +file-union local-host-aliases %setuid-programs @@ -679,7 +684,7 @@ variable is not set---hence the need for this wrapper." (apply execl #$modprobe (cons #$modprobe (cdr (command-line -(define (operating-system-activation-script os) +(define* (operating-system-activation-script os #:key container?) "Return the activation script for OS---i.e., the code that \"activates\" the stateful part of OS, including user accounts and groups, special directories, etc." @@ -752,12 +757,15 @@ etc." ;; Tell the kernel to use our 'modprobe' command. (activate-modprobe #$modprobe) -;; Tell the kernel where firmware is. -(activate-firmware - (string-append #$firmware "/lib/firmware")) - -;; Let users debug their own processes! -(activate-ptrace-attach) +;; Tell the kernel where firmware is, unless we are +;; activating a container. +#$@(if container? + #~() + ;; Tell the kernel where firmware is. + #~((activate-firmware + (string-append #$firmware "/lib/firmware")) + ;; Let users debug their own processes! + (activate-ptrace-attach))) ;; Run the services' activation snippets. ;; TODO: Use 'load-compiled'. @@ -766,11 +774,12 @@ etc." ;; Set up /run/current-system. (activate-current-system) -(define (operating-system-boot-script os) +(define* (operating-system-boot-script os #:key container?) "Return the boot script for OS---i.e., the code started by the initrd once we're running in the final root." (mlet* %store-monad ((services (operating-system-services os)) - (activate (operating-system-activation-script os)) + (activate (operating-system-activation-script + os #:container? container?)) (dmd-conf (dmd-configuration-file services))) (gexp->file "boot" #~(begin diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm new file mode 100644 index 000..5368dec --- /dev/null +++ b/gnu/system/linux-container.scm @@ -0,0 +1,90 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2015 David Thompson +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License
