[bug#42849] [PATCH 2/3] linux-container: Add a jail? argument.

[Ludovic Courtès]

Mathieu Othacehe <othacehe@gnu.org> skribis:

> We may want to run a container inside the MNT namespace, without jailing the
> container. Add a "jail?" argument to "run-container" and "call-with-container"
> methods.
>
> * gnu/build/linux-container.scm (run-container): Add a "jail?" argument and
> honor it,
> (call-with-container): ditto, and pass the argument to "run-container".
> ---
>  gnu/build/linux-container.scm | 20 ++++++++++++--------
>  1 file changed, 12 insertions(+), 8 deletions(-)
>
> diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
> index 87695c98fd..bb9fb0d799 100644
> --- a/gnu/build/linux-container.scm
> +++ b/gnu/build/linux-container.scm
> @@ -218,12 +218,13 @@ corresponds to the symbols in NAMESPACES."
>                namespaces)))
>  
>  (define* (run-container root mounts namespaces host-uids thunk
> -                        #:key (guest-uid 0) (guest-gid 0))
> +                        #:key (guest-uid 0) (guest-gid 0) (jail? #t))
>    "Run THUNK in a new container process and return its PID.  ROOT specifies
>  the root directory for the container.  MOUNTS is a list of <file-system>
>  objects that specify file systems to mount inside the container.  NAMESPACES
>  is a list of symbols that correspond to the possible Linux namespaces: mnt,
> -ipc, uts, user, and net.
> +ipc, uts, user, and net. If JAIL? is false, MOUNTS list is ignored and the
> +container is not jailed.

Why not just change the caller to pass #:mounts '() then?  Am I missing
something?

I’m reluctant to introducing “jail” because that’s undefined in this
context (reminds me of FreeBSD).

Ludo’.