[bug#70494] [PATCH 02/23] gnu: linux-container: Make it more suitable fo

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#70494] [PATCH 02/23] gnu: linux-container: Make it more suitable fo

From:	Ludovic Courtès
Subject:	[bug#70494] [PATCH 02/23] gnu: linux-container: Make it more suitable for derivation-building.
Date:	Tue, 07 May 2024 16:28:46 +0200
User-agent:	Gnus/5.13 (Gnus v5.13)

Christopher Baines <mail@cbaines.net> skribis:

> From: Caleb Ristvedt <caleb.ristvedt@cune.org>
>
> * gnu/build/linux-container.scm (mount-file-systems): First remount all
> filesystems in the current mount namespace as private (by mounting / with
> MS_PRIVATE and MS_REC), so that the set of mounts cannot increase except from
> within the container.  Also, the tmpfs mounted over the chroot directory now
> inherits the chroot directory's permissions (p11-kit, for example, has a test
> that assumes that the root directory is not writable for the current user, and
> tmpfs is by default 1777 when created).
> * guix/build/syscalls.scm (MS_PRIVATE, MS_REC): new variables.

LGTM (though the log seems to describe more than the changes?).

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#70494] [PATCH 02/23] gnu: linux-container: Make it more suitable for derivation-building., Ludovic Courtès <=

Prev by Date: [bug#70494] [PATCH 03/23] syscalls: Add missing pieces for derivation build environment.
Next by Date: [bug#70494] [PATCH 01/23] store: database: Register derivation outputs.
Previous by thread: [bug#70494] [PATCH 03/23] syscalls: Add missing pieces for derivation build environment.
Next by thread: [bug#70494] [PATCH 01/23] store: database: Register derivation outputs.
Index(es):
- Date
- Thread