summary refs log tree commit diff
path: root/doc
diff options
context:
space:
mode:
authorLudovic Courtès <ludovic.courtes@inria.fr>2020-05-07 22:49:20 +0200
committerLudovic Courtès <ludo@gnu.org>2020-05-14 17:21:27 +0200
commit6456232164890dbf5aa20394ee24637feb4b7b9e (patch)
tree8fbdad7a851dd1762756c7178864d6919a62c00f /doc
parent4449e7c5e4c8b746c786fc9a5ea82eab60f6c846 (diff)
downloadguix-6456232164890dbf5aa20394ee24637feb4b7b9e.tar.gz
pack: Add relocation via ld.so and fakechroot.
* gnu/packages/aux-files/run-in-namespace.c (HAVE_EXEC_WITH_LOADER): New
macro.
(bind_mount): Rename to...
(mirror_directory): ... this.  Add 'firmlink' argument and use it
instead of calling mkdir/open/close/mount directly.
(bind_mount, make_symlink): New functions.
(exec_in_user_namespace): Adjust accordingly.
(exec_with_loader) [HAVE_EXEC_WITH_LOADER]: New function.
(exec_performance): New function.
(engines): Add them.
* guix/scripts/pack.scm (wrapped-package)[fakechroot-library]
[audit-module]: New procedures.
[audit-source]: New variable.
[build](elf-interpreter, elf-loader-compile-flags): New procedures.
(build-wrapper): Use them.
* tests/guix-pack-relocatable.sh: Test with
'GUIX_EXECUTION_ENGINE=fakechroot'.
* doc/guix.texi (Invoking guix pack): Document the 'performance' and
'fakechroot' engines.
* gnu/packages/aux-files/pack-audit.c: New file.
* Makefile.am (AUX_FILES): Add it.
Diffstat (limited to 'doc')
-rw-r--r--doc/guix.texi13
1 files changed, 13 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi
index 906ebff555..a36b9691fb 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -5230,6 +5230,10 @@ following execution engines are supported:
 Try user namespaces and fall back to PRoot if user namespaces are not
 supported (see below).
 
+@item performance
+Try user namespaces and fall back to Fakechroot if user namespaces are
+not supported (see below).
+
 @item userns
 Run the program through user namespaces and abort if they are not
 supported.
@@ -5241,6 +5245,15 @@ support for file system virtualization.  It achieves that by using the
 @code{ptrace} system call on the running program.  This approach has the
 advantage to work without requiring special kernel support, but it incurs
 run-time overhead every time a system call is made.
+
+@item fakechroot
+Run through Fakechroot.  @uref{https://github.com/dex4er/fakechroot/,
+Fakechroot} virtualizes file system accesses by intercepting calls to C
+library functions such as @code{open}, @code{stat}, @code{exec}, and so
+on.  Unlike PRoot, it incurs very little overhead.  However, it does not
+always work: for example, some file system accesses made from within the
+C library are not intercepted, and file system accesses made @i{via}
+direct syscalls are not intercepted either, leading to erratic behavior.
 @end table
 
 @vindex GUIX_EXECUTION_ENGINE