summary refs log tree commit diff
path: root/gnu/build
diff options
context:
space:
mode:
authorMathieu Othacehe <othacehe@gnu.org>2020-08-13 13:59:19 +0200
committerMathieu Othacehe <othacehe@gnu.org>2020-09-02 17:05:23 +0200
commit5316dfc0f125b658e4a2acf7f00f49501663d943 (patch)
tree465a2b2b30bbf2f47a904311e30986ada4a263dc /gnu/build
parent22827396baea149f193f6e9558b522e6d9c89a44 (diff)
downloadguix-5316dfc0f125b658e4a2acf7f00f49501663d943.tar.gz
linux-container: Do not jail the container unconditionally.
We may want to run a container inside the MNT namespace, without jailing the
container. If RUN-CONTAINER is passed a null MOUNTS list, do not jail the
container.

* gnu/build/linux-container.scm (run-container): Do not call
MOUNT-FILE-SYSTEMS if MOUNTS list is empty.
Diffstat (limited to 'gnu/build')
-rw-r--r--gnu/build/linux-container.scm3
1 files changed, 2 insertions, 1 deletions
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index 87695c98fd..21292b8d2f 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -243,7 +243,8 @@ that host UIDs (respectively GIDs) map to in the namespace."
              (match (read child)
                ('ready
                 (purify-environment)
-                (when (memq 'mnt namespaces)
+                (when (and (not (null? mounts))
+                           (memq 'mnt namespaces))
                   (catch #t
                     (lambda ()
                       (mount-file-systems root mounts