summary refs log tree commit diff
path: root/gnu/build
diff options
context:
space:
mode:
authorDavid Thompson <dthompson2@worcester.edu>2015-11-03 08:32:53 -0500
committerDavid Thompson <dthompson2@worcester.edu>2015-11-03 11:41:04 -0500
commitb7d48312bbfc7bdbb3895eb10edc352eeb555b98 (patch)
tree90b3b401a88358aee843fb25d7fff293946d2a02 /gnu/build
parent9ff7827a21c13e67fb72196da10ab1ad30d79ddf (diff)
downloadguix-b7d48312bbfc7bdbb3895eb10edc352eeb555b98.tar.gz
build: container: Add feature test predicates.
* gnu/build/linux-container.scm (user-namespace-supported?,
  unprivileged-user-namespace-supported?, setgroups-supported?): New
  procedures.
* tests/container.scm: Use predicates.
* tests/syscalls.scm: Likewise.
Diffstat (limited to 'gnu/build')
-rw-r--r--gnu/build/linux-container.scm22
1 files changed, 21 insertions, 1 deletions
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index 556422bc38..eb5dbf94a3 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -19,16 +19,36 @@
 (define-module (gnu build linux-container)
   #:use-module (ice-9 format)
   #:use-module (ice-9 match)
+  #:use-module (ice-9 rdelim)
   #:use-module (srfi srfi-98)
   #:use-module (guix utils)
   #:use-module (guix build utils)
   #:use-module (guix build syscalls)
   #:use-module ((gnu build file-systems) #:select (mount-file-system))
-  #:export (%namespaces
+  #:export (user-namespace-supported?
+            unprivileged-user-namespace-supported?
+            setgroups-supported?
+            %namespaces
             run-container
             call-with-container
             container-excursion))
 
+(define (user-namespace-supported?)
+  "Return #t if user namespaces are supported on this system."
+  (file-exists? "/proc/self/ns/user"))
+
+(define (unprivileged-user-namespace-supported?)
+  "Return #t if user namespaces can be created by unprivileged users."
+  (let ((userns-file "/proc/sys/kernel/unprivileged_userns_clone"))
+    (if (file-exists? userns-file)
+        (string=? "1" (call-with-input-file userns-file read-string))
+        #t)))
+
+(define (setgroups-supported?)
+  "Return #t if the setgroups proc file, introduced in Linux-libre 3.19,
+exists."
+  (file-exists? "/proc/self/setgroups"))
+
 (define %namespaces
   '(mnt pid ipc uts user net))