diff options
author | David Thompson <dthompson2@worcester.edu> | 2015-11-03 08:32:53 -0500 |
---|---|---|
committer | David Thompson <dthompson2@worcester.edu> | 2015-11-03 11:41:04 -0500 |
commit | b7d48312bbfc7bdbb3895eb10edc352eeb555b98 (patch) | |
tree | 90b3b401a88358aee843fb25d7fff293946d2a02 /gnu/build | |
parent | 9ff7827a21c13e67fb72196da10ab1ad30d79ddf (diff) | |
download | guix-b7d48312bbfc7bdbb3895eb10edc352eeb555b98.tar.gz |
build: container: Add feature test predicates.
* gnu/build/linux-container.scm (user-namespace-supported?, unprivileged-user-namespace-supported?, setgroups-supported?): New procedures. * tests/container.scm: Use predicates. * tests/syscalls.scm: Likewise.
Diffstat (limited to 'gnu/build')
-rw-r--r-- | gnu/build/linux-container.scm | 22 |
1 files changed, 21 insertions, 1 deletions
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm index 556422bc38..eb5dbf94a3 100644 --- a/gnu/build/linux-container.scm +++ b/gnu/build/linux-container.scm @@ -19,16 +19,36 @@ (define-module (gnu build linux-container) #:use-module (ice-9 format) #:use-module (ice-9 match) + #:use-module (ice-9 rdelim) #:use-module (srfi srfi-98) #:use-module (guix utils) #:use-module (guix build utils) #:use-module (guix build syscalls) #:use-module ((gnu build file-systems) #:select (mount-file-system)) - #:export (%namespaces + #:export (user-namespace-supported? + unprivileged-user-namespace-supported? + setgroups-supported? + %namespaces run-container call-with-container container-excursion)) +(define (user-namespace-supported?) + "Return #t if user namespaces are supported on this system." + (file-exists? "/proc/self/ns/user")) + +(define (unprivileged-user-namespace-supported?) + "Return #t if user namespaces can be created by unprivileged users." + (let ((userns-file "/proc/sys/kernel/unprivileged_userns_clone")) + (if (file-exists? userns-file) + (string=? "1" (call-with-input-file userns-file read-string)) + #t))) + +(define (setgroups-supported?) + "Return #t if the setgroups proc file, introduced in Linux-libre 3.19, +exists." + (file-exists? "/proc/self/setgroups")) + (define %namespaces '(mnt pid ipc uts user net)) |