summary refs log tree commit diff
path: root/gnu/system
diff options
context:
space:
mode:
authorLudovic Courtès <ludo@gnu.org>2023-06-16 10:52:58 +0200
committerLudovic Courtès <ludo@gnu.org>2023-06-24 16:13:05 +0200
commited5a9f5260666679289c3d20d5068e374084a50c (patch)
tree7bb270ec3014e56f645682d90ba4d1bc39dab265 /gnu/system
parentdeeee98a50267660439109ce8ef8fe856bdb1846 (diff)
downloadguix-ed5a9f5260666679289c3d20d5068e374084a50c.tar.gz
linux-container: Pass '--disable-chroot' to 'guix-daemon'.
This allows for the use of Guix within a non-privileged Docker container
produced by 'guix system image -t docker'.

* gnu/system/linux-container.scm (containerized-operating-system):
Change 'guix-configuration' to add "--disable-chroot".
Diffstat (limited to 'gnu/system')
-rw-r--r--gnu/system/linux-container.scm13
1 files changed, 12 insertions, 1 deletions
diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm
index 7c45dbccaf..485baea4c5 100644
--- a/gnu/system/linux-container.scm
+++ b/gnu/system/linux-container.scm
@@ -1,6 +1,6 @@
 ;;; GNU Guix --- Functional package management for GNU
 ;;; Copyright © 2015 David Thompson <davet@gnu.org>
-;;; Copyright © 2016-2017, 2019-2022 Ludovic Courtès <ludo@gnu.org>
+;;; Copyright © 2016-2017, 2019-2023 Ludovic Courtès <ludo@gnu.org>
 ;;; Copyright © 2019 Arun Isaac <arunisaac@systemreboot.net>
 ;;; Copyright © 2020 Efraim Flashner <efraim@flashner.co.il>
 ;;; Copyright © 2020 Google LLC
@@ -160,6 +160,17 @@ containerized OS.  EXTRA-FILE-SYSTEMS is a list of file systems to add to OS."
                                            (nscd-configuration
                                             (inherit (service-value s))
                                             (caches %nscd-container-caches))))
+                                 ((eq? guix-service-type (service-kind s))
+                                  ;; Pass '--disable-chroot' so that
+                                  ;; guix-daemon can build thing even in
+                                  ;; Docker without '--privileged'.
+                                  (service guix-service-type
+                                           (guix-configuration
+                                            (inherit (service-value s))
+                                            (extra-options
+                                             (cons "--disable-chroot"
+                                                   (guix-configuration-extra-options
+                                                    (service-value s)))))))
                                  (else s)))
                          (operating-system-user-services os))))
     (file-systems (append (map mapping->fs