diff options
author | Ludovic Courtès <ludo@gnu.org> | 2022-04-17 15:32:19 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2022-05-01 21:30:36 +0200 |
commit | 53dbc6fd9a2f476f38e17496457a6b3b06e71687 (patch) | |
tree | 7ee9acaf6e5bdd2a213beabeb3657f0d8407be6c /gnu | |
parent | 19df5f2423c34e798d1629bb11f2e5e5f29e951e (diff) | |
download | guix-53dbc6fd9a2f476f38e17496457a6b3b06e71687.tar.gz |
services: wesnothd: Use 'least-authority-wrapper'.
* gnu/services/games.scm (wesnothd-shepherd-service): Use 'least-authority-wrapper' instead of 'make-forkexec-constructor/container'.
Diffstat (limited to 'gnu')
-rw-r--r-- | gnu/services/games.scm | 25 |
1 files changed, 13 insertions, 12 deletions
diff --git a/gnu/services/games.scm b/gnu/services/games.scm index dc0bfbe9dc..6c2af44b49 100644 --- a/gnu/services/games.scm +++ b/gnu/services/games.scm @@ -23,6 +23,9 @@ #:use-module (gnu packages admin) #:use-module (gnu packages games) #:use-module (gnu system shadow) + #:use-module ((gnu system file-systems) #:select (file-system-mapping)) + #:use-module (gnu build linux-container) + #:autoload (guix least-authority) (least-authority-wrapper) #:use-module (guix gexp) #:use-module (guix modules) #:use-module (guix records) @@ -57,22 +60,20 @@ (define wesnothd-shepherd-service (match-lambda (($ <wesnothd-configuration> package port) - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) + (let ((wesnothd (least-authority-wrapper + (file-append package "/bin/wesnothd") + #:name "wesnothd" + #:mappings (list (file-system-mapping + (source "/var/run/wesnothd") + (target source) + (writable? #t))) + #:namespaces (delq 'net %namespaces)))) (shepherd-service (documentation "The Battle for Wesnoth server") (provision '(wesnoth-daemon)) (requirement '(networking)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$(file-append package "/bin/wesnothd") - "-p" #$(number->string port)) - #:mappings (list (file-system-mapping - (source "/var/run/wesnothd") - (target source) - (writable? #t))) + (start #~(make-forkexec-constructor + (list #$wesnothd "-p" #$(number->string port)) #:user "wesnothd" #:group "wesnothd")) (stop #~(make-kill-destructor))))))) |