GNU bug report logs -
#52887
[PATCH staging] containers: Add CLONE_NEWCGROUP cgroup namespace support
Previous Next
Reported by: Ryan Sundberg <ryan <at> arctype.co>
Date: Thu, 30 Dec 2021 03:54:02 UTC
Severity: normal
Tags: patch
Done: Ludovic Courtès <ludo <at> gnu.org>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 52887 in the body.
You can then email your comments to 52887 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#52887; Package
guix-patches.
(Thu, 30 Dec 2021 03:54:02 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Ryan Sundberg <ryan <at> arctype.co>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Thu, 30 Dec 2021 03:54:02 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
Adds low-level support for launching linux containers with cgroup namespaces.
gnu/build/linux-container.scm (%namespaces): Add 'cgroup
guix/build/syscalls.scm (CLONE_NEWCGROUP): Add flag definition
---
gnu/build/linux-container.scm | 3 ++-
guix/build/syscalls.scm | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/gnu/build/linux-container.scm b/gnu/build/linux-container.scm
index 4a8bed5a9a..bdeca2cdb9 100644
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@@ -52,7 +52,7 @@ exists."
(file-exists? "/proc/self/setgroups"))
(define %namespaces
- '(mnt pid ipc uts user net))
+ '(cgroup mnt pid ipc uts user net))
(define (call-with-clean-exit thunk)
"Apply THUNK, but exit with a status code of 1 if it fails."
@@ -210,6 +210,7 @@ corresponds to the symbols in NAMESPACES."
;; Use the same flags as fork(3) in addition to the namespace flags.
(apply logior SIGCHLD
(map (match-lambda
+ ('cgroup CLONE_NEWCGROUP)
('mnt CLONE_NEWNS)
('uts CLONE_NEWUTS)
('ipc CLONE_NEWIPC)
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 45f95c509d..a7401fd73f 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -132,6 +132,7 @@
CLONE_CHILD_CLEARTID
CLONE_CHILD_SETTID
+ CLONE_NEWCGROUP
CLONE_NEWNS
CLONE_NEWUTS
CLONE_NEWIPC
@@ -1025,6 +1026,7 @@ caller lacks root privileges."
;; Linux clone flags, from linux/sched.h
(define CLONE_CHILD_CLEARTID #x00200000)
(define CLONE_CHILD_SETTID #x01000000)
+(define CLONE_NEWCGROUP #x02000000)
(define CLONE_NEWNS #x00020000)
(define CLONE_NEWUTS #x04000000)
(define CLONE_NEWIPC #x08000000)
--
2.31.1
Reply sent
to
Ludovic Courtès <ludo <at> gnu.org>:
You have taken responsibility.
(Wed, 05 Jan 2022 21:59:02 GMT)
Full text and
rfc822 format available.
Notification sent
to
Ryan Sundberg <ryan <at> arctype.co>:
bug acknowledged by developer.
(Wed, 05 Jan 2022 21:59:02 GMT)
Full text and
rfc822 format available.
Message #10 received at 52887-done <at> debbugs.gnu.org (full text, mbox):
Hi,
Ryan Sundberg <ryan <at> arctype.co> skribis:
> Adds low-level support for launching linux containers with cgroup namespaces.
>
> gnu/build/linux-container.scm (%namespaces): Add 'cgroup
> guix/build/syscalls.scm (CLONE_NEWCGROUP): Add flag definition
I tweaked the commit log and applied to ‘master’, thanks!
Ludo’.
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Thu, 03 Feb 2022 12:24:10 GMT)
Full text and
rfc822 format available.
This bug report was last modified 2 years and 88 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.