linux-container: Export ‘%writable-/tmp’ and use it.

Fixes guix/guix#1994. * gnu/build/linux-container.scm (%writable-/tmp): New variable. * guix/scripts/environment.scm (launch-environment/container): Remove ‘tmpfs’ and use it. Adjust ‘file-system’ declaration for /run/user/$UID. * guix/scripts/home.scm (spawn-home-container): Likewise. Reported-by: Romain GARBAGE <romain.garbage@inria.fr> Change-Id: Ia8289fb5386971738caf2ccc1e815daa6ac28459
2025-10-02 02:15:12 +00:00 · 2025-08-29 11:13:05 +02:00 · 2025-08-29 11:13:05 +02:00 · c52a9cee53
commit c52a9cee53
parent 6d242496db
3 changed files with 21 additions and 15 deletions
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@ -30,6 +30,7 @@
            unprivileged-user-namespace-supported?
            setgroups-supported?
            %namespaces
+            %writable-/tmp
            run-container
            call-with-container
            container-excursion
@ -387,6 +388,16 @@ if there are no child processes left."
      (+ 128 (or (status:term-sig status)
                 (status:stop-sig status)))))

+(define %writable-/tmp
+  ;; Writable and volatile /tmp.
+  (file-system
+    (device "none")
+    (mount-point "/tmp")
+    (type "tmpfs")
+    (flags '(no-suid no-dev))
+    (options "mode=755,size=10%")
+    (check? #f)))
+
 (define* (call-with-container mounts thunk #:key (namespaces %namespaces)
                              (host-uids 1) (guest-uid 0) (guest-gid 0)
                              (lock-mounts? #t)