amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

environment, home: Make /tmp writable.

Browse source 
Fixes <https://issues.guix.gnu.org/78272>.

Fixes a bug caused by commit ce363c1dc7,
which inadvertently made /tmp read-only as well.

* guix/scripts/environment.scm (launch-environment/container)[tmpfs]:
New variable.
Add it to ‘file-systems’.
* guix/scripts/home.scm (spawn-home-container): Add /tmp file system
to #:mounts.
* tests/guix-environment-container.sh: Add test.

Reported-by: Tomas Volf <~@wolfsden.cz>
Change-Id: I5cb449e6d0c213d4b5866cbcbd14990437a7d4c5
This commit is contained in:
Ludovic Courtès 2025-05-06 11:29:19 +02:00
parent db336991b5
commit edc799dabf
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5
3 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
guix/scripts/environment.scm
View file

@ -770,6 +770,13 @@ added to the container.
Preserve environment variables whose name matches the one of the regexps in Preserve environment variables whose name matches the one of the regexps in
WHILE-LIST." WHILE-LIST."
(define tmpfs
(file-system
(device "none")
(mount-point "/tmp")
(type "tmpfs")
(check? #f)))
(define (optional-mapping->fs mapping) (define (optional-mapping->fs mapping)
(and (file-exists? (file-system-mapping-source mapping)) (and (file-exists? (file-system-mapping-source mapping))
(file-system-mapping->bind-mount mapping))) (file-system-mapping->bind-mount mapping)))
@ -867,6 +874,7 @@ WHILE-LIST."
(writable? #f))) (writable? #f)))
reqs))) reqs)))
(file-systems (append %container-file-systems (file-systems (append %container-file-systems
(list tmpfs)
(if network? (if network?
(filter-map optional-mapping->fs (filter-map optional-mapping->fs
%network-file-mappings) %network-file-mappings)

7
guix/scripts/home.scm
View file

@ -353,7 +353,12 @@ immediately. Return the exit status of the process in the container."
#:namespaces (if network? #:namespaces (if network?
(delq 'net %namespaces) ; share host network (delq 'net %namespaces) ; share host network
%namespaces) %namespaces)
#:mounts (list (file-system #:mounts (list (file-system ;writable /tmp
(device "none")
(mount-point "/tmp")
(type "tmpfs")
(check? #f))
(file-system
(device "none") (device "none")
(mount-point (mount-point
(in-vicinity "/run/user" ;for shepherd & co. (in-vicinity "/run/user" ;for shepherd & co.

5
tests/guix-environment-container.sh
View file

@ -195,6 +195,11 @@ guix environment --bootstrap --container --ad-hoc guile-bootstrap \
--writable-root \ --writable-root \
-- guile -c '(mkdir "/whatever")' -- guile -c '(mkdir "/whatever")'
# /tmp itself is always writable.
guix environment --bootstrap --container --ad-hoc guile-bootstrap \
-- guile -c '(mkdir "/tmp/foo")'
# Check the exit code. # Check the exit code.
abnormal_exit_code=" abnormal_exit_code="