[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
06/15: build: syscalls: Add setns syscall wrapper.
From: |
David Thompson |
Subject: |
06/15: build: syscalls: Add setns syscall wrapper. |
Date: |
Sun, 05 Jul 2015 19:31:43 +0000 |
davexunit pushed a commit to branch wip-container
in repository guix.
commit 1aba6fa0b33eb8db4e327b9478b634e0016763f6
Author: David Thompson <address@hidden>
Date: Mon Jun 8 08:43:05 2015 -0400
build: syscalls: Add setns syscall wrapper.
* guix/build/syscalls.scm (setns): New procedure.
* tests/syscalls.scm: Test it.
---
guix/build/syscalls.scm | 15 +++++++++++++++
tests/syscalls.scm | 21 +++++++++++++++++++++
2 files changed, 36 insertions(+), 0 deletions(-)
diff --git a/guix/build/syscalls.scm b/guix/build/syscalls.scm
index 1e5b3f7..827a79d 100644
--- a/guix/build/syscalls.scm
+++ b/guix/build/syscalls.scm
@@ -54,6 +54,7 @@
CLONE_NEWPID
CLONE_NEWNET
clone
+ setns
IFF_UP
IFF_BROADCAST
@@ -311,6 +312,20 @@ Unlike the fork system call, clone accepts FLAGS that
specify which resources
are shared between the parent and child processes."
(proc syscall-id flags %null-pointer))))
+(define setns
+ (let* ((ptr (dynamic-func "setns" (dynamic-link)))
+ (proc (pointer->procedure int ptr (list int int))))
+ (lambda (fdes nstype)
+ "Reassociate the current process with the namespace specified by FDES.
+NSTYPE specifies which type of namespace the current process may be
+reassociated with, or 0 if there is no such limitation."
+ (let ((ret (proc fdes nstype))
+ (err (errno)))
+ (unless (zero? ret)
+ (throw 'system-error "setns" "~d ~d: ~A"
+ (list fdes nstype (strerror err))
+ (list err)))))))
+
;;;
;;; Packed structures.
diff --git a/tests/syscalls.scm b/tests/syscalls.scm
index 9902279..80d2788 100644
--- a/tests/syscalls.scm
+++ b/tests/syscalls.scm
@@ -90,6 +90,27 @@
(not (equal? (readlink (user-namespace pid))
(readlink (user-namespace "self")))))))
+(test-assert "setns"
+ (match (clone (logior CLONE_NEWUSER))
+ (0 (primitive-exit 0))
+ (clone-pid
+ (match (pipe)
+ ((in . out)
+ (match (primitive-fork)
+ (0
+ (close in)
+ (call-with-input-file (user-namespace clone-pid)
+ (lambda (port)
+ (setns (port->fdes port) 0)))
+ (write 'done out)
+ (close out)
+ (primitive-exit 0))
+ (fork-pid
+ (close out)
+ ;; Wait for the child process to join the namespace.
+ (read in)
+ (equal? (readlink (user-namespace clone-pid))
+ (readlink (user-namespace fork-pid))))))))))
(test-assert "all-network-interfaces"
(match (all-network-interfaces)
- branch wip-container created (now 28723ea), David Thompson, 2015/07/05
- 01/15: build: syscalls: Add additional mount flags., David Thompson, 2015/07/05
- 02/15: build: syscalls: Add unmount flags., David Thompson, 2015/07/05
- 03/15: build: syscalls: Add mkdtemp!, David Thompson, 2015/07/05
- 04/15: utils: Add call-with-temporary-directory., David Thompson, 2015/07/05
- 05/15: build: syscalls: Add clone syscall wrapper., David Thompson, 2015/07/05
- 06/15: build: syscalls: Add setns syscall wrapper.,
David Thompson <=
- 07/15: build: syscalls: Add pivot-root., David Thompson, 2015/07/05
- 09/15: gnu: system: Move <file-system-mapping> into (gnu system file-systems)., David Thompson, 2015/07/05
- 10/15: gnu: system: Move file-system->spec to (gnu system file-systems)., David Thompson, 2015/07/05
- 12/15: gnu: system: Add Linux container file systems., David Thompson, 2015/07/05
- 11/15: gnu: system: Add Linux container module., David Thompson, 2015/07/05
- 13/15: scripts: system: Add 'container' action., David Thompson, 2015/07/05
- 08/15: gnu: build: Add Linux container module., David Thompson, 2015/07/05
- 14/15: scripts: environment: Add --container option., David Thompson, 2015/07/05
- 15/15: scripts: Add 'container' subcommand., David Thompson, 2015/07/05