futurile/guix-play
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

services: singularity: Migrate to (gnu system privilege).

Browse Source 
* gnu/services/docker.scm (singularity-setuid-programs): Rename from this…
(singularity-privileged-programs): …to this.  Use <privileged-program>.
(singularity-service-type): Extend the PRIVILEGED-PROGRAM-SERVICE-TYPE.

Change-Id: I4d90f9a6d4759a24a818baab49b61be67c419bad
This commit is contained in:
Tobias Geerinckx-Rice 2024-09-01 02:00:00 +02:00
parent 76cb23c117
commit 98bc13b9ea
No known key found for this signature in database
GPG Key ID: 0DB0FF884F556D79
1 changed files with 8 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
gnu/services/docker.scm
View File

@ -31,7 +31,7 @@
#:use-module (gnu services shepherd) #:use-module (gnu services shepherd)
#:use-module (gnu system) #:use-module (gnu system)
#:use-module (gnu system image) #:use-module (gnu system image)
#:use-module (gnu system setuid) #:use-module (gnu system privilege)
#:use-module (gnu system shadow) #:use-module (gnu system shadow)
#:use-module (gnu packages admin) ;shadow #:use-module (gnu packages admin) ;shadow
#:use-module (gnu packages docker) #:use-module (gnu packages docker)
@ -268,11 +268,11 @@ bundles in Docker containers.")
'("container" "final" "overlay" "session")) '("container" "final" "overlay" "session"))
(chmod %mount-directory #o755)))) (chmod %mount-directory #o755))))
(define (singularity-setuid-programs singularity) (define (singularity-privileged-programs singularity)
"Return the setuid-root programs that SINGULARITY needs." "Return the privileged programs that SINGULARITY needs."
(define helpers (define helpers
;; The helpers, under a meaningful name. ;; The helpers, under a meaningful name.
(computed-file "singularity-setuid-helpers" (computed-file "singularity-privileged-helpers"
#~(begin #~(begin
(mkdir #$output) (mkdir #$output)
(for-each (lambda (program) (for-each (lambda (program)
@ -286,7 +286,8 @@ bundles in Docker containers.")
"-helper"))) "-helper")))
'("action" "mount" "start"))))) '("action" "mount" "start")))))
(map file-like->setuid-program (map (lambda (program) (privileged-program (program program)
(setuid? #t)))
(list (file-append helpers "/singularity-action-helper") (list (file-append helpers "/singularity-action-helper")
(file-append helpers "/singularity-mount-helper") (file-append helpers "/singularity-mount-helper")
(file-append helpers "/singularity-start-helper")))) (file-append helpers "/singularity-start-helper"))))
@ -296,8 +297,8 @@ bundles in Docker containers.")
(description (description
"Install the Singularity application bundle tool.") "Install the Singularity application bundle tool.")
(extensions (extensions
(list (service-extension setuid-program-service-type (list (service-extension privileged-program-service-type
singularity-setuid-programs) singularity-privileged-programs)
(service-extension activation-service-type (service-extension activation-service-type
(const %singularity-activation)))) (const %singularity-activation))))
(default-value singularity))) (default-value singularity)))