services: tor: Run in a container.
* gnu/services/networking.scm (tor-shepherd-service): Use (gnu build shepherd) and use 'make-forkexec-constructor/container' instead of 'make-forkexec-constructor'.
This commit is contained in:
parent
bb5cad4eb2
commit
ee295346ce
@ -595,17 +595,31 @@ HiddenServicePort ~a ~a~%"
|
||||
(match config
|
||||
(($ <tor-configuration> tor)
|
||||
(let ((torrc (tor-configuration->torrc config)))
|
||||
(list (shepherd-service
|
||||
(provision '(tor))
|
||||
(with-imported-modules (source-module-closure
|
||||
'((gnu build shepherd)
|
||||
(gnu system file-systems)))
|
||||
(list (shepherd-service
|
||||
(provision '(tor))
|
||||
|
||||
;; Tor needs at least one network interface to be up, hence the
|
||||
;; dependency on 'loopback'.
|
||||
(requirement '(user-processes loopback syslogd))
|
||||
;; Tor needs at least one network interface to be up, hence the
|
||||
;; dependency on 'loopback'.
|
||||
(requirement '(user-processes loopback syslogd))
|
||||
|
||||
(start #~(make-forkexec-constructor
|
||||
(list (string-append #$tor "/bin/tor") "-f" #$torrc)))
|
||||
(stop #~(make-kill-destructor))
|
||||
(documentation "Run the Tor anonymous network overlay.")))))))
|
||||
(modules '((gnu build shepherd)
|
||||
(gnu system file-systems)))
|
||||
|
||||
(start #~(make-forkexec-constructor/container
|
||||
(list #$(file-append tor "/bin/tor") "-f" #$torrc)
|
||||
|
||||
#:mappings (list (file-system-mapping
|
||||
(source "/var/lib/tor")
|
||||
(target source)
|
||||
(writable? #t))
|
||||
(file-system-mapping
|
||||
(source "/dev/log") ;for syslog
|
||||
(target source)))))
|
||||
(stop #~(make-kill-destructor))
|
||||
(documentation "Run the Tor anonymous network overlay."))))))))
|
||||
|
||||
(define (tor-hidden-service-activation config)
|
||||
"Return the activation gexp for SERVICES, a list of hidden services."
|
||||
|
Loading…
Reference in New Issue
Block a user