services: tor: Run in a container.

* gnu/services/networking.scm (tor-shepherd-service): Use (gnu build
shepherd) and use 'make-forkexec-constructor/container' instead of
'make-forkexec-constructor'.
This commit is contained in:
Ludovic Courtès 2017-04-12 16:44:18 +02:00
parent bb5cad4eb2
commit ee295346ce
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5

View File

@ -595,17 +595,31 @@ HiddenServicePort ~a ~a~%"
(match config
(($ <tor-configuration> tor)
(let ((torrc (tor-configuration->torrc config)))
(list (shepherd-service
(provision '(tor))
(with-imported-modules (source-module-closure
'((gnu build shepherd)
(gnu system file-systems)))
(list (shepherd-service
(provision '(tor))
;; Tor needs at least one network interface to be up, hence the
;; dependency on 'loopback'.
(requirement '(user-processes loopback syslogd))
;; Tor needs at least one network interface to be up, hence the
;; dependency on 'loopback'.
(requirement '(user-processes loopback syslogd))
(start #~(make-forkexec-constructor
(list (string-append #$tor "/bin/tor") "-f" #$torrc)))
(stop #~(make-kill-destructor))
(documentation "Run the Tor anonymous network overlay.")))))))
(modules '((gnu build shepherd)
(gnu system file-systems)))
(start #~(make-forkexec-constructor/container
(list #$(file-append tor "/bin/tor") "-f" #$torrc)
#:mappings (list (file-system-mapping
(source "/var/lib/tor")
(target source)
(writable? #t))
(file-system-mapping
(source "/dev/log") ;for syslog
(target source)))))
(stop #~(make-kill-destructor))
(documentation "Run the Tor anonymous network overlay."))))))))
(define (tor-hidden-service-activation config)
"Return the activation gexp for SERVICES, a list of hidden services."