From ee295346ce81c276ffb4ee34cc6f5b134b415097 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Wed, 12 Apr 2017 16:44:18 +0200 Subject: [PATCH] services: tor: Run in a container. * gnu/services/networking.scm (tor-shepherd-service): Use (gnu build shepherd) and use 'make-forkexec-constructor/container' instead of 'make-forkexec-constructor'. --- gnu/services/networking.scm | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/gnu/services/networking.scm b/gnu/services/networking.scm index 85fc0b843a..ae9b8f87cc 100644 --- a/gnu/services/networking.scm +++ b/gnu/services/networking.scm @@ -595,17 +595,31 @@ HiddenServicePort ~a ~a~%" (match config (($ tor) (let ((torrc (tor-configuration->torrc config))) - (list (shepherd-service - (provision '(tor)) + (with-imported-modules (source-module-closure + '((gnu build shepherd) + (gnu system file-systems))) + (list (shepherd-service + (provision '(tor)) - ;; Tor needs at least one network interface to be up, hence the - ;; dependency on 'loopback'. - (requirement '(user-processes loopback syslogd)) + ;; Tor needs at least one network interface to be up, hence the + ;; dependency on 'loopback'. + (requirement '(user-processes loopback syslogd)) - (start #~(make-forkexec-constructor - (list (string-append #$tor "/bin/tor") "-f" #$torrc))) - (stop #~(make-kill-destructor)) - (documentation "Run the Tor anonymous network overlay."))))))) + (modules '((gnu build shepherd) + (gnu system file-systems))) + + (start #~(make-forkexec-constructor/container + (list #$(file-append tor "/bin/tor") "-f" #$torrc) + + #:mappings (list (file-system-mapping + (source "/var/lib/tor") + (target source) + (writable? #t)) + (file-system-mapping + (source "/dev/log") ;for syslog + (target source))))) + (stop #~(make-kill-destructor)) + (documentation "Run the Tor anonymous network overlay.")))))))) (define (tor-hidden-service-activation config) "Return the activation gexp for SERVICES, a list of hidden services."