environment: '--container' honors '--preserve'.

* guix/scripts/environment.scm (launch-environment/container): Add
 #:white-list parameter and  honor it.
(guix-environment): Pass #:white-list to 'launch-environment/container'.
* tests/guix-environment-container.sh: Add test.
This commit is contained in:
Ludovic Courtès 2019-10-03 22:19:11 +02:00
parent 9a68b89e8a
commit 5a02f8e384
No known key found for this signature in database
GPG Key ID: 090B11993D9AEBB5
2 changed files with 22 additions and 2 deletions

View File

@ -452,7 +452,7 @@ regexps in WHITE-LIST."
(define* (launch-environment/container #:key command bash user user-mappings (define* (launch-environment/container #:key command bash user user-mappings
profile manifest link-profile? network? profile manifest link-profile? network?
map-cwd?) map-cwd? (white-list '()))
"Run COMMAND within a container that features the software in PROFILE. "Run COMMAND within a container that features the software in PROFILE.
Environment variables are set according to the search paths of MANIFEST. Environment variables are set according to the search paths of MANIFEST.
The global shell is BASH, a file name for a GNU Bash binary in the The global shell is BASH, a file name for a GNU Bash binary in the
@ -461,7 +461,10 @@ USER-MAPPINGS, a list of file system mappings, contains the user-specified
host file systems to mount inside the container. If USER is not #f, each host file systems to mount inside the container. If USER is not #f, each
target of USER-MAPPINGS will be re-written relative to '/home/USER', and USER target of USER-MAPPINGS will be re-written relative to '/home/USER', and USER
will be used for the passwd entry. LINK-PROFILE? creates a symbolic link from will be used for the passwd entry. LINK-PROFILE? creates a symbolic link from
~/.guix-profile to the environment profile." ~/.guix-profile to the environment profile.
Preserve environment variables whose name matches the one of the regexps in
WHILE-LIST."
(define (optional-mapping->fs mapping) (define (optional-mapping->fs mapping)
(and (file-exists? (file-system-mapping-source mapping)) (and (file-exists? (file-system-mapping-source mapping))
(file-system-mapping->bind-mount mapping))) (file-system-mapping->bind-mount mapping)))
@ -487,6 +490,11 @@ will be used for the passwd entry. LINK-PROFILE? creates a symbolic link from
(group-entry (gid 65534) ;the overflow GID (group-entry (gid 65534) ;the overflow GID
(name "overflow")))) (name "overflow"))))
(home-dir (password-entry-directory passwd)) (home-dir (password-entry-directory passwd))
(environ (filter (match-lambda
((variable . value)
(find (cut regexp-exec <> variable)
white-list)))
(get-environment-variables)))
;; Bind-mount all requisite store items, user-specified mappings, ;; Bind-mount all requisite store items, user-specified mappings,
;; /bin/sh, the current working directory, and possibly networking ;; /bin/sh, the current working directory, and possibly networking
;; configuration files within the container. ;; configuration files within the container.
@ -555,6 +563,12 @@ will be used for the passwd entry. LINK-PROFILE? creates a symbolic link from
(override-user-dir user home cwd) (override-user-dir user home cwd)
home-dir)) home-dir))
;; Set environment variables that match WHITE-LIST.
(for-each (match-lambda
((variable . value)
(setenv variable value)))
environ)
(primitive-exit/status (primitive-exit/status
;; A container's environment is already purified, so no need to ;; A container's environment is already purified, so no need to
;; request it be purified again. ;; request it be purified again.
@ -759,6 +773,7 @@ message if any test fails."
#:user-mappings mappings #:user-mappings mappings
#:profile profile #:profile profile
#:manifest manifest #:manifest manifest
#:white-list white-list
#:link-profile? link-prof? #:link-profile? link-prof?
#:network? network? #:network? network?
#:map-cwd? (not no-cwd?)))) #:map-cwd? (not no-cwd?))))

View File

@ -44,6 +44,11 @@ else
test $? = 42 test $? = 42
fi fi
# Make sure '--preserve' is honored.
result="`FOOBAR=42; export FOOBAR; guix environment -C --ad-hoc --bootstrap \
guile-bootstrap -E ^FOO -- guile -c '(display (getenv \"FOOBAR\"))'`"
test "$result" = "42"
# By default, the UID inside the container should be the same as outside. # By default, the UID inside the container should be the same as outside.
uid="`id -u`" uid="`id -u`"
inner_uid="`guix environment -C --ad-hoc --bootstrap guile-bootstrap \ inner_uid="`guix environment -C --ad-hoc --bootstrap guile-bootstrap \