JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixos-container: use systemd-run instead of nsenter

Browse Source 
This is the first step for unprivileged nixos containers support.
Fixes #30019. See also #18825, #57083, and #67130.
This commit is contained in:
Nikita Uvarov 2019-08-23 12:12:17 +02:00
parent f096e5a46d
commit 7cb100b683
No known key found for this signature in database
GPG Key ID: F7A5FB3A7C10EF96
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
pkgs/tools/virtualization/nixos-container/nixos-container.pl
View File

@ -9,7 +9,6 @@ use Getopt::Long qw(:config gnu_getopt);
use Cwd 'abs_path';
use Time::HiRes;
my $nsenter = "@utillinux@/bin/nsenter";
my $su = "@su@";
# Ensure a consistent umask.
@ -270,9 +269,10 @@ sub restartContainer {
# Run a command in the container.
sub runInContainer {
my @args = @_;
my $leader = getLeader;
exec($nsenter, "-t", $leader, "-m", "-u", "-i", "-n", "-p", "--", @args);
die "cannot run nsenter: $!\n";
exec("systemd-run", "--machine", $containerName, "--pty", "--quiet", "--", @args);
die "cannot run systemd-run: $!\n";
}
# Remove a directory while recursively unmounting all mounted filesystems within