diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2022-04-17 22:18:50 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2022-05-01 21:30:36 +0200 |
| commit | dac4efc466fd459912d6dd85a0be7c96cd3e35e1 (patch) | |
| tree | 7f5267706f605d04dcc3a0870a6fcac5c02cddde | |
| parent | 53dbc6fd9a2f476f38e17496457a6b3b06e71687 (diff) | |
| download | guix-dac4efc466fd459912d6dd85a0be7c96cd3e35e1.tar.gz guix-dac4efc466fd459912d6dd85a0be7c96cd3e35e1.zip | |
services: quassel: Use 'least-authority-wrapper'.
* gnu/services/messaging.scm (quassel-shepherd-service): Use
'least-authority-wrapper' instead of
'make-forkexec-constructor/container'.
| -rw-r--r-- | gnu/services/messaging.scm | 42 |
1 files changed, 22 insertions, 20 deletions
diff --git a/gnu/services/messaging.scm b/gnu/services/messaging.scm index 7fdd8cf285..05bf6e784b 100644 --- a/gnu/services/messaging.scm +++ b/gnu/services/messaging.scm @@ -939,29 +939,31 @@ a gateway between IRC and chat networks."))) (define quassel-shepherd-service (match-lambda (($ <quassel-configuration> quassel interface port loglevel) - (with-imported-modules (source-module-closure - '((gnu build shepherd) - (gnu system file-systems))) + (let ((quassel (least-authority-wrapper + (file-append quassel "/bin/quasselcore") + #:name "quasselcore" + #:mappings (list (file-system-mapping + (source "/var/lib/quassel") + (target source) + (writable? #t)) + (file-system-mapping + (source "/var/log/quassel") + (target source) + (writable? #t))) + ;; XXX: The daemon needs to live in the main user + ;; namespace, as root, so it can access /var/lib/quassel + ;; owned by "quasselcore". + #:namespaces (fold delq %namespaces '(net user))))) (list (shepherd-service (provision '(quassel)) (requirement '(user-processes networking)) - (modules '((gnu build shepherd) - (gnu system file-systems))) - (start #~(make-forkexec-constructor/container - (list #$(file-append quassel "/bin/quasselcore") - "--configdir=/var/lib/quassel" - "--logfile=/var/log/quassel/core.log" - (string-append "--loglevel=" #$loglevel) - (string-append "--port=" (number->string #$port)) - (string-append "--listen=" #$interface)) - #:mappings (list (file-system-mapping - (source "/var/lib/quassel") - (target source) - (writable? #t)) - (file-system-mapping - (source "/var/log/quassel") - (target source) - (writable? #t))))) + (start #~(make-forkexec-constructor + (list #$quassel + "--configdir=/var/lib/quassel" + "--logfile=/var/log/quassel/core.log" + (string-append "--loglevel=" #$loglevel) + (string-append "--port=" (number->string #$port)) + (string-append "--listen=" #$interface)))) (stop #~(make-kill-destructor)))))))) (define %quassel-account |