diff options
author | Ludovic Courtès <ludo@gnu.org> | 2019-05-10 18:16:45 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2019-05-15 16:36:21 +0200 |
commit | 6edd5c546c7c1bb5ee45436a0441a9daf1e5509c (patch) | |
tree | df58794499e3ba22c85bff5192fe3fd76d4cedc5 /tests/cve-sample.xml | |
parent | 32747aa987bd921bc8aadc1c1d4b4da6d9bcc306 (diff) | |
download | guix-6edd5c546c7c1bb5ee45436a0441a9daf1e5509c.tar.gz guix-6edd5c546c7c1bb5ee45436a0441a9daf1e5509c.zip |
linux-container: Do not add %CONTAINER-FILE-SYSTEMS to Docker image OSes.
Previously, 'guix system docker-image' would end up providing an OS that
would try to mount all of %CONTAINER-FILE-SYSTEMS as well as /gnu/store,
which is bound to fail in unprivileged Docker.
This patch makes it so that 'guix system container' still gets those
file systems, but 'guix system docker-image' doesn't.
* gnu/system/linux-container.scm (containerized-operating-system): Add
#:extra-file-systems parameter and honor it. Do not include
%STORE-MAPPING and SHARED-NETWORK-FILE-MAPPINGS.
(container-script): Add %STORE-MAPPING and optionally NETWORK-MAPPINGS
to MAPPINGS and pass #:extra-file-systems.
Diffstat (limited to 'tests/cve-sample.xml')
0 files changed, 0 insertions, 0 deletions