#pragma once #include "types.hh" namespace nix { /* Abstract destination of binary data. */ struct Sink { virtual ~Sink() { } virtual void operator () (const unsigned char * data, size_t len) = 0; }; /* A buffered abstract sink. */ struct BufferedSink : Sink { size_t bufSize, bufPos; unsigned char * buffer; BufferedSink(size_t bufSize = 32 * 1024) : bufSize(bufSize), bufPos(0), buffer(0) { } ~BufferedSink(); void operator () (const unsigned char * data, size_t len); void flush(); virtual void write(const unsigned char * data, size_t len) = 0; }; /* Abstract source of binary data. */ struct Source { virtual ~Source() { } /* Store exactly ‘len’ bytes in the buffer pointed to by ‘data’. It blocks until all the requested data is available, or throws an error if it is not going to be available. */ void operator () (unsigned char * data, size_t len); /* Store up to ‘len’ in the buffer pointed to by ‘data’, and return the number of bytes stored. If blocks until at least one byte is available. */ virtual size_t read(unsigned char * data, size_t len) = 0; }; /* A buffered abstract source. */ struct BufferedSource : Source { size_t bufSize, bufPosIn, bufPosOut; unsigned char * buffer; BufferedSource(size_t bufSize = 32 * 1024) : bufSize(bufSize), bufPosIn(0), bufPosOut(0), buffer(0) { } ~BufferedSource(); size_t read(unsigned char * data, size_t len); /* Underlying read call, to be overridden. */ virtual size_t readUnbuffered(unsigned char * data, size_t len) = 0; bool hasData(); }; /* A sink that writes data to a file descriptor. */ struct FdSink : BufferedSink { int fd; bool warn; size_t written; FdSink() : fd(-1), warn(false), written(0) { } FdSink(int fd) : fd(fd), warn(false), written(0) { } ~FdSink(); void write(const unsigned char * data, size_t len); }; /* A source that reads data from a file descriptor. */ struct FdSource : BufferedSource { int fd; FdSource() : fd(-1) { } FdSource(int fd) : fd(fd) { } size_t readUnbuffered(unsigned char * data, size_t len); }; /* A sink that writes data to a string. */ struct StringSink : Sink { string s; void operator () (const unsigned char * data, size_t len); }; /* A source that reads data from a string. */ struct StringSource : Source { const string & s; size_t pos; StringSource(const string & _s) : s(_s), pos(0) { } size_t read(unsigned char * data, size_t len); }; void writePadding(size_t len, Sink & sink); void writeInt(unsigned int n, Sink & sink); void writeLongLong(unsigned long long n, Sink & sink); void writeString(const unsigned char * buf, size_t len, Sink & sink); void writeString(const string & s, Sink & sink); template void writeStrings(const T & ss, Sink & sink); void readPadding(size_t len, Source & source); unsigned int readInt(Source & source); unsigned long long readLongLong(Source & source); size_t readString(unsigned char * buf, size_t max, Source & source); string readString(Source & source); template T readStrings(Source & source); MakeError(SerialisationError, Error) } n"): Remove extra 'primitive-fork' call, now unnecessary. ("container-excursion*, /proc"): New test. Ludovic Courtès 2023-01-30container: Correctly report exit status....* gnu/build/linux-container.scm (container-excursion): Return the raw status value. * tests/containers.scm ("container-excursion, same namespaces"): Add 'status:exit-val' call. * guix/scripts/container/exec.scm (guix-container-exec): Correctly handle the different cases. Ludovic Courtès 2022-09-24linux-container: Mark socket pair as SOCK_CLOEXEC....* gnu/build/linux-container.scm (run-container): Pass SOCK_CLOEXEC to 'socketpair'. Ludovic Courtès 2022-09-20linux-container: 'container-excursion*' marks its FDs as FD_CLOEXEC....Fixes <https://issues.guix.gnu.org/57827>. Reported by Mathieu Othacehe <othacehe@gnu.org>. Fixes a regression introduced with the Shepherd 0.9.2 upgrade in 1ba0e38267c9ff8bb476285091be6e297bbf136e, whereby IN and OUT would no longer be closed when 'fork+exec-command/container' would call 'exec-command*' as part of the THUNK passed to 'container-excursion*'. This is because the Shepherd 0.9.2 assumes file descriptors are properly marked as O_CLOEXEC and, consequently, 'exec-command' no longer run the close(2) loop prior to 'exec'. * gnu/build/linux-container.scm (container-excursion*): Add calls to 'fcntl'. Ludovic Courtès 2022-05-01linux-container: Add #:child-is-pid1? parameter to 'call-with-container'....* gnu/build/linux-container.scm (wait-child-process) (status->exit-status): New procedures. (call-with-container): Add #:child-is-pid1? parameter and honor it. [thunk*]: New variable. Pass it to 'run-container'. Ludovic Courtès 2022-05-01linux-container: Ensure signal-handling asyncs get a chance to run....Previously we could enter the blocking 'waitpid' call and miss an opportunity to run the signal handler async. * gnu/build/linux-container.scm (call-with-container) [periodically-schedule-asyncs]: New procedure. [install-signal-handlers]: Call it. Ludovic Courtès 2022-05-01linux-container: 'call-with-container' relays SIGTERM and SIGINT....* gnu/build/linux-container.scm (call-with-container): Add #:relayed-signals. [install-signal-handlers]: New procedure. Call it. Ludovic Courtès 2022-01-05linux-container: Handle CLONE_NEWCGROUP and use it by default....Adds low-level support for launching Linux containers with cgroup namespaces. * gnu/build/linux-container.scm (%namespaces): Add 'cgroup. (namespaces->bit-mask): Handle it. * guix/build/syscalls.scm (CLONE_NEWCGROUP): New variable. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Ryan Sundberg