From ed5a9f5260666679289c3d20d5068e374084a50c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Fri, 16 Jun 2023 10:52:58 +0200 Subject: [PATCH] linux-container: Pass '--disable-chroot' to 'guix-daemon'. This allows for the use of Guix within a non-privileged Docker container produced by 'guix system image -t docker'. * gnu/system/linux-container.scm (containerized-operating-system): Change 'guix-configuration' to add "--disable-chroot". --- gnu/system/linux-container.scm | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/gnu/system/linux-container.scm b/gnu/system/linux-container.scm index 7c45dbccaf..485baea4c5 100644 --- a/gnu/system/linux-container.scm +++ b/gnu/system/linux-container.scm @@ -1,6 +1,6 @@ ;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2015 David Thompson -;;; Copyright © 2016-2017, 2019-2022 Ludovic Courtès +;;; Copyright © 2016-2017, 2019-2023 Ludovic Courtès ;;; Copyright © 2019 Arun Isaac ;;; Copyright © 2020 Efraim Flashner ;;; Copyright © 2020 Google LLC @@ -160,6 +160,17 @@ containerized OS. EXTRA-FILE-SYSTEMS is a list of file systems to add to OS." (nscd-configuration (inherit (service-value s)) (caches %nscd-container-caches)))) + ((eq? guix-service-type (service-kind s)) + ;; Pass '--disable-chroot' so that + ;; guix-daemon can build thing even in + ;; Docker without '--privileged'. + (service guix-service-type + (guix-configuration + (inherit (service-value s)) + (extra-options + (cons "--disable-chroot" + (guix-configuration-extra-options + (service-value s))))))) (else s))) (operating-system-user-services os)))) (file-systems (append (map mapping->fs