path: root/src/Propellor/Types
diff options
authorJoey Hess2019-04-08 13:32:32 -0400
committerJoey Hess2019-04-08 13:32:32 -0400
commitdd5cb6b03fe77ce7c4e46467048336c62d31b7a3 (patch)
tree642f6380634b37a5135881583dcaf14166e4991d /src/Propellor/Types
parent35435e16b63771c65f8223ff3fd2580cc8bad856 (diff)
change from inChroot to granular container capabilities info
* Removed inChroot, instead use hasContainerCapability FilesystemContained. (API change) * Hostname: Properties that used to not do anything in a systemd or docker container will now change the container's hostname, since it's namespaced. More container capabilities can easily be added later, to fine grain control what properties will run in different kinds of containers. This changed CmdLine's Read instance, which should be ok, because propellor inside the container is always updated at the same time as propellor outside, so when it chains into the chroot, it will know to expect the capability list. Docker was not setting InChroot before, but now sets both container capabilities, so chroot setting will also work in it. Note that, things that used to check inChroot before would not work in docker, but things that check FilesystemContained now will. It may be that some of those properties don't really work properly in docker. And, Grub.installed used to run grub-mkconfig in a docker container before, I doubt that made sense (was it even safe?); it doesn't do it now. This commit was sponsored by Trenton Cronholm on Patreon.
Diffstat (limited to 'src/Propellor/Types')
2 files changed, 20 insertions, 2 deletions
diff --git a/src/Propellor/Types/CmdLine.hs b/src/Propellor/Types/CmdLine.hs
index d712a456..77eaa452 100644
--- a/src/Propellor/Types/CmdLine.hs
+++ b/src/Propellor/Types/CmdLine.hs
@@ -2,6 +2,7 @@ module Propellor.Types.CmdLine where
import Propellor.Types.OS
import Propellor.Types.PrivData
+import Propellor.Types.Container
import System.Posix.Types
@@ -25,7 +26,7 @@ data CmdLine
| Relay HostName
| DockerInit HostName
| DockerChain HostName String
- | ChrootChain HostName FilePath Bool Bool
+ | ChrootChain HostName FilePath Bool Bool [ContainerCapability]
| GitPush Fd Fd
| Check
| Build
diff --git a/src/Propellor/Types/Container.hs b/src/Propellor/Types/Container.hs
index 217d7df7..de74f79e 100644
--- a/src/Propellor/Types/Container.hs
+++ b/src/Propellor/Types/Container.hs
@@ -1,7 +1,9 @@
-{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE TypeFamilies, FlexibleInstances #-}
module Propellor.Types.Container where
+import Propellor.Types.Info
-- | A value that can be bound between the host and a container.
-- For example, a Bound Port is a Port on the container that is bound to
@@ -28,3 +30,18 @@ data Bound v = Bound
same :: v -> Bound v
same v = Bound v v
+-- | Capabilities of a container.
+data ContainerCapability
+ = HostnameContained
+ -- ^ The container has its own hostname (and domain name)
+ -- separate from the system that contains it.
+ | FilesystemContained
+ -- ^ The container has its own root filesystem, rather than sharing
+ -- the root filesystem of the system that contains it.
+ deriving (Typeable, Eq, Read, Show)
+-- | A [ContainerCapability] can be used as Info.
+-- It does not propagate out to the Host.
+-- When not in a container, the Info value will be [].
+instance IsInfo [ContainerCapability] where
+ propagateInfo _ = PropagateInfo False