container: Gracefully handle failure to set up user namespaces.

* gnu/build/linux-container.scm (run-container): Exit when the parent process doesn't say 'ready.
2016-05-30 22:13:09 +02:00 · 2016-05-30 22:13:09 +02:00 · 4c14d4eaa7
commit 4c14d4eaa7
parent 552ffa021c
1 changed files with 12 additions and 9 deletions
--- a/gnu/build/linux-container.scm
+++ b/gnu/build/linux-container.scm
@ -214,7 +214,8 @@ host user identifiers to map into the user namespace."
           (lambda ()
             (close out)
             ;; Wait for parent to set things up.
-             (read in)
+             (match (read in)
+               ('ready
                (close in)
                (purify-environment)
                (when (memq 'mnt namespaces)
@ -222,7 +223,9 @@ host user identifiers to map into the user namespace."
                                      #:mount-/proc? (memq 'pid namespaces)
                                      #:mount-/sys?  (memq 'net namespaces)))
                ;; TODO: Manage capabilities.
-             (thunk))))
+                (thunk))
+               (_                                 ;parent died or something
+                (primitive-exit 2))))))
         (pid
          (when (memq 'user namespaces)
            (initialize-user-namespace pid host-uids))