From 5d4fee3bf2d51d0c0cf6aaff896ebbaa5aa69b32 Mon Sep 17 00:00:00 2001 From: Emery Hemingway Date: Mon, 21 Dec 2020 00:53:54 +0100 Subject: [PATCH] nixos: move ExecStart to end of systemd children list --- nixos-modules/systemd-runner.dhall | 250 +++++++++++++++-------------- 1 file changed, 129 insertions(+), 121 deletions(-) diff --git a/nixos-modules/systemd-runner.dhall b/nixos-modules/systemd-runner.dhall index 4da6005..588c703 100644 --- a/nixos-modules/systemd-runner.dhall +++ b/nixos-modules/systemd-runner.dhall @@ -40,131 +40,139 @@ in λ ( params Init::{ , routes = parentRoutes [ "File_system", "Rtc", "Terminal", "Timer" ] - , children = toMap - { vfs = - Child.flat - Child.Attributes::{ - , binary = "vfs" - , exitPropagate = True - , resources = Genode.Init.Resources::{ - , caps = 256 - , ram = Genode.units.MiB 8 - } - , config = Init.Config::{ - , content = - [ VFS.vfs - ( [ VFS.dir - "dev" - ( [ VFS.dir "pipes" [ VFS.leaf "pipe" ] - , VFS.leaf "log" - , VFS.leaf "null" - , VFS.leafAttrs - "terminal" - ( toMap - { name = "entropy" - , label = "entropy" + , children = + toMap + { vfs = + Child.flat + Child.Attributes::{ + , binary = "vfs" + , exitPropagate = True + , resources = Genode.Init.Resources::{ + , caps = 256 + , ram = Genode.units.MiB 8 + } + , config = Init.Config::{ + , content = + [ VFS.vfs + ( [ VFS.dir + "dev" + ( [ VFS.dir + "pipes" + [ VFS.leaf "pipe" ] + , VFS.leaf "log" + , VFS.leaf "null" + , VFS.leafAttrs + "terminal" + ( toMap + { name = "entropy" + , label = "entropy" + } + ) + , VFS.leaf "rtc" + , VFS.leaf "zero" + ] + # socketsVfs + ) + , VFS.dir + "usr" + [ VFS.dir + "bin" + [ VFS.symlink + "env" + "${params.coreutils}/bin/env" + ] + ] + , VFS.dir "tmp" [ VFS.leaf "ram" ] + , VFS.dir + "nix" + [ VFS.dir + "store" + [ VFS.fs + VFS.FS::{ + , label = "nix-store" } - ) - , VFS.leaf "rtc" - , VFS.leaf "zero" - ] - # socketsVfs - ) - , VFS.dir - "usr" - [ VFS.dir - "bin" - [ VFS.symlink - "env" - "${params.coreutils}/bin/env" + ] ] ] - , VFS.dir "tmp" [ VFS.leaf "ram" ] - , VFS.dir - "nix" - [ VFS.dir - "store" - [ VFS.fs - VFS.FS::{ label = "nix-store" } - ] - ] - ] - # params.extraVfs + # params.extraVfs + ) + ] + , policies = + [ Init.Config.Policy::{ + , service = "File_system" + , label = Init.LabelSelector.prefix "ExecStart" + , attributes = toMap + { root = "/", writeable = "yes" } + } + , Init.Config.Policy::{ + , service = "File_system" + , label = Init.LabelSelector.prefix "vfs_rom" + , attributes = toMap + { root = "/", writeable = "no" } + } + ] + } + } + , vfs_rom = + Child.flat + Child.Attributes::{ + , binary = "cached_fs_rom" + , resources = Genode.Init.Resources::{ + , ram = Genode.units.MiB 32 + } + , config = Init.Config::{ + , policies = + [ Init.Config.Policy::{ + , service = "ROM" + , label = Init.LabelSelector.prefix "ExecStart" + } + ] + } + } + } + # [ { mapKey = "ExecStart" + , mapValue = + Child.flat + Child.Attributes::{ + , binary = params.binary + , exitPropagate = True + , resources = Genode.Init.Resources::{ + , caps = 256 + , ram = Genode.units.MiB params.ramQuotaMiB + } + , config = + ( Libc.toConfig + Libc::{ + , stdin = Some "/dev/null" + , stdout = Some "/dev/log" + , stderr = Some "/dev/log" + , pipe = Some "/dev/pipes" + , rng = Some "/dev/entropy" + , rtc = Some "/dev/rtc" + , socket = Some "/dev/sockets" + , vfs = [ VFS.leaf "fs" ] + , args = [ params.binary ] # params.args + } ) - ] - , policies = - [ Init.Config.Policy::{ - , service = "File_system" - , label = Init.LabelSelector.prefix "ExecStart" - , attributes = toMap - { root = "/", writeable = "yes" } - } - , Init.Config.Policy::{ - , service = "File_system" - , label = Init.LabelSelector.prefix "vfs_rom" - , attributes = toMap - { root = "/", writeable = "no" } - } - ] - } - } - , vfs_rom = - Child.flat - Child.Attributes::{ - , binary = "cached_fs_rom" - , resources = Genode.Init.Resources::{ - , ram = Genode.units.MiB 32 - } - , config = Init.Config::{ - , policies = - [ Init.Config.Policy::{ - , service = "ROM" - , label = Init.LabelSelector.prefix "ExecStart" - } - ] - } - } - , ExecStart = - Child.flat - Child.Attributes::{ - , binary = params.binary - , exitPropagate = True - , resources = Genode.Init.Resources::{ - , caps = 256 - , ram = Genode.units.MiB params.ramQuotaMiB - } - , config = - ( Libc.toConfig - Libc::{ - , stdin = Some "/dev/null" - , stdout = Some "/dev/log" - , stderr = Some "/dev/log" - , pipe = Some "/dev/pipes" - , rng = Some "/dev/entropy" - , rtc = Some "/dev/rtc" - , socket = Some "/dev/sockets" - , vfs = [ VFS.leaf "fs" ] - , args = [ params.binary ] # params.args - } - ) - with attributes = toMap { ld_verbose = "yes" } - , routes = - Prelude.List.map - Text - Init.ServiceRoute.Type - ( λ(label : Text) → - Init.ServiceRoute.parentLabel - "ROM" - (Some label) - (Some label) - ) - [ "libc.lib.so" - , "libm.lib.so" - , "posix.lib.so" - , "vfs.lib.so" - ] - } - } + with attributes = toMap { ld_verbose = "yes" } + , routes = + Prelude.List.map + Text + Init.ServiceRoute.Type + ( λ(label : Text) → + Init.ServiceRoute.parentLabel + "ROM" + (Some label) + (Some label) + ) + [ "libc.lib.so" + , "libm.lib.so" + , "posix.lib.so" + , "vfs.lib.so" + ] + } + } + ] } in Init.toChild init Init.Attributes::{=}