Pasted by: davexunit
When:6 years, 7 months ago
(define (call-with-container root-dir mount-points thunk)
  "Run THUNK in a new container process with ROOT-DIR as \"/\" and
MOUNT-POINTS mounted within."
  (define (in-root dir)
    (string-append root-dir dir))

  (let ((new-proc (in-root "/proc"))
        (new-dev  (in-root "/dev"))
        (new-sys  (in-root "/sys")))
    ;; FIXME: User namespaces do not work yet
    (with-clone (delq 'user %all-namespaces)
      (mkdir-p new-proc)
      (mkdir-p new-dev)
      (mkdir-p new-sys)
      (for-each mount
                (cons* (make-mount-point "proc" new-proc "proc")
                       (make-mount-point "dev"  new-dev  "devtmpfs")
                       (make-mount-point "sys"  new-sys  "sysfs")
      (chroot root-dir)
      (chdir "/")

