diff options
| author | Arun Isaac | 2026-04-03 19:49:52 +0100 |
|---|---|---|
| committer | Arun Isaac | 2026-04-03 19:49:52 +0100 |
| commit | be549e815698cf633354447d41bec368b121b523 (patch) | |
| tree | c60d2bf6e341f85ffa0d2c734cc06793c16eb508 /kaakaa/container.scm | |
| download | kaagum-be549e815698cf633354447d41bec368b121b523.tar.gz kaagum-be549e815698cf633354447d41bec368b121b523.tar.lz kaagum-be549e815698cf633354447d41bec368b121b523.zip | |
Initial commit
Diffstat (limited to 'kaakaa/container.scm')
| -rw-r--r-- | kaakaa/container.scm | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/kaakaa/container.scm b/kaakaa/container.scm new file mode 100644 index 0000000..e7889bb --- /dev/null +++ b/kaakaa/container.scm @@ -0,0 +1,50 @@ +;;; kaakaa --- Tiny, security-focused AI agent in Guile +;;; Copyright © 2026 Arun Isaac <arunisaac@systemreboot.net> +;;; +;;; This file is part of kaakaa. +;;; +;;; kaakaa is free software: you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation, either version 3 of the License, or +;;; (at your option) any later version. +;;; +;;; kaakaa is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +;;; General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with kaakaa. If not, see <https://www.gnu.org/licenses/>. + +(define-module (kaakaa container) + #:use-module (rnrs io ports) + #:use-module (ice-9 match) + #:use-module (gnu build linux-container) + #:use-module (guix utils) + #:use-module (kaakaa records) + #:export (call-with-container*)) + +(define-public-record-type* (<container-result> container-result container-result?) + (fields (output container-result-output) + (exit-value container-result-exit-value))) + +(define (call-with-container* mounts namespaces thunk) + "Run @var{thunk} as a process in a container with @var{mounts} and +@var{namespaces}, and return a @code{<container-result>} object." + (call-with-temporary-directory + (lambda (root) + (match (pipe) + ((in . out) + (match (waitpid (run-container root mounts namespaces 1 + (lambda () + (close-port in) + (with-output-to-port out + ;; TODO: Capture stderr too. + thunk) + (close-port out)))) + ((_ . status) + (close-port out) + (let ((result (get-string-all in))) + (close-port in) + (container-result result + (status:exit-val status)))))))))) |