~ruther/guix-local

3392ce5d606be84c07624e0626b99e410449639f — Ludovic Courtès 11 years ago b86fee7 
system: Make /gnu/store a read-only bind mount by default.

* gnu/system/file-systems.scm (%immutable-store): New variable.
  (%base-file-systems): Add it.
* doc/guix.texi (File Systems): Document it.
patch browse .tar.gz 
2 files changed, 29 insertions(+), 4 deletions(-)

M doc/guix.texi
M gnu/system/file-systems.scm

M doc/guix.texi => doc/guix.texi +13 -2
@@ 4221,8 4221,9 @@ variables.

@defvr {Scheme Variable} %base-file-systems
These are essential file systems that are required on normal systems,
such as @var{%devtmpfs-file-system} (see below.)  Operating system
declarations should always contain at least these.
such as @var{%devtmpfs-file-system} and @var{%immutable-store} (see
below.)  Operating system declarations should always contain at least
these.
@end defvr

@defvr {Scheme Variable} %devtmpfs-file-system


@@ 4244,6 4245,16 @@ memory sharing across processes (@pxref{Memory-mapped I/O,
@code{shm_open},, libc, The GNU C Library Reference Manual}).
@end defvr

@defvr {Scheme Variable} %immutable-store
This file system performs a read-only ``bind mount'' of
@file{/gnu/store}, making it read-only for all the users including
@code{root}.  This prevents against accidental modification by software
running as @code{root} or by system administrators.

The daemon itself is still able to write to the store: it remounts it
read-write in its own ``name space.''
@end defvr

@defvr {Scheme Variable} %binary-format-file-system
The @code{binfmt_misc} file system, which allows handling of arbitrary
executable file types to be delegated to user space.  This requires the


M gnu/system/file-systems.scm => gnu/system/file-systems.scm +16 -2
@@ 1,5 1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;


@@ 19,6 19,7 @@
(define-module (gnu system file-systems)
  #:use-module (guix gexp)
  #:use-module (guix records)
  #:use-module (guix store)
  #:export (<file-system>
            file-system
            file-system?


@@ 37,6 38,7 @@
            %shared-memory-file-system
            %pseudo-terminal-file-system
            %devtmpfs-file-system
            %immutable-store

            %base-file-systems



@@ 139,12 141,24 @@ file system."
    (options "size=50%")                         ;TODO: make size configurable
    (create-mount-point? #t)))

(define %immutable-store
  ;; Read-only store to avoid users or daemons accidentally modifying it.
  ;; 'guix-daemon' has provisions to remount it read-write in its own name
  ;; space.
  (file-system
    (device (%store-prefix))
    (mount-point (%store-prefix))
    (type "none")
    (check? #f)
    (flags '(read-only bind-mount))))

(define %base-file-systems
  ;; List of basic file systems to be mounted.  Note that /proc and /sys are
  ;; currently mounted by the initrd.
  (list %devtmpfs-file-system
        %pseudo-terminal-file-system
        %shared-memory-file-system))
        %shared-memory-file-system
        %immutable-store))