etc: guix-daemon.service.in: Mitigate mount race condition This mitigates a race condition described in #576. The 'Type=exec' option ensures that systemd only starts follow-up units after the guix-daemon binary has started. By then, the mount points are collected in a private namespace and will not be affected. Without this option, 'gnu-store.mount' could win the race and remount everything read-only before guix-daemon has acquired a read-write view. Fixes #2270 * etc/guix-daemon.service.in: Mitigate mount race condition Change-Id: I5d28ebc38b0c10e6d2aa8e65353757ef13d5bad3 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
1 files changed, 4 insertions(+), 0 deletions(-) M etc/guix-daemon.service.in
M etc/guix-daemon.service.in => etc/guix-daemon.service.in +4 -0
@@ 24,6 24,10 @@ BindPaths=@storedir@ # Disable host file system mount propagation to keep service view of the # store read-write after 'gnu-store.mount' makes it read-only system-wide. MountFlags=private # Mitigate race condition between guix-daemon and 'gnu-store.mount'. # Dependent units will only start after daemon binary is started AND THUS # the mount point is acquired in a private namespace. Type=exec # Provide the CAP_CHOWN capability so that guix-daemon can create and chown # /var/guix/profiles/per-user/$USER and also chown failed build directories