diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2015-04-20 22:21:51 +0200 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2015-04-20 22:21:51 +0200 |
| commit | 3392ce5d606be84c07624e0626b99e410449639f (patch) | |
| tree | 7e7d739c3019463a479e4c85e5ebc99fc9b3b204 | |
| parent | b86fee7848f964da4d5e695dc8027d95d40a1c77 (diff) | |
system: Make /gnu/store a read-only bind mount by default.
* gnu/system/file-systems.scm (%immutable-store): New variable.
(%base-file-systems): Add it.
* doc/guix.texi (File Systems): Document it.
| -rw-r--r-- | doc/guix.texi | 15 | ||||
| -rw-r--r-- | gnu/system/file-systems.scm | 18 |
2 files changed, 29 insertions, 4 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 09dcff59f4..4269d4fa5f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4221,8 +4221,9 @@ variables. @defvr {Scheme Variable} %base-file-systems These are essential file systems that are required on normal systems, -such as @var{%devtmpfs-file-system} (see below.) Operating system -declarations should always contain at least these. +such as @var{%devtmpfs-file-system} and @var{%immutable-store} (see +below.) Operating system declarations should always contain at least +these. @end defvr @defvr {Scheme Variable} %devtmpfs-file-system @@ -4244,6 +4245,16 @@ memory sharing across processes (@pxref{Memory-mapped I/O, @code{shm_open},, libc, The GNU C Library Reference Manual}). @end defvr +@defvr {Scheme Variable} %immutable-store +This file system performs a read-only ``bind mount'' of +@file{/gnu/store}, making it read-only for all the users including +@code{root}. This prevents against accidental modification by software +running as @code{root} or by system administrators. + +The daemon itself is still able to write to the store: it remounts it +read-write in its own ``name space.'' +@end defvr + @defvr {Scheme Variable} %binary-format-file-system The @code{binfmt_misc} file system, which allows handling of arbitrary executable file types to be delegated to user space. This requires the diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm index 4760821840..db861baed2 100644 --- a/gnu/system/file-systems.scm +++ b/gnu/system/file-systems.scm @@ -1,5 +1,5 @@ ;;; GNU Guix --- Functional package management for GNU -;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org> +;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org> ;;; ;;; This file is part of GNU Guix. ;;; @@ -19,6 +19,7 @@ (define-module (gnu system file-systems) #:use-module (guix gexp) #:use-module (guix records) + #:use-module (guix store) #:export (<file-system> file-system file-system? @@ -37,6 +38,7 @@ %shared-memory-file-system %pseudo-terminal-file-system %devtmpfs-file-system + %immutable-store %base-file-systems @@ -139,12 +141,24 @@ file system." (options "size=50%") ;TODO: make size configurable (create-mount-point? #t))) +(define %immutable-store + ;; Read-only store to avoid users or daemons accidentally modifying it. + ;; 'guix-daemon' has provisions to remount it read-write in its own name + ;; space. + (file-system + (device (%store-prefix)) + (mount-point (%store-prefix)) + (type "none") + (check? #f) + (flags '(read-only bind-mount)))) + (define %base-file-systems ;; List of basic file systems to be mounted. Note that /proc and /sys are ;; currently mounted by the initrd. (list %devtmpfs-file-system %pseudo-terminal-file-system - %shared-memory-file-system)) + %shared-memory-file-system + %immutable-store)) |