From c829bc80bd288bc9f3c926bfff69baf06a8c6e62 Mon Sep 17 00:00:00 2001 From: David Thompson Date: Sun, 28 Jun 2015 00:42:16 -0400 Subject: gnu: system: Add Linux container file systems. * gnu/system/file-systems.scm (%container-file-systems): New variable. --- gnu/system/file-systems.scm | 40 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 40 insertions(+) diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm index b33f826b45..a06c173a70 100644 --- a/gnu/system/file-systems.scm +++ b/gnu/system/file-systems.scm @@ -45,6 +45,7 @@ %control-groups %base-file-systems + %container-file-systems mapped-device mapped-device? @@ -198,6 +199,45 @@ initrd code." %immutable-store) %control-groups)) +;; File systems for Linux containers differ from %base-file-systems in that +;; they impose additional restrictions such as no-exec or need different +;; options to function properly. +;; +;; The file system flags and options conform to the libcontainer +;; specification: +;; https://github.com/docker/libcontainer/blob/master/SPEC.md#filesystem +(define %container-file-systems + (list + ;; Psuedo-terminal file system. + (file-system + (device "none") + (mount-point "/dev/pts") + (type "devpts") + (flags '(no-exec no-suid)) + (needed-for-boot? #t) + (create-mount-point? #t) + (check? #f) + (options "newinstance,ptmxmode=0666,mode=620")) + ;; Shared memory file system. + (file-system + (device "tmpfs") + (mount-point "/dev/shm") + (type "tmpfs") + (flags '(no-exec no-suid no-dev)) + (options "mode=1777,size=65536k") + (needed-for-boot? #t) + (create-mount-point? #t) + (check? #f)) + ;; Message queue file system. + (file-system + (device "mqueue") + (mount-point "/dev/mqueue") + (type "mqueue") + (flags '(no-exec no-suid no-dev)) + (needed-for-boot? #t) + (create-mount-point? #t) + (check? #f)))) + ;;; -- cgit v1.2.3