From 2c071ce96e7e4049be3ae2eb958077566d3b4ea0 Mon Sep 17 00:00:00 2001 From: Ludovic Courtès Date: Wed, 23 Jul 2014 00:44:27 +0200 Subject: system: Recognize more file system flags. * guix/build/linux-initrd.scm (MS_NOSUID, MS_NODEV, MS_NOEXEC): New variables. (mount-flags->bit-mask): New procedure. (mount-file-system)[flags->bit-mask]: Remove. Use 'mount-flags->bit-mask' instead. In /etc/mtab, use the empty string when OPTIONS is false. * gnu/services/base.scm (file-system-service): Add #:flags parameter and honor it. * gnu/system.scm (other-file-system-services): Pass FLAGS to 'file-system-service'. --- doc/guix.texi | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'doc/guix.texi') diff --git a/doc/guix.texi b/doc/guix.texi index f475a172fe..42e62d4648 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -3039,7 +3039,9 @@ partitions without having to hard-code their actual device name. @item @code{flags} (default: @code{'()}) This is a list of symbols denoting mount flags. Recognized flags -include @code{read-only} and @code{bind-mount}. +include @code{read-only}, @code{bind-mount}, @code{no-dev} (disallow +access to special files), @code{no-suid} (ignore setuid and setgid +bits), and @code{no-exec} (disallow program execution.) @item @code{options} (default: @code{#f}) This is either @code{#f}, or a string denoting mount options. -- cgit v1.2.3