aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDavid Thompson <davet@gnu.org>2015-06-28 00:42:16 -0400
committerDavid Thompson <dthompson2@worcester.edu>2015-07-09 08:25:33 -0400
commitc829bc80bd288bc9f3c926bfff69baf06a8c6e62 (patch)
tree767c4c46c05e0b61470f81721664021cc6dae899
parentc1f6a0c2ed8caa5b04aae77e5d2e3a2299305a43 (diff)
downloadpatches-c829bc80bd288bc9f3c926bfff69baf06a8c6e62.tar
patches-c829bc80bd288bc9f3c926bfff69baf06a8c6e62.tar.gz
gnu: system: Add Linux container file systems.
* gnu/system/file-systems.scm (%container-file-systems): New variable.
-rw-r--r--gnu/system/file-systems.scm40
1 files changed, 40 insertions, 0 deletions
diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm
index b33f826b45..a06c173a70 100644
--- a/gnu/system/file-systems.scm
+++ b/gnu/system/file-systems.scm
@@ -45,6 +45,7 @@
%control-groups
%base-file-systems
+ %container-file-systems
mapped-device
mapped-device?
@@ -198,6 +199,45 @@ initrd code."
%immutable-store)
%control-groups))
+;; File systems for Linux containers differ from %base-file-systems in that
+;; they impose additional restrictions such as no-exec or need different
+;; options to function properly.
+;;
+;; The file system flags and options conform to the libcontainer
+;; specification:
+;; https://github.com/docker/libcontainer/blob/master/SPEC.md#filesystem
+(define %container-file-systems
+ (list
+ ;; Psuedo-terminal file system.
+ (file-system
+ (device "none")
+ (mount-point "/dev/pts")
+ (type "devpts")
+ (flags '(no-exec no-suid))
+ (needed-for-boot? #t)
+ (create-mount-point? #t)
+ (check? #f)
+ (options "newinstance,ptmxmode=0666,mode=620"))
+ ;; Shared memory file system.
+ (file-system
+ (device "tmpfs")
+ (mount-point "/dev/shm")
+ (type "tmpfs")
+ (flags '(no-exec no-suid no-dev))
+ (options "mode=1777,size=65536k")
+ (needed-for-boot? #t)
+ (create-mount-point? #t)
+ (check? #f))
+ ;; Message queue file system.
+ (file-system
+ (device "mqueue")
+ (mount-point "/dev/mqueue")
+ (type "mqueue")
+ (flags '(no-exec no-suid no-dev))
+ (needed-for-boot? #t)
+ (create-mount-point? #t)
+ (check? #f))))
+
;;;