diff options
author | Ludovic Courtès <ludo@gnu.org> | 2015-04-20 22:21:51 +0200 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2015-04-20 22:21:51 +0200 |
commit | 3392ce5d606be84c07624e0626b99e410449639f (patch) | |
tree | 7e7d739c3019463a479e4c85e5ebc99fc9b3b204 /doc/guix.texi | |
parent | b86fee7848f964da4d5e695dc8027d95d40a1c77 (diff) | |
download | patches-3392ce5d606be84c07624e0626b99e410449639f.tar patches-3392ce5d606be84c07624e0626b99e410449639f.tar.gz |
system: Make /gnu/store a read-only bind mount by default.
* gnu/system/file-systems.scm (%immutable-store): New variable.
(%base-file-systems): Add it.
* doc/guix.texi (File Systems): Document it.
Diffstat (limited to 'doc/guix.texi')
-rw-r--r-- | doc/guix.texi | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 09dcff59f4..4269d4fa5f 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -4221,8 +4221,9 @@ variables. @defvr {Scheme Variable} %base-file-systems These are essential file systems that are required on normal systems, -such as @var{%devtmpfs-file-system} (see below.) Operating system -declarations should always contain at least these. +such as @var{%devtmpfs-file-system} and @var{%immutable-store} (see +below.) Operating system declarations should always contain at least +these. @end defvr @defvr {Scheme Variable} %devtmpfs-file-system @@ -4244,6 +4245,16 @@ memory sharing across processes (@pxref{Memory-mapped I/O, @code{shm_open},, libc, The GNU C Library Reference Manual}). @end defvr +@defvr {Scheme Variable} %immutable-store +This file system performs a read-only ``bind mount'' of +@file{/gnu/store}, making it read-only for all the users including +@code{root}. This prevents against accidental modification by software +running as @code{root} or by system administrators. + +The daemon itself is still able to write to the store: it remounts it +read-write in its own ``name space.'' +@end defvr + @defvr {Scheme Variable} %binary-format-file-system The @code{binfmt_misc} file system, which allows handling of arbitrary executable file types to be delegated to user space. This requires the |