1 files changed, 13 insertions, 2 deletions

diff --git a/doc/guix.texi b/doc/guix.texi
index 09dcff59f4..4269d4fa5f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4221,8 +4221,9 @@ variables.
 
 @defvr {Scheme Variable} %base-file-systems
 These are essential file systems that are required on normal systems,
-such as @var{%devtmpfs-file-system} (see below.)  Operating system
-declarations should always contain at least these.
+such as @var{%devtmpfs-file-system} and @var{%immutable-store} (see
+below.)  Operating system declarations should always contain at least
+these.
 @end defvr
 
 @defvr {Scheme Variable} %devtmpfs-file-system
@@ -4244,6 +4245,16 @@ memory sharing across processes (@pxref{Memory-mapped I/O,
 @code{shm_open},, libc, The GNU C Library Reference Manual}).
 @end defvr
 
+@defvr {Scheme Variable} %immutable-store
+This file system performs a read-only ``bind mount'' of
+@file{/gnu/store}, making it read-only for all the users including
+@code{root}.  This prevents against accidental modification by software
+running as @code{root} or by system administrators.
+
+The daemon itself is still able to write to the store: it remounts it
+read-write in its own ``name space.''
+@end defvr
+
 @defvr {Scheme Variable} %binary-format-file-system
 The @code{binfmt_misc} file system, which allows handling of arbitrary
 executable file types to be delegated to user space.  This requires the