[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

02/03: system: Make /gnu/store a read-only bind mount by default.

From: Ludovic Courtès
Subject: 02/03: system: Make /gnu/store a read-only bind mount by default.
Date: Mon, 20 Apr 2015 20:46:34 +0000

civodul pushed a commit to branch master
in repository guix.

commit 3392ce5d606be84c07624e0626b99e410449639f
Author: Ludovic Courtès <address@hidden>
Date:   Mon Apr 20 22:21:51 2015 +0200

    system: Make /gnu/store a read-only bind mount by default.
    * gnu/system/file-systems.scm (%immutable-store): New variable.
      (%base-file-systems): Add it.
    * doc/guix.texi (File Systems): Document it.
 doc/guix.texi               |   15 +++++++++++++--
 gnu/system/file-systems.scm |   18 ++++++++++++++++--
 2 files changed, 29 insertions(+), 4 deletions(-)

diff --git a/doc/guix.texi b/doc/guix.texi
index 09dcff5..4269d4f 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -4221,8 +4221,9 @@ variables.
 @defvr {Scheme Variable} %base-file-systems
 These are essential file systems that are required on normal systems,
-such as @var{%devtmpfs-file-system} (see below.)  Operating system
-declarations should always contain at least these.
+such as @var{%devtmpfs-file-system} and @var{%immutable-store} (see
+below.)  Operating system declarations should always contain at least
 @end defvr
 @defvr {Scheme Variable} %devtmpfs-file-system
@@ -4244,6 +4245,16 @@ memory sharing across processes (@pxref{Memory-mapped 
 @code{shm_open},, libc, The GNU C Library Reference Manual}).
 @end defvr
address@hidden {Scheme Variable} %immutable-store
+This file system performs a read-only ``bind mount'' of
address@hidden/gnu/store}, making it read-only for all the users including
address@hidden  This prevents against accidental modification by software
+running as @code{root} or by system administrators.
+The daemon itself is still able to write to the store: it remounts it
+read-write in its own ``name space.''
address@hidden defvr
 @defvr {Scheme Variable} %binary-format-file-system
 The @code{binfmt_misc} file system, which allows handling of arbitrary
 executable file types to be delegated to user space.  This requires the
diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm
index 4760821..db861ba 100644
--- a/gnu/system/file-systems.scm
+++ b/gnu/system/file-systems.scm
@@ -1,5 +1,5 @@
 ;;; GNU Guix --- Functional package management for GNU
-;;; Copyright © 2013, 2014 Ludovic Courtès <address@hidden>
+;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <address@hidden>
 ;;; This file is part of GNU Guix.
@@ -19,6 +19,7 @@
 (define-module (gnu system file-systems)
   #:use-module (guix gexp)
   #:use-module (guix records)
+  #:use-module (guix store)
   #:export (<file-system>
@@ -37,6 +38,7 @@
+            %immutable-store
@@ -139,12 +141,24 @@ file system."
     (options "size=50%")                         ;TODO: make size configurable
     (create-mount-point? #t)))
+(define %immutable-store
+  ;; Read-only store to avoid users or daemons accidentally modifying it.
+  ;; 'guix-daemon' has provisions to remount it read-write in its own name
+  ;; space.
+  (file-system
+    (device (%store-prefix))
+    (mount-point (%store-prefix))
+    (type "none")
+    (check? #f)
+    (flags '(read-only bind-mount))))
 (define %base-file-systems
   ;; List of basic file systems to be mounted.  Note that /proc and /sys are
   ;; currently mounted by the initrd.
   (list %devtmpfs-file-system
-        %shared-memory-file-system))
+        %shared-memory-file-system
+        %immutable-store))

reply via email to

[Prev in Thread] Current Thread [Next in Thread]