system: Make /gnu/store a read-only bind mount by default.

* gnu/system/file-systems.scm (%immutable-store): New variable.
  (%base-file-systems): Add it.
* doc/guix.texi (File Systems): Document it.
This commit is contained in:
Ludovic Courtès 2015-04-20 22:21:51 +02:00
parent b86fee7848
commit 3392ce5d60
2 changed files with 29 additions and 4 deletions

View file

@ -4221,8 +4221,9 @@ variables.
@defvr {Scheme Variable} %base-file-systems
These are essential file systems that are required on normal systems,
such as @var{%devtmpfs-file-system} (see below.) Operating system
declarations should always contain at least these.
such as @var{%devtmpfs-file-system} and @var{%immutable-store} (see
below.) Operating system declarations should always contain at least
these.
@end defvr
@defvr {Scheme Variable} %devtmpfs-file-system
@ -4244,6 +4245,16 @@ memory sharing across processes (@pxref{Memory-mapped I/O,
@code{shm_open},, libc, The GNU C Library Reference Manual}).
@end defvr
@defvr {Scheme Variable} %immutable-store
This file system performs a read-only ``bind mount'' of
@file{/gnu/store}, making it read-only for all the users including
@code{root}. This prevents against accidental modification by software
running as @code{root} or by system administrators.
The daemon itself is still able to write to the store: it remounts it
read-write in its own ``name space.''
@end defvr
@defvr {Scheme Variable} %binary-format-file-system
The @code{binfmt_misc} file system, which allows handling of arbitrary
executable file types to be delegated to user space. This requires the

View file

@ -1,5 +1,5 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014 Ludovic Courtès <ludo@gnu.org>
;;; Copyright © 2013, 2014, 2015 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
@ -19,6 +19,7 @@
(define-module (gnu system file-systems)
#:use-module (guix gexp)
#:use-module (guix records)
#:use-module (guix store)
#:export (<file-system>
file-system
file-system?
@ -37,6 +38,7 @@ (define-module (gnu system file-systems)
%shared-memory-file-system
%pseudo-terminal-file-system
%devtmpfs-file-system
%immutable-store
%base-file-systems
@ -139,12 +141,24 @@ (define %shared-memory-file-system
(options "size=50%") ;TODO: make size configurable
(create-mount-point? #t)))
(define %immutable-store
;; Read-only store to avoid users or daemons accidentally modifying it.
;; 'guix-daemon' has provisions to remount it read-write in its own name
;; space.
(file-system
(device (%store-prefix))
(mount-point (%store-prefix))
(type "none")
(check? #f)
(flags '(read-only bind-mount))))
(define %base-file-systems
;; List of basic file systems to be mounted. Note that /proc and /sys are
;; currently mounted by the initrd.
(list %devtmpfs-file-system
%pseudo-terminal-file-system
%shared-memory-file-system))
%shared-memory-file-system
%immutable-store))