tribes/guix
1
0
Fork 0
mirror of https://git.savannah.gnu.org/git/guix.git synced 2026-04-06 21:20:33 +02:00
Code Activity

etc: guix-daemon.service.in: Disable host filesystem mount propagation.

Browse Source 
This fixes issue for rootless guix daemon where store being remounted
read-only by gnu-store.mount is propagated to the guix daemon making
guix daemon not able to modify it.

* etc/guix-daemon.service.in: Disable host filesystem mount propagation.

Change-Id: Ib1abc387ee15d2b04d6f70c121244943cd0ad8c6
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Ivan Popovych
2025-06-14 17:42:15 +03:00
committed by Ludovic Courtès
parent dd7e39ccfd
commit 5db599f41a
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
etc/guix-daemon.service.in
View File

@@ -21,6 +21,9 @@ User=guix-daemon
# effect of 'gnu-store.mount'.
PrivateMounts=true
BindPaths=@storedir@
# Disable host file system mount propagation to keep service view of the
# store read-write after 'gnu-store.mount' makes it read-only system-wide.
MountFlags=private
# Provide the CAP_CHOWN capability so that guix-daemon can create and chown
# /var/guix/profiles/per-user/$USER and also chown failed build directories