From 5db599f41a14550ea2595e2caed966d75bcd8ae6 Mon Sep 17 00:00:00 2001 From: Ivan Popovych Date: Sat, 14 Jun 2025 17:42:15 +0300 Subject: [PATCH] etc: guix-daemon.service.in: Disable host filesystem mount propagation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This fixes issue for rootless guix daemon where store being remounted read-only by gnu-store.mount is propagated to the guix daemon making guix daemon not able to modify it. * etc/guix-daemon.service.in: Disable host filesystem mount propagation. Change-Id: Ib1abc387ee15d2b04d6f70c121244943cd0ad8c6 Signed-off-by: Ludovic Courtès Modified-by: Ludovic Courtès --- etc/guix-daemon.service.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/etc/guix-daemon.service.in b/etc/guix-daemon.service.in index 6a5ef97f9b..6e534771c6 100644 --- a/etc/guix-daemon.service.in +++ b/etc/guix-daemon.service.in @@ -21,6 +21,9 @@ User=guix-daemon # effect of 'gnu-store.mount'. PrivateMounts=true BindPaths=@storedir@ +# Disable host file system mount propagation to keep service view of the +# store read-write after 'gnu-store.mount' makes it read-only system-wide. +MountFlags=private # Provide the CAP_CHOWN capability so that guix-daemon can create and chown # /var/guix/profiles/per-user/$USER and also chown failed build directories