1
Fork 0
mirror of https://https.git.savannah.gnu.org/git/guix.git/ synced 2025-07-09 23:50:47 +02:00

etc: guix-daemon.service.in: Disable host filesystem mount propagation.

This fixes issue for rootless guix daemon where store being remounted
read-only by gnu-store.mount is propagated to the guix daemon making
guix daemon not able to modify it.

* etc/guix-daemon.service.in: Disable host filesystem mount propagation.

Change-Id: Ib1abc387ee15d2b04d6f70c121244943cd0ad8c6
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Modified-by: Ludovic Courtès <ludo@gnu.org>
This commit is contained in:
Ivan Popovych 2025-06-14 17:42:15 +03:00 committed by Ludovic Courtès
parent dd7e39ccfd
commit 5db599f41a
No known key found for this signature in database
GPG key ID: 090B11993D9AEBB5

View file

@ -21,6 +21,9 @@ User=guix-daemon
# effect of 'gnu-store.mount'.
PrivateMounts=true
BindPaths=@storedir@
# Disable host file system mount propagation to keep service view of the
# store read-write after 'gnu-store.mount' makes it read-only system-wide.
MountFlags=private
# Provide the CAP_CHOWN capability so that guix-daemon can create and chown
# /var/guix/profiles/per-user/$USER and also chown failed build directories