[jackhill/guix/guix.git] / gnu / system / file-systems.scm

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system file-systems)
  #:use-module (ice-9 match)
  #:use-module (guix records)
  #:use-module (guix store)
  #:use-module ((gnu build file-systems)
                #:select (string->uuid uuid->string))
  #:re-export (string->uuid
               uuid->string)
  #:export (<file-system>
            file-system
            file-system?
            file-system-device
            file-system-title
            file-system-mount-point
            file-system-type
            file-system-needed-for-boot?
            file-system-flags
            file-system-options
            file-system-mount?
            file-system-check?
            file-system-create-mount-point?
            file-system-dependencies

            file-system->spec
            specification->file-system-mapping
            uuid

            %fuse-control-file-system
            %binary-format-file-system
            %shared-memory-file-system
            %pseudo-terminal-file-system
            %immutable-store
            %control-groups
            %elogind-file-systems

            %base-file-systems
            %container-file-systems

            <file-system-mapping>
            file-system-mapping
            file-system-mapping?
            file-system-mapping-source
            file-system-mapping-target
            file-system-mapping-writable?

            %store-mapping))

;;; Commentary:
;;;
;;; Declaring file systems to be mounted.
;;;
;;; Code:

;; File system declaration.
(define-record-type* <file-system> file-system
  make-file-system
  file-system?
  (device           file-system-device)           ; string
  (title            file-system-title             ; 'device | 'label | 'uuid
                    (default 'device))
  (mount-point      file-system-mount-point)      ; string
  (type             file-system-type)             ; string
  (flags            file-system-flags             ; list of symbols
                    (default '()))
  (options          file-system-options           ; string or #f
                    (default #f))
  (mount?           file-system-mount?            ; Boolean
                    (default #t))
  (needed-for-boot? %file-system-needed-for-boot? ; Boolean
                    (default #f))
  (check?           file-system-check?            ; Boolean
                    (default #t))
  (create-mount-point? file-system-create-mount-point? ; Boolean
                       (default #f))
  (dependencies     file-system-dependencies      ; list of <file-system>
                    (default '())))               ; or <mapped-device>

(define-inlinable (file-system-needed-for-boot? fs)
  "Return true if FS has the 'needed-for-boot?' flag set, or if it's the root
file system."
  (or (%file-system-needed-for-boot? fs)
      (string=? "/" (file-system-mount-point fs))))

(define (file-system->spec fs)
  "Return a list corresponding to file-system FS that can be passed to the
initrd code."
  (match fs
    (($ <file-system> device title mount-point type flags options _ _ check?)
     (list device title mount-point type flags options check?))))

(define (specification->file-system-mapping spec writable?)
  "Read the SPEC and return the corresponding <file-system-mapping>.  SPEC is
a string of the form \"SOURCE\" or \"SOURCE=TARGET\".  The former specifies
that SOURCE from the host should be mounted at SOURCE in the other system.
The latter format specifies that SOURCE from the host should be mounted at
TARGET in the other system."
  (let ((index (string-index spec #\=)))
    (if index
        (file-system-mapping
         (source (substring spec 0 index))
         (target (substring spec (+ 1 index)))
         (writable? writable?))
        (file-system-mapping
         (source spec)
         (target spec)
         (writable? writable?)))))

(define-syntax uuid
  (lambda (s)
    "Return the bytevector corresponding to the given UUID representation."
    (syntax-case s ()
      ((_ str)
       (string? (syntax->datum #'str))
       ;; A literal string: do the conversion at expansion time.
       (let ((bv (string->uuid (syntax->datum #'str))))
         (unless bv
           (syntax-violation 'uuid "invalid UUID" s))
         (datum->syntax #'str bv)))
      ((_ str)
       #'(string->uuid str)))))

\f
;;;
;;; Common file systems.
;;;

(define %fuse-control-file-system
  ;; Control file system for Linux' file systems in user-space (FUSE).
  (file-system
    (device "fusectl")
    (mount-point "/sys/fs/fuse/connections")
    (type "fusectl")
    (check? #f)))

(define %binary-format-file-system
  ;; Support for arbitrary executable binary format.
  (file-system
    (device "binfmt_misc")
    (mount-point "/proc/sys/fs/binfmt_misc")
    (type "binfmt_misc")
    (check? #f)))

(define %tty-gid
  ;; ID of the 'tty' group.  Allocate it statically to make it easy to refer
  ;; to it from here and from the 'tty' group definitions.
  996)

(define %pseudo-terminal-file-system
  ;; The pseudo-terminal file system.  It needs to be mounted so that
  ;; statfs(2) returns DEVPTS_SUPER_MAGIC like libc's getpt(3) expects (and
  ;; thus openpty(3) and its users, such as xterm.)
  (file-system
    (device "none")
    (mount-point "/dev/pts")
    (type "devpts")
    (check? #f)
    (needed-for-boot? #f)
    (create-mount-point? #t)
    (options (string-append "gid=" (number->string %tty-gid) ",mode=620"))))

(define %shared-memory-file-system
  ;; Shared memory.
  (file-system
    (device "tmpfs")
    (mount-point "/dev/shm")
    (type "tmpfs")
    (check? #f)
    (flags '(no-suid no-dev))
    (options "size=50%")                         ;TODO: make size configurable
    (create-mount-point? #t)))

(define %immutable-store
  ;; Read-only store to avoid users or daemons accidentally modifying it.
  ;; 'guix-daemon' has provisions to remount it read-write in its own name
  ;; space.
  (file-system
    (device (%store-prefix))
    (mount-point (%store-prefix))
    (type "none")
    (check? #f)
    (flags '(read-only bind-mount))))

(define %control-groups
  (let ((parent (file-system
                  (device "cgroup")
                  (mount-point "/sys/fs/cgroup")
                  (type "tmpfs")
                  (check? #f))))
    (cons parent
          (map (lambda (subsystem)
                 (file-system
                   (device "cgroup")
                   (mount-point (string-append "/sys/fs/cgroup/" subsystem))
                   (type "cgroup")
                   (check? #f)
                   (options subsystem)
                   (create-mount-point? #t)

                   ;; This must be mounted after, and unmounted before the
                   ;; parent directory.
                   (dependencies (list parent))))
               '("cpuset" "cpu" "cpuacct" "memory" "devices" "freezer"
                 "blkio" "perf_event" "hugetlb")))))

(define %elogind-file-systems
  ;; We don't use systemd, but these file systems are needed for elogind,
  ;; which was extracted from systemd.
  (list (file-system
          (device "none")
          (mount-point "/run/systemd")
          (type "tmpfs")
          (check? #f)
          (flags '(no-suid no-dev no-exec))
          (options "mode=0755")
          (create-mount-point? #t))
        (file-system
          (device "none")
          (mount-point "/run/user")
          (type "tmpfs")
          (check? #f)
          (flags '(no-suid no-dev no-exec))
          (options "mode=0755")
          (create-mount-point? #t))
        ;; Elogind uses cgroups to organize processes, allowing it to map PIDs
        ;; to sessions.  Elogind's cgroup hierarchy isn't associated with any
        ;; resource controller ("subsystem").
        (file-system
          (device "cgroup")
          (mount-point "/sys/fs/cgroup/elogind")
          (type "cgroup")
          (check? #f)
          (options "none,name=elogind")
          (create-mount-point? #t)
          (dependencies (list (car %control-groups))))))

(define %base-file-systems
  ;; List of basic file systems to be mounted.  Note that /proc and /sys are
  ;; currently mounted by the initrd.
  (append (list %pseudo-terminal-file-system
                %shared-memory-file-system
                %immutable-store)
          %control-groups))

;; File systems for Linux containers differ from %base-file-systems in that
;; they impose additional restrictions such as no-exec or need different
;; options to function properly.
;;
;; The file system flags and options conform to the libcontainer
;; specification:
;; https://github.com/docker/libcontainer/blob/master/SPEC.md#filesystem
(define %container-file-systems
  (list
   ;; Pseudo-terminal file system.
   (file-system
     (device "none")
     (mount-point "/dev/pts")
     (type "devpts")
     (flags '(no-exec no-suid))
     (needed-for-boot? #t)
     (create-mount-point? #t)
     (check? #f)
     (options "newinstance,ptmxmode=0666,mode=620"))
   ;; Shared memory file system.
   (file-system
     (device "tmpfs")
     (mount-point "/dev/shm")
     (type "tmpfs")
     (flags '(no-exec no-suid no-dev))
     (options "mode=1777,size=65536k")
     (needed-for-boot? #t)
     (create-mount-point? #t)
     (check? #f))
   ;; Message queue file system.
   (file-system
     (device "mqueue")
     (mount-point "/dev/mqueue")
     (type "mqueue")
     (flags '(no-exec no-suid no-dev))
     (needed-for-boot? #t)
     (create-mount-point? #t)
     (check? #f))))

\f
;;;
;;; Shared file systems, for VMs/containers.
;;;

;; Mapping of host file system SOURCE to mount point TARGET in the guest.
(define-record-type* <file-system-mapping> file-system-mapping
  make-file-system-mapping
  file-system-mapping?
  (source    file-system-mapping-source)          ;string
  (target    file-system-mapping-target)          ;string
  (writable? file-system-mapping-writable?        ;Boolean
             (default #f)))

(define %store-mapping
  ;; Mapping of the host's store into the guest.
  (file-system-mapping
   (source (%store-prefix))
   (target (%store-prefix))
   (writable? #f)))

;;; file-systems.scm ends here
Commit	Line	Data
c5df1839	1	;;; GNU Guix --- Functional package management for GNU
f8865db6	2	;;; Copyright © 2013, 2014, 2015, 2016 Ludovic Courtès <ludo@gnu.org>
c5df1839 LC	3	;;;
	4	;;; This file is part of GNU Guix.
	5	;;;
	6	;;; GNU Guix is free software; you can redistribute it and/or modify it
	7	;;; under the terms of the GNU General Public License as published by
	8	;;; the Free Software Foundation; either version 3 of the License, or (at
	9	;;; your option) any later version.
	10	;;;
	11	;;; GNU Guix is distributed in the hope that it will be useful, but
	12	;;; WITHOUT ANY WARRANTY; without even the implied warranty of
	13	;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	;;; GNU General Public License for more details.
	15	;;;
	16	;;; You should have received a copy of the GNU General Public License
	17	;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
	18
	19	(define-module (gnu system file-systems)
575b4b09	20	#:use-module (ice-9 match)
c5df1839	21	#:use-module (guix records)
3392ce5d	22	#:use-module (guix store)
f8865db6 LC	23	#:use-module ((gnu build file-systems)
	24	#:select (string->uuid uuid->string))
	25	#:re-export (string->uuid
	26	uuid->string)
c5df1839 LC	27	#:export (<file-system>
	28	file-system
	29	file-system?
	30	file-system-device
d4c87617	31	file-system-title
c5df1839 LC	32	file-system-mount-point
	33	file-system-type
	34	file-system-needed-for-boot?
	35	file-system-flags
	36	file-system-options
be21979d	37	file-system-mount?
4e469051 LC	38	file-system-check?
4e469051 LC	39	file-system-create-mount-point?
e51710d1	40	file-system-dependencies
c5df1839	41
575b4b09	42	file-system->spec
d77a0bd6	43	specification->file-system-mapping
661a1d79	44	uuid
575b4b09	45
c5df1839	46	%fuse-control-file-system
a69576ea	47	%binary-format-file-system
705f8b68 MW	48	%shared-memory-file-system
705f8b68 MW	49	%pseudo-terminal-file-system
3392ce5d	50	%immutable-store
727636aa	51	%control-groups
14454f0b	52	%elogind-file-systems
a69576ea	53
5dae0186	54	%base-file-systems
c829bc80	55	%container-file-systems
5dae0186	56
9110c2e9 DT	57	<file-system-mapping>
	58	file-system-mapping
	59	file-system-mapping?
	60	file-system-mapping-source
	61	file-system-mapping-target
	62	file-system-mapping-writable?
	63
	64	%store-mapping))
c5df1839 LC	65
	66	;;; Commentary:
	67	;;;
	68	;;; Declaring file systems to be mounted.
	69	;;;
	70	;;; Code:
	71
	72	;; File system declaration.
	73	(define-record-type* <file-system> file-system
	74	make-file-system
	75	file-system?
	76	(device file-system-device) ; string
d4c87617 LC	77	(title file-system-title ; 'device \| 'label \| 'uuid
d4c87617 LC	78	(default 'device))
c5df1839 LC	79	(mount-point file-system-mount-point) ; string
	80	(type file-system-type) ; string
	81	(flags file-system-flags ; list of symbols
	82	(default '()))
	83	(options file-system-options ; string or #f
	84	(default #f))
be21979d LC	85	(mount? file-system-mount? ; Boolean
be21979d LC	86	(default #t))
4d6b879c	87	(needed-for-boot? %file-system-needed-for-boot? ; Boolean
c5df1839 LC	88	(default #f))
c5df1839 LC	89	(check? file-system-check? ; Boolean
4e469051 LC	90	(default #t))
4e469051 LC	91	(create-mount-point? file-system-create-mount-point? ; Boolean
e51710d1	92	(default #f))
e502bf89 LC	93	(dependencies file-system-dependencies ; list of <file-system>
e502bf89 LC	94	(default '()))) ; or <mapped-device>
c5df1839	95
4d6b879c LC	96	(define-inlinable (file-system-needed-for-boot? fs)
	97	"Return true if FS has the 'needed-for-boot?' flag set, or if it's the root
	98	file system."
	99	(or (%file-system-needed-for-boot? fs)
	100	(string=? "/" (file-system-mount-point fs))))
	101
575b4b09 DT	102	(define (file-system->spec fs)
	103	"Return a list corresponding to file-system FS that can be passed to the
	104	initrd code."
	105	(match fs
be21979d	106	(($ <file-system> device title mount-point type flags options _ _ check?)
575b4b09 DT	107	(list device title mount-point type flags options check?))))
575b4b09 DT	108
d77a0bd6 LC	109	(define (specification->file-system-mapping spec writable?)
	110	"Read the SPEC and return the corresponding <file-system-mapping>. SPEC is
	111	a string of the form \"SOURCE\" or \"SOURCE=TARGET\". The former specifies
	112	that SOURCE from the host should be mounted at SOURCE in the other system.
	113	The latter format specifies that SOURCE from the host should be mounted at
	114	TARGET in the other system."
	115	(let ((index (string-index spec #\=)))
	116	(if index
	117	(file-system-mapping
	118	(source (substring spec 0 index))
	119	(target (substring spec (+ 1 index)))
	120	(writable? writable?))
	121	(file-system-mapping
	122	(source spec)
	123	(target spec)
	124	(writable? writable?)))))
	125
661a1d79 LC	126	(define-syntax uuid
	127	(lambda (s)
	128	"Return the bytevector corresponding to the given UUID representation."
	129	(syntax-case s ()
	130	((_ str)
	131	(string? (syntax->datum #'str))
	132	;; A literal string: do the conversion at expansion time.
1cab9e81 LC	133	(let ((bv (string->uuid (syntax->datum #'str))))
	134	(unless bv
	135	(syntax-violation 'uuid "invalid UUID" s))
	136	(datum->syntax #'str bv)))
661a1d79 LC	137	((_ str)
	138	#'(string->uuid str)))))
	139
	140	\f
	141	;;;
	142	;;; Common file systems.
	143	;;;
	144
c5df1839 LC	145	(define %fuse-control-file-system
	146	;; Control file system for Linux' file systems in user-space (FUSE).
	147	(file-system
	148	(device "fusectl")
	149	(mount-point "/sys/fs/fuse/connections")
	150	(type "fusectl")
	151	(check? #f)))
	152
	153	(define %binary-format-file-system
	154	;; Support for arbitrary executable binary format.
	155	(file-system
	156	(device "binfmt_misc")
	157	(mount-point "/proc/sys/fs/binfmt_misc")
	158	(type "binfmt_misc")
	159	(check? #f)))
	160
7f239fd3 LC	161	(define %tty-gid
	162	;; ID of the 'tty' group. Allocate it statically to make it easy to refer
	163	;; to it from here and from the 'tty' group definitions.
c8fa3426	164	996)
7f239fd3 LC	165
	166	(define %pseudo-terminal-file-system
	167	;; The pseudo-terminal file system. It needs to be mounted so that
	168	;; statfs(2) returns DEVPTS_SUPER_MAGIC like libc's getpt(3) expects (and
	169	;; thus openpty(3) and its users, such as xterm.)
	170	(file-system
	171	(device "none")
	172	(mount-point "/dev/pts")
	173	(type "devpts")
	174	(check? #f)
	175	(needed-for-boot? #f)
	176	(create-mount-point? #t)
	177	(options (string-append "gid=" (number->string %tty-gid) ",mode=620"))))
a69576ea	178
db17ae5c LC	179	(define %shared-memory-file-system
	180	;; Shared memory.
	181	(file-system
	182	(device "tmpfs")
	183	(mount-point "/dev/shm")
	184	(type "tmpfs")
	185	(check? #f)
	186	(flags '(no-suid no-dev))
	187	(options "size=50%") ;TODO: make size configurable
	188	(create-mount-point? #t)))
	189
3392ce5d LC	190	(define %immutable-store
	191	;; Read-only store to avoid users or daemons accidentally modifying it.
	192	;; 'guix-daemon' has provisions to remount it read-write in its own name
	193	;; space.
	194	(file-system
	195	(device (%store-prefix))
	196	(mount-point (%store-prefix))
	197	(type "none")
	198	(check? #f)
	199	(flags '(read-only bind-mount))))
	200
727636aa	201	(define %control-groups
b78cad85 LC	202	(let ((parent (file-system
	203	(device "cgroup")
	204	(mount-point "/sys/fs/cgroup")
	205	(type "tmpfs")
	206	(check? #f))))
	207	(cons parent
	208	(map (lambda (subsystem)
	209	(file-system
	210	(device "cgroup")
	211	(mount-point (string-append "/sys/fs/cgroup/" subsystem))
	212	(type "cgroup")
	213	(check? #f)
	214	(options subsystem)
	215	(create-mount-point? #t)
	216
	217	;; This must be mounted after, and unmounted before the
	218	;; parent directory.
	219	(dependencies (list parent))))
	220	'("cpuset" "cpu" "cpuacct" "memory" "devices" "freezer"
	221	"blkio" "perf_event" "hugetlb")))))
727636aa	222
14454f0b MW	223	(define %elogind-file-systems
	224	;; We don't use systemd, but these file systems are needed for elogind,
	225	;; which was extracted from systemd.
	226	(list (file-system
	227	(device "none")
	228	(mount-point "/run/systemd")
	229	(type "tmpfs")
	230	(check? #f)
	231	(flags '(no-suid no-dev no-exec))
	232	(options "mode=0755")
	233	(create-mount-point? #t))
	234	(file-system
	235	(device "none")
	236	(mount-point "/run/user")
	237	(type "tmpfs")
	238	(check? #f)
	239	(flags '(no-suid no-dev no-exec))
	240	(options "mode=0755")
a7e50a2a AW	241	(create-mount-point? #t))
	242	;; Elogind uses cgroups to organize processes, allowing it to map PIDs
	243	;; to sessions. Elogind's cgroup hierarchy isn't associated with any
	244	;; resource controller ("subsystem").
	245	(file-system
	246	(device "cgroup")
	247	(mount-point "/sys/fs/cgroup/elogind")
	248	(type "cgroup")
	249	(check? #f)
	250	(options "none,name=elogind")
	251	(create-mount-point? #t)
	252	(dependencies (list (car %control-groups))))))
14454f0b	253
a69576ea LC	254	(define %base-file-systems
	255	;; List of basic file systems to be mounted. Note that /proc and /sys are
	256	;; currently mounted by the initrd.
cc0e575a	257	(append (list %pseudo-terminal-file-system
727636aa DT	258	%shared-memory-file-system
	259	%immutable-store)
	260	%control-groups))
a69576ea	261
c829bc80 DT	262	;; File systems for Linux containers differ from %base-file-systems in that
	263	;; they impose additional restrictions such as no-exec or need different
	264	;; options to function properly.
	265	;;
	266	;; The file system flags and options conform to the libcontainer
	267	;; specification:
	268	;; https://github.com/docker/libcontainer/blob/master/SPEC.md#filesystem
	269	(define %container-file-systems
	270	(list
b57ec5f6	271	;; Pseudo-terminal file system.
c829bc80 DT	272	(file-system
	273	(device "none")
	274	(mount-point "/dev/pts")
	275	(type "devpts")
	276	(flags '(no-exec no-suid))
	277	(needed-for-boot? #t)
	278	(create-mount-point? #t)
	279	(check? #f)
	280	(options "newinstance,ptmxmode=0666,mode=620"))
	281	;; Shared memory file system.
	282	(file-system
	283	(device "tmpfs")
	284	(mount-point "/dev/shm")
	285	(type "tmpfs")
	286	(flags '(no-exec no-suid no-dev))
	287	(options "mode=1777,size=65536k")
	288	(needed-for-boot? #t)
	289	(create-mount-point? #t)
	290	(check? #f))
	291	;; Message queue file system.
	292	(file-system
	293	(device "mqueue")
	294	(mount-point "/dev/mqueue")
	295	(type "mqueue")
	296	(flags '(no-exec no-suid no-dev))
	297	(needed-for-boot? #t)
	298	(create-mount-point? #t)
	299	(check? #f))))
	300
9110c2e9 DT	301	\f
	302	;;;
	303	;;; Shared file systems, for VMs/containers.
	304	;;;
	305
	306	;; Mapping of host file system SOURCE to mount point TARGET in the guest.
	307	(define-record-type* <file-system-mapping> file-system-mapping
	308	make-file-system-mapping
	309	file-system-mapping?
	310	(source file-system-mapping-source) ;string
	311	(target file-system-mapping-target) ;string
	312	(writable? file-system-mapping-writable? ;Boolean
	313	(default #f)))
	314
	315	(define %store-mapping
	316	;; Mapping of the host's store into the guest.
	317	(file-system-mapping
	318	(source (%store-prefix))
	319	(target (%store-prefix))
	320	(writable? #f)))
	321
c5df1839	322	;;; file-systems.scm ends here