1 ;;; GNU Guix --- Functional package management for GNU
2 ;;; Copyright © 2013, 2014, 2015, 2016, 2017 Ludovic Courtès <ludo@gnu.org>
4 ;;; This file is part of GNU Guix.
6 ;;; GNU Guix is free software; you can redistribute it and/or modify it
7 ;;; under the terms of the GNU General Public License as published by
8 ;;; the Free Software Foundation; either version 3 of the License, or (at
9 ;;; your option) any later version.
11 ;;; GNU Guix is distributed in the hope that it will be useful, but
12 ;;; WITHOUT ANY WARRANTY; without even the implied warranty of
13 ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 ;;; GNU General Public License for more details.
16 ;;; You should have received a copy of the GNU General Public License
17 ;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
19 (define-module (gnu system file-systems)
20 #:use-module (ice-9 match)
21 #:use-module (srfi srfi-1)
22 #:use-module (guix records)
23 #:use-module (gnu system uuid)
24 #:re-export (uuid ;backward compatibility
27 #:export (<file-system>
32 file-system-mount-point
34 file-system-needed-for-boot?
39 file-system-create-mount-point?
40 file-system-dependencies
42 file-system-type-predicate
46 specification->file-system-mapping
48 %fuse-control-file-system
49 %binary-format-file-system
50 %shared-memory-file-system
51 %pseudo-terminal-file-system
58 %container-file-systems
63 file-system-mapping-source
64 file-system-mapping-target
65 file-system-mapping-writable?
67 file-system-mapping->bind-mount
70 %network-configuration-files
71 %network-file-mappings))
75 ;;; Declaring file systems to be mounted.
77 ;;; Note: this file system is used both in the Shepherd and on the "host
78 ;;; side", so it must not include (gnu packages …) modules.
82 ;; File system declaration.
83 (define-record-type* <file-system> file-system
86 (device file-system-device) ; string
87 (title file-system-title ; 'device | 'label | 'uuid
89 (mount-point file-system-mount-point) ; string
90 (type file-system-type) ; string
91 (flags file-system-flags ; list of symbols
93 (options file-system-options ; string or #f
95 (mount? file-system-mount? ; Boolean
97 (needed-for-boot? %file-system-needed-for-boot? ; Boolean
99 (check? file-system-check? ; Boolean
101 (create-mount-point? file-system-create-mount-point? ; Boolean
103 (dependencies file-system-dependencies ; list of <file-system>
104 (default '()))) ; or <mapped-device>
106 ;; Note: This module is used both on the build side and on the host side.
107 ;; Arrange not to pull (guix store) and (guix config) because the latter
108 ;; differs from user to user.
109 (define (%store-prefix)
110 "Return the store prefix."
111 (cond ((resolve-module '(guix store) #:ensure #f)
114 ((module-ref store '%store-prefix))))
115 ((getenv "NIX_STORE")
121 (char-set-complement (char-set #\/)))
123 (define (file-prefix? file1 file2)
124 "Return #t if FILE1 denotes the name of a file that is a parent of FILE2,
125 where both FILE1 and FILE2 are absolute file name. For example:
127 (file-prefix? \"/gnu\" \"/gnu/store\")
130 (file-prefix? \"/gn\" \"/gnu/store\")
133 (and (string-prefix? "/" file1)
134 (string-prefix? "/" file2)
135 (let loop ((file1 (string-tokenize file1 %not-slash))
136 (file2 (string-tokenize file2 %not-slash)))
143 (and (string=? head1 head2) (loop tail1 tail2)))
147 (define (file-system-needed-for-boot? fs)
148 "Return true if FS has the 'needed-for-boot?' flag set, or if it holds the
149 store--e.g., if FS is the root file system."
150 (or (%file-system-needed-for-boot? fs)
151 (and (file-prefix? (file-system-mount-point fs) (%store-prefix))
152 (not (memq 'bind-mount (file-system-flags fs))))))
154 (define (file-system->spec fs)
155 "Return a list corresponding to file-system FS that can be passed to the
158 (($ <file-system> device title mount-point type flags options _ _ check?)
159 (list (if (uuid? device)
160 (uuid-bytevector device)
162 title mount-point type flags options check?))))
164 (define (spec->file-system sexp)
165 "Deserialize SEXP, a list, to the corresponding <file-system> object."
167 ((device title mount-point type flags options check?)
169 (device device) (title title)
170 (mount-point mount-point) (type type)
171 (flags flags) (options options)
174 (define (specification->file-system-mapping spec writable?)
175 "Read the SPEC and return the corresponding <file-system-mapping>. SPEC is
176 a string of the form \"SOURCE\" or \"SOURCE=TARGET\". The former specifies
177 that SOURCE from the host should be mounted at SOURCE in the other system.
178 The latter format specifies that SOURCE from the host should be mounted at
179 TARGET in the other system."
180 (let ((index (string-index spec #\=)))
183 (source (substring spec 0 index))
184 (target (substring spec (+ 1 index)))
185 (writable? writable?))
189 (writable? writable?)))))
193 ;;; Common file systems.
196 (define %fuse-control-file-system
197 ;; Control file system for Linux' file systems in user-space (FUSE).
200 (mount-point "/sys/fs/fuse/connections")
204 (define %binary-format-file-system
205 ;; Support for arbitrary executable binary format.
207 (device "binfmt_misc")
208 (mount-point "/proc/sys/fs/binfmt_misc")
213 ;; ID of the 'tty' group. Allocate it statically to make it easy to refer
214 ;; to it from here and from the 'tty' group definitions.
217 (define %pseudo-terminal-file-system
218 ;; The pseudo-terminal file system. It needs to be mounted so that
219 ;; statfs(2) returns DEVPTS_SUPER_MAGIC like libc's getpt(3) expects (and
220 ;; thus openpty(3) and its users, such as xterm.)
223 (mount-point "/dev/pts")
226 (needed-for-boot? #f)
227 (create-mount-point? #t)
228 (options (string-append "gid=" (number->string %tty-gid) ",mode=620"))))
230 (define %shared-memory-file-system
234 (mount-point "/dev/shm")
237 (flags '(no-suid no-dev))
238 (options "size=50%") ;TODO: make size configurable
239 (create-mount-point? #t)))
241 (define %immutable-store
242 ;; Read-only store to avoid users or daemons accidentally modifying it.
243 ;; 'guix-daemon' has provisions to remount it read-write in its own name
246 (device (%store-prefix))
247 (mount-point (%store-prefix))
250 (flags '(read-only bind-mount))))
252 (define %control-groups
253 (let ((parent (file-system
255 (mount-point "/sys/fs/cgroup")
259 (map (lambda (subsystem)
262 (mount-point (string-append "/sys/fs/cgroup/" subsystem))
266 (create-mount-point? #t)
268 ;; This must be mounted after, and unmounted before the
270 (dependencies (list parent))))
271 '("cpuset" "cpu" "cpuacct" "memory" "devices" "freezer"
272 "blkio" "perf_event" "hugetlb")))))
274 (define %elogind-file-systems
275 ;; We don't use systemd, but these file systems are needed for elogind,
276 ;; which was extracted from systemd.
279 (mount-point "/run/systemd")
282 (flags '(no-suid no-dev no-exec))
283 (options "mode=0755")
284 (create-mount-point? #t))
287 (mount-point "/run/user")
290 (flags '(no-suid no-dev no-exec))
291 (options "mode=0755")
292 (create-mount-point? #t))
293 ;; Elogind uses cgroups to organize processes, allowing it to map PIDs
294 ;; to sessions. Elogind's cgroup hierarchy isn't associated with any
295 ;; resource controller ("subsystem").
298 (mount-point "/sys/fs/cgroup/elogind")
301 (options "none,name=elogind")
302 (create-mount-point? #t)
303 (dependencies (list (car %control-groups))))))
305 (define %base-file-systems
306 ;; List of basic file systems to be mounted. Note that /proc and /sys are
307 ;; currently mounted by the initrd.
308 (append (list %pseudo-terminal-file-system
309 %shared-memory-file-system
313 ;; File systems for Linux containers differ from %base-file-systems in that
314 ;; they impose additional restrictions such as no-exec or need different
315 ;; options to function properly.
317 ;; The file system flags and options conform to the libcontainer
319 ;; https://github.com/docker/libcontainer/blob/master/SPEC.md#filesystem
320 (define %container-file-systems
322 ;; Pseudo-terminal file system.
325 (mount-point "/dev/pts")
327 (flags '(no-exec no-suid))
328 (needed-for-boot? #t)
329 (create-mount-point? #t)
331 (options "newinstance,ptmxmode=0666,mode=620"))
332 ;; Shared memory file system.
335 (mount-point "/dev/shm")
337 (flags '(no-exec no-suid no-dev))
338 (options "mode=1777,size=65536k")
339 (needed-for-boot? #t)
340 (create-mount-point? #t)
342 ;; Message queue file system.
345 (mount-point "/dev/mqueue")
347 (flags '(no-exec no-suid no-dev))
348 (needed-for-boot? #t)
349 (create-mount-point? #t)
354 ;;; Shared file systems, for VMs/containers.
357 ;; Mapping of host file system SOURCE to mount point TARGET in the guest.
358 (define-record-type* <file-system-mapping> file-system-mapping
359 make-file-system-mapping
361 (source file-system-mapping-source) ;string
362 (target file-system-mapping-target) ;string
363 (writable? file-system-mapping-writable? ;Boolean
366 (define (file-system-mapping->bind-mount mapping)
367 "Return a file system that realizes MAPPING, a <file-system-mapping>, using
370 (($ <file-system-mapping> source target writable?)
377 '(bind-mount read-only)))
379 (create-mount-point? #t)))))
381 (define %store-mapping
382 ;; Mapping of the host's store into the guest.
384 (source (%store-prefix))
385 (target (%store-prefix))
388 (define %network-configuration-files
389 ;; List of essential network configuration files.
395 (define %network-file-mappings
396 ;; List of file mappings for essential network files.
397 (filter-map (lambda (file)
401 ;; XXX: On some GNU/Linux systems, /etc/resolv.conf is a
402 ;; symlink to a file in a tmpfs which, for an unknown reason,
403 ;; cannot be bind mounted read-only within the container.
404 (writable? (string=? file "/etc/resolv.conf"))))
405 %network-configuration-files))
407 (define (file-system-type-predicate type)
408 "Return a predicate that, when passed a file system, returns #t if that file
409 system has the given TYPE."
411 (string=? (file-system-type fs) type)))
413 ;;; file-systems.scm ends here