+(define %immutable-store
+ ;; Read-only store to avoid users or daemons accidentally modifying it.
+ ;; 'guix-daemon' has provisions to remount it read-write in its own name
+ ;; space.
+ (file-system
+ (device (%store-prefix))
+ (mount-point (%store-prefix))
+ (type "none")
+ (check? #f)
+ (flags '(read-only bind-mount))))
+
+(define %control-groups
+ (let ((parent (file-system
+ (device "cgroup")
+ (mount-point "/sys/fs/cgroup")
+ (type "tmpfs")
+ (check? #f))))
+ (cons parent
+ (map (lambda (subsystem)
+ (file-system
+ (device "cgroup")
+ (mount-point (string-append "/sys/fs/cgroup/" subsystem))
+ (type "cgroup")
+ (check? #f)
+ (options subsystem)
+ (create-mount-point? #t)
+
+ ;; This must be mounted after, and unmounted before the
+ ;; parent directory.
+ (dependencies (list parent))))
+ '("cpuset" "cpu" "cpuacct" "memory" "devices" "freezer"
+ "blkio" "perf_event" "hugetlb")))))
+
+(define %elogind-file-systems
+ ;; We don't use systemd, but these file systems are needed for elogind,
+ ;; which was extracted from systemd.
+ (list (file-system
+ (device "none")
+ (mount-point "/run/systemd")
+ (type "tmpfs")
+ (check? #f)
+ (flags '(no-suid no-dev no-exec))
+ (options "mode=0755")
+ (create-mount-point? #t))
+ (file-system
+ (device "none")
+ (mount-point "/run/user")
+ (type "tmpfs")
+ (check? #f)
+ (flags '(no-suid no-dev no-exec))
+ (options "mode=0755")
+ (create-mount-point? #t))
+ ;; Elogind uses cgroups to organize processes, allowing it to map PIDs
+ ;; to sessions. Elogind's cgroup hierarchy isn't associated with any
+ ;; resource controller ("subsystem").
+ (file-system
+ (device "cgroup")
+ (mount-point "/sys/fs/cgroup/elogind")
+ (type "cgroup")
+ (check? #f)
+ (options "none,name=elogind")
+ (create-mount-point? #t)
+ (dependencies (list (car %control-groups))))))
+