03/03: gnu: system: Add Linux container file systems.

guix-commits

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

03/03: gnu: system: Add Linux container file systems.

From:	David Thompson
Subject:	03/03: gnu: system: Add Linux container file systems.
Date:	Thu, 09 Jul 2015 13:01:38 +0000

davexunit pushed a commit to branch master
in repository guix.

commit c829bc80bd288bc9f3c926bfff69baf06a8c6e62
Author: David Thompson <address@hidden>
Date:   Sun Jun 28 00:42:16 2015 -0400

    gnu: system: Add Linux container file systems.
    
    * gnu/system/file-systems.scm (%container-file-systems): New variable.
---
 gnu/system/file-systems.scm |   40 ++++++++++++++++++++++++++++++++++++++++
 1 files changed, 40 insertions(+), 0 deletions(-)

diff --git a/gnu/system/file-systems.scm b/gnu/system/file-systems.scm
index b33f826..a06c173 100644
--- a/gnu/system/file-systems.scm
+++ b/gnu/system/file-systems.scm
@@ -45,6 +45,7 @@
             %control-groups
 
             %base-file-systems
+            %container-file-systems
 
             mapped-device
             mapped-device?
@@ -198,6 +199,45 @@ initrd code."
                 %immutable-store)
           %control-groups))
 
+;; File systems for Linux containers differ from %base-file-systems in that
+;; they impose additional restrictions such as no-exec or need different
+;; options to function properly.
+;;
+;; The file system flags and options conform to the libcontainer
+;; specification:
+;; https://github.com/docker/libcontainer/blob/master/SPEC.md#filesystem
+(define %container-file-systems
+  (list
+   ;; Psuedo-terminal file system.
+   (file-system
+     (device "none")
+     (mount-point "/dev/pts")
+     (type "devpts")
+     (flags '(no-exec no-suid))
+     (needed-for-boot? #t)
+     (create-mount-point? #t)
+     (check? #f)
+     (options "newinstance,ptmxmode=0666,mode=620"))
+   ;; Shared memory file system.
+   (file-system
+     (device "tmpfs")
+     (mount-point "/dev/shm")
+     (type "tmpfs")
+     (flags '(no-exec no-suid no-dev))
+     (options "mode=1777,size=65536k")
+     (needed-for-boot? #t)
+     (create-mount-point? #t)
+     (check? #f))
+   ;; Message queue file system.
+   (file-system
+     (device "mqueue")
+     (mount-point "/dev/mqueue")
+     (type "mqueue")
+     (flags '(no-exec no-suid no-dev))
+     (needed-for-boot? #t)
+     (create-mount-point? #t)
+     (check? #f))))
+
 
 
 ;;;

[Prev in Thread]

Current Thread

[Next in Thread]

branch master updated (9f04196 -> c829bc8), David Thompson, 2015/07/09
- 01/03: build: file-systems: Import (guix build syscalls) for non-static Guiles., David Thompson, 2015/07/09
- 02/03: gnu: build: Add Linux container module., David Thompson, 2015/07/09
- 03/03: gnu: system: Add Linux container file systems., David Thompson <=

Prev by Date: 02/03: gnu: build: Add Linux container module.
Next by Date: branch master updated (c829bc8 -> 4e3fc54)
Previous by thread: 02/03: gnu: build: Add Linux container module.
Next by thread: branch master updated (c829bc8 -> 4e3fc54)
Index(es):
- Date
- Thread