Support having /nix/store as a read-only bind mount

It turns out that the immutable bit doesn't work all that well. A better way is to make the entire Nix store a read-only bind mount, i.e. by doing $ mount --bind /nix/store /nix/store $ mount -o remount,ro,bind /nix/store (This would typically done in an early boot script, before anything from /nix/store is used.) Since Nix needs to be able to write to the Nix store, it now detects if /nix/store is a read-only bind mount and then makes it writable in a private mount namespace.
author: Eelco Dolstra <eelco.dolstra@logicblox.com> 2012-09-19T19·45-0400
committer: Eelco Dolstra <eelco.dolstra@logicblox.com> 2012-09-19T19·45-0400
commit: b9124a5c336fd231adaa548cf5be311731847848 (patch)
tree: 4512ebc47414036212e8b1e895147f6300124df4 /src/libstore/local-store.hh
parent: 76e88871b21c47c0216e160a5fb926f763ba64fe (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh
index d2b13d6a90..8899873a72 100644
--- a/src/libstore/local-store.hh
+++ b/src/libstore/local-store.hh
@@ -228,6 +228,8 @@ private:
 
     void openDB(bool create);
 
+    void makeStoreWritable();
+
     unsigned long long queryValidPathId(const Path & path);
 
     unsigned long long addValidPath(const ValidPathInfo & info, bool checkOutputs = true);
author	Eelco Dolstra <eelco.dolstra@logicblox.com>	2012-09-19T19·45-0400
committer	Eelco Dolstra <eelco.dolstra@logicblox.com>	2012-09-19T19·45-0400
commit	b9124a5c336fd231adaa548cf5be311731847848 (patch)
tree	4512ebc47414036212e8b1e895147f6300124df4 /src/libstore/local-store.hh
parent	76e88871b21c47c0216e160a5fb926f763ba64fe (diff)