From b9124a5c336fd231adaa548cf5be311731847848 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Wed, 19 Sep 2012 15:45:29 -0400
Subject: Support having /nix/store as a read-only bind mount

It turns out that the immutable bit doesn't work all that well.  A
better way is to make the entire Nix store a read-only bind mount,
i.e. by doing

  $ mount --bind /nix/store /nix/store
  $ mount -o remount,ro,bind /nix/store

(This would typically done in an early boot script, before anything
from /nix/store is used.)

Since Nix needs to be able to write to the Nix store, it now detects
if /nix/store is a read-only bind mount and then makes it writable in
a private mount namespace.
---
 src/libstore/local-store.hh | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/libstore/local-store.hh')

diff --git a/src/libstore/local-store.hh b/src/libstore/local-store.hh
index d2b13d6a9028..8899873a72c6 100644
--- a/src/libstore/local-store.hh
+++ b/src/libstore/local-store.hh
@@ -228,6 +228,8 @@ private:
 
     void openDB(bool create);
 
+    void makeStoreWritable();
+
     unsigned long long queryValidPathId(const Path & path);
 
     unsigned long long addValidPath(const ValidPathInfo & info, bool checkOutputs = true);
-- 
cgit 1.4.1