mirror of
https://codeberg.org/guix/guix.git
synced 2026-01-25 12:05:19 -06:00
73da0e3a23
* gnu/build/linux-container.scm (mount-file-systems): First remount all filesystems in the current mount namespace as private (by mounting / with MS_PRIVATE and MS_REC), so that the set of mounts cannot increase except from within the container. Also, the tmpfs mounted over the chroot directory now inherits the chroot directory's permissions (p11-kit, for example, has a test that assumes that the root directory is not writable for the current user, and tmpfs is by default 1777 when created). * guix/build/syscalls.scm (MS_PRIVATE, MS_REC): new variables. |
||
|---|---|---|
| .. | ||
| accounts.scm | ||
| activation.scm | ||
| bootloader.scm | ||
| cross-toolchain.scm | ||
| file-systems.scm | ||
| install.scm | ||
| linux-boot.scm | ||
| linux-container.scm | ||
| linux-initrd.scm | ||
| linux-modules.scm | ||
| locale.scm | ||
| marionette.scm | ||
| shepherd.scm | ||
| svg.scm | ||
| vm.scm | ||