environment: Add ‘--writable-root’ and default to read-only root.

This is an incompatible change where the root file system in ‘guix shell -C’ is now read-only by default. * guix/scripts/environment.scm (show-environment-options-help) (%options): Add ‘--writable-root’. * guix/scripts/environment.scm (setup-fhs): Invoke /sbin/ldconfig; moved from… (launch-environment): … here. (launch-environment/container): Add #:writable-root? and pass it to ‘call-with-container’. Move root file system setup to #:populate-file-system. (guix-environment*): Honor ‘--writable-root’. * tests/guix-environment-container.sh: Test it. * doc/guix.texi (Invoking guix shell): Document ‘--writable-root’. (Debugging Build Failures): Mention it before “rm /bin/sh”. Change-Id: I2e8517d6f01eb8093160bffc0f9f56071ad6fee6 Reviewed-by: Maxim Cournoyer <maxim.cournoyer@gmail.com>
2025-10-02 02:15:12 +00:00 · 2025-04-04 23:38:45 +02:00 · 2025-04-04 23:38:45 +02:00 · ce363c1dc7
commit ce363c1dc7
parent 7d28e6512c
3 changed files with 76 additions and 46 deletions
--- a/doc/guix.texi
+++ b/doc/guix.texi
@ -6481,6 +6481,10 @@ directory within the container.  If this is undesirable,
 be automatically shared and will change to the user's home directory
 within the container instead.  See also @option{--user}.

+@item --writable-root
+When using @option{--container}, this option makes the root file system
+writable (it is read-only by default).
+
@item --expose=@var{source}[=@var{target}]
@itemx --share=@var{source}[=@var{target}]
 For containers, @option{--expose} (resp. @option{--share}) exposes the
@ -14125,7 +14129,8 @@ environment, with ungrafted packages (@pxref{Security Updates}, for more
 info on grafts).

 To get closer to a container like that used by the build daemon, we can
-remove @file{/bin/sh}:
+remove @file{/bin/sh} (you'll first need to pass the
+@option{--writable-root} option to @command{guix shell}):

@example
 [env]# rm /bin/sh