From d2c71bfd72fb54121d76de0ca38af967e6d71740 Mon Sep 17 00:00:00 2001 From: Ingar Date: Tue, 26 Aug 2025 21:12:57 +0200 Subject: [PATCH] etc: guix-daemon.service.in: Mitigate mount race condition MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This mitigates a race condition described in #576. The 'Type=exec' option ensures that systemd only starts follow-up units after the guix-daemon binary has started. By then, the mount points are collected in a private namespace and will not be affected. Without this option, 'gnu-store.mount' could win the race and remount everything read-only before guix-daemon has acquired a read-write view. Fixes #2270 * etc/guix-daemon.service.in: Mitigate mount race condition Change-Id: I5d28ebc38b0c10e6d2aa8e65353757ef13d5bad3 Signed-off-by: Ludovic Courtès --- etc/guix-daemon.service.in | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/etc/guix-daemon.service.in b/etc/guix-daemon.service.in index 6e534771c68..88929fa904e 100644 --- a/etc/guix-daemon.service.in +++ b/etc/guix-daemon.service.in @@ -24,6 +24,10 @@ BindPaths=@storedir@ # Disable host file system mount propagation to keep service view of the # store read-write after 'gnu-store.mount' makes it read-only system-wide. MountFlags=private +# Mitigate race condition between guix-daemon and 'gnu-store.mount'. +# Dependent units will only start after daemon binary is started AND THUS +# the mount point is acquired in a private namespace. +Type=exec # Provide the CAP_CHOWN capability so that guix-daemon can create and chown # /var/guix/profiles/per-user/$USER and also chown failed build directories