amaharaneko/guix-mirrors
1
1
Fork 0
mirror of https://codeberg.org/guix/guix.git synced 2025-10-02 02:15:12 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
guix-mirrors/etc/guix-daemon.service.in
Ingar d2c71bfd72
etc: guix-daemon.service.in: Mitigate mount race condition 
This mitigates a race condition described in #576. The 'Type=exec'
option ensures that systemd only starts follow-up units after the
guix-daemon binary has started. By then, the mount points are collected
in a private namespace and will not be affected. Without this option,
'gnu-store.mount' could win the race and remount everything read-only
before guix-daemon has acquired a read-write view.

Fixes #2270

* etc/guix-daemon.service.in: Mitigate mount race condition

Change-Id: I5d28ebc38b0c10e6d2aa8e65353757ef13d5bad3
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2025-08-29 17:43:35 +02:00

54 lines
2 KiB
SYSTEMD
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# This is a "service unit file" for the systemd init system to launch
# 'guix-daemon'. Drop it in /etc/systemd/system or similar to have
# 'guix-daemon' automatically started.
[Unit]
Description=Build daemon for GNU Guix
# Start before 'gnu-store.mount' to get a writable view of the store.
Before=gnu-store.mount
[Service]
ExecStart=@localstatedir@/guix/profiles/per-user/root/current-guix/bin/guix-daemon \
--discover=no \
--substitute-urls='@GUIX_SUBSTITUTE_URLS@'
Environment='GUIX_STATE_DIRECTORY=@localstatedir@/guix' 'GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale' LC_ALL=en_US.utf8
# Run under a dedicated unprivileged user account.
User=guix-daemon
# Bind-mount the store read-write in a private namespace, to counter the
# effect of 'gnu-store.mount'.
PrivateMounts=true
BindPaths=@storedir@
# Disable host file system mount propagation to keep service view of the
# store read-write after 'gnu-store.mount' makes it read-only system-wide.
MountFlags=private
# Mitigate race condition between guix-daemon and 'gnu-store.mount'.
# Dependent units will only start after daemon binary is started AND THUS
# the mount point is acquired in a private namespace.
Type=exec
# Provide the CAP_CHOWN capability so that guix-daemon can create and chown
# /var/guix/profiles/per-user/$USER and also chown failed build directories
# when using '--keep-failed'. Note that guix-daemon explicitly drops ambient
# capabilities before executing build processes so they don't inherit them.
AmbientCapabilities=CAP_CHOWN
StandardOutput=journal
StandardError=journal
# Work around a nasty systemd feature that kills the entire process tree
# (including the daemon!) if any child, such as cc1plus, runs out of memory.
OOMPolicy=continue
# Despite the name, this is rate-limited: a broken daemon will eventually fail.
Restart=always
# See <https://lists.gnu.org/archive/html/guix-devel/2016-04/msg00608.html>.
# Some package builds (for example, go@1.8.1) may require even more than
# 1024 tasks.
TasksMax=8192
[Install]
WantedBy=multi-user.target
Reference in a new issue View git blame Copy permalink