mirror of
https://git.savannah.gnu.org/git/guix.git
synced 2025-01-18 21:46:35 +01:00
doc: List what's in the chroot.
* doc/guix.texi (Setting Up the Daemon): List what's in the chroot.
This commit is contained in:
parent
d43eb499a6
commit
6dc99317fb
1 changed files with 26 additions and 7 deletions
|
@ -229,13 +229,32 @@ The @code{guix-daemon} program may then be run as @code{root} with:
|
|||
@noindent
|
||||
This way, the daemon starts build processes in a chroot, under one of
|
||||
the @code{guix-builder} users. On GNU/Linux, by default, the chroot
|
||||
environment contains nothing but the @code{/dev} and @code{/proc}
|
||||
directories@footnote{On some systems @code{/dev/shm}, which supports
|
||||
shared memory, is a symlink to another directory such as
|
||||
@code{/run/shm}, that is @emph{not} is the chroot. When that is the
|
||||
case, shared memory support is unavailable in the chroot environment.
|
||||
The workaround is to make sure that @file{/dev/shm} is directly a
|
||||
@code{tmpfs} mount point.}.
|
||||
environment contains nothing but:
|
||||
|
||||
@c Keep this list in sync with libstore/build.cc! -----------------------
|
||||
@itemize
|
||||
@item
|
||||
the @code{/dev} and @code{/proc} directories@footnote{On some systems
|
||||
@code{/dev/shm}, which supports shared memory, is a symlink to another
|
||||
directory such as @code{/run/shm}, that is @emph{not} is the chroot.
|
||||
When that is the case, shared memory support is unavailable in the
|
||||
chroot environment. The workaround is to make sure that @file{/dev/shm}
|
||||
is directly a @code{tmpfs} mount point.};
|
||||
|
||||
@item
|
||||
@file{/etc/passwd} with an entry for the current user and an entry for
|
||||
user @file{nobody};
|
||||
|
||||
@item
|
||||
@file{/etc/group} with an entry for the user's group;
|
||||
|
||||
@item
|
||||
@file{/etc/hosts} with an entry that maps @code{localhost} to
|
||||
@code{127.0.0.1};
|
||||
|
||||
@item
|
||||
a writable @file{/tmp} directory.
|
||||
@end itemize
|
||||
|
||||
Finally, you may want to generate a key pair to allow the daemon to
|
||||
export signed archives of files from the store (@pxref{Invoking guix
|
||||
|
|
Loading…
Reference in a new issue