From 6dc99317fb581d99f1298ca67fc79ee121676b3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Sat, 18 Jan 2014 22:04:30 +0100 Subject: [PATCH] doc: List what's in the chroot. * doc/guix.texi (Setting Up the Daemon): List what's in the chroot. --- doc/guix.texi | 33 ++++++++++++++++++++++++++------- 1 file changed, 26 insertions(+), 7 deletions(-) diff --git a/doc/guix.texi b/doc/guix.texi index 2c40fa83f3..a637614fbb 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -229,13 +229,32 @@ The @code{guix-daemon} program may then be run as @code{root} with: @noindent This way, the daemon starts build processes in a chroot, under one of the @code{guix-builder} users. On GNU/Linux, by default, the chroot -environment contains nothing but the @code{/dev} and @code{/proc} -directories@footnote{On some systems @code{/dev/shm}, which supports -shared memory, is a symlink to another directory such as -@code{/run/shm}, that is @emph{not} is the chroot. When that is the -case, shared memory support is unavailable in the chroot environment. -The workaround is to make sure that @file{/dev/shm} is directly a -@code{tmpfs} mount point.}. +environment contains nothing but: + +@c Keep this list in sync with libstore/build.cc! ----------------------- +@itemize +@item +the @code{/dev} and @code{/proc} directories@footnote{On some systems +@code{/dev/shm}, which supports shared memory, is a symlink to another +directory such as @code{/run/shm}, that is @emph{not} is the chroot. +When that is the case, shared memory support is unavailable in the +chroot environment. The workaround is to make sure that @file{/dev/shm} +is directly a @code{tmpfs} mount point.}; + +@item +@file{/etc/passwd} with an entry for the current user and an entry for +user @file{nobody}; + +@item +@file{/etc/group} with an entry for the user's group; + +@item +@file{/etc/hosts} with an entry that maps @code{localhost} to +@code{127.0.0.1}; + +@item +a writable @file{/tmp} directory. +@end itemize Finally, you may want to generate a key pair to allow the daemon to export signed archives of files from the store (@pxref{Invoking guix