etc: guix-daemon.service.in: Disable host filesystem mount propagation.

This fixes issue for rootless guix daemon where store being remounted read-only by gnu-store.mount is propagated to the guix daemon making guix daemon not able to modify it. * etc/guix-daemon.service.in: Disable host filesystem mount propagation. Change-Id: Ib1abc387ee15d2b04d6f70c121244943cd0ad8c6 Signed-off-by: Ludovic Courtès <ludo@gnu.org> Modified-by: Ludovic Courtès <ludo@gnu.org>
author: Ivan Popovych <ivan@ipvych.com> 2025-06-14 17:42:15 +0300
committer: Ludovic Courtès <ludo@gnu.org> 2025-07-01 22:34:40 +0200
commit: 5db599f41a14550ea2595e2caed966d75bcd8ae6 (patch)
tree: 612d479f40e0ead59042b4655c1b628387c6c32f /etc
parent: dd7e39ccfdd23a388dfa6b7665de466691bc6cda (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/etc/guix-daemon.service.in b/etc/guix-daemon.service.in
index 6a5ef97f9b..6e534771c6 100644
--- a/etc/guix-daemon.service.in
+++ b/etc/guix-daemon.service.in
@@ -21,6 +21,9 @@ User=guix-daemon
 # effect of 'gnu-store.mount'.
 PrivateMounts=true
 BindPaths=@storedir@
+# Disable host file system mount propagation to keep service view of the
+# store read-write after 'gnu-store.mount' makes it read-only system-wide.
+MountFlags=private
 
 # Provide the CAP_CHOWN capability so that guix-daemon can create and chown
 # /var/guix/profiles/per-user/$USER and also chown failed build directories
author	Ivan Popovych <ivan@ipvych.com>	2025-06-14 17:42:15 +0300
committer	Ludovic Courtès <ludo@gnu.org>	2025-07-01 22:34:40 +0200
commit	5db599f41a14550ea2595e2caed966d75bcd8ae6 (patch)
tree	612d479f40e0ead59042b4655c1b628387c6c32f /etc
parent	dd7e39ccfdd23a388dfa6b7665de466691bc6cda (diff)