diff --git a/nixos-modules/genode-core.nix b/nixos-modules/genode-core.nix index 84ff944..e355895 100644 --- a/nixos-modules/genode-core.nix +++ b/nixos-modules/genode-core.nix @@ -253,6 +253,26 @@ in { usb = rumpExt2; }.${config.genode.boot.storeBackend}; + persistencePolicies = lib.mapAttrsToList (name: _: '' + , Init.Config.Policy::{ + , service = "File_system" + , label = Genode.Init.LabelSelector.prefix + "nixos -> ${name}" + , attributes = toMap { root = "/services", writeable = "yes" } + } + '') (filterAttrs (_: child: child.fsPersistence) + config.genode.init.children); + + storePolicies = map (name: '' + , Init.Config.Policy::{ + , service = "File_system" + , label = + Init.LabelSelector.Type.Partial + { prefix = Some "nixos -> ${name}", suffix = Some "nix-store" } + , attributes = toMap { root = "/nix/store", writeable = "no" } + } + '') (builtins.attrNames config.genode.init.children); + in builtins.toFile "store_fs.dhall" '' let Genode = env:DHALL_GENODE @@ -260,6 +280,14 @@ in { let VFS = Genode.VFS + let persistencePolicies = [ ${ + toString persistencePolicies + } ] : List Init.Config.Policy.Type + + let storePolicies = [ ${ + toString storePolicies + } ] : List Init.Config.Policy.Type + in Init.Child.flat Init.Child.Attributes::{ , binary = "vfs" @@ -268,16 +296,11 @@ in { , content = [ ${storeVfsConfig} ] , policies = [ Init.Config.Policy::{ - , service = "File_system" - , label = Init.LabelSelector.suffix "nix-store" - , attributes = toMap { root = "/nix/store" } - } - , Init.Config.Policy::{ , service = "File_system" , label = Init.LabelSelector.prefix "store_rom" , attributes = toMap { root = "/" } } - ] + ] # persistencePolicies # storePolicies } } ''; diff --git a/nixos-modules/genode-init.nix b/nixos-modules/genode-init.nix index 1268dd0..9f26d85 100644 --- a/nixos-modules/genode-init.nix +++ b/nixos-modules/genode-init.nix @@ -68,6 +68,16 @@ in { ''; }; + fsPersistence = lib.mkOption { + type = types.bool; + default = false; + description = '' + Whether this child will have access to mutable and persistent storage. + This space is shared among all components for which this option is available + and UNIX permission bits are not honored. + ''; + }; + configFile = mkOption { type = types.path; description = '' diff --git a/nixos-modules/systemd-runner.dhall b/nixos-modules/systemd-runner.dhall index 588c703..765c6ff 100644 --- a/nixos-modules/systemd-runner.dhall +++ b/nixos-modules/systemd-runner.dhall @@ -20,6 +20,7 @@ in λ ( params , binary : Text , coreutils : Text , extraVfs : List XML.Type + , fsPersistence : Bool , interface : Optional Text , ramQuotaMiB : Natural } @@ -90,10 +91,20 @@ in λ ( params [ VFS.fs VFS.FS::{ , label = "nix-store" + , writeable = "no" } ] ] ] + # ( if params.fsPersistence + then [ VFS.fs + VFS.FS::{ + , label = "peristence" + , writeable = "yes" + } + ] + else [ VFS.leaf "ram" ] + ) # params.extraVfs ) ] diff --git a/nixos-modules/systemd.nix b/nixos-modules/systemd.nix index 127f8b7..149ffe7 100644 --- a/nixos-modules/systemd.nix +++ b/nixos-modules/systemd.nix @@ -5,7 +5,8 @@ with lib; { type = types.attrsOf (types.submodule ({ name, config, ... }: { options.genode = { - enable = lib.mkEnableOption "systemd unit to a Genode subsystem translation"; + enable = + lib.mkEnableOption "systemd unit to a Genode subsystem translation"; interface = lib.mkOption { type = with types; nullOr str; @@ -32,6 +33,16 @@ with lib; { description = "RAM quota in MiB"; }; + fsPersistence = lib.mkOption { + type = types.bool; + default = false; + description = '' + Whether this service will have access to mutable and persistent storage. + This space is shared among all services for which this option is available + and UNIX permission bits are not honored. + ''; + }; + }; })); }; @@ -56,6 +67,7 @@ with lib; { vfs vfs_pipe ]; + inherit (service.genode) fsPersistence; configFile = let args = lib.strings.splitString " " (toString service.serviceConfig.ExecStart); @@ -66,6 +78,7 @@ with lib; { "None Text" else ''Some "${service.genode.interface}"''; + toBool = cond: if cond then "True" else "False"; in pkgs.writeText "${name'}.dhall" '' ${./systemd-runner.dhall} { , args = ${args'} @@ -73,10 +86,11 @@ with lib; { , coreutils = "${pkgs.coreutils}" , extraVfs = ${ if service.genode.extraVfs == null then - "[] : List (env:DHALL_PRELUDE).XML.Type" + "[] : List (env:DHALL_GENODE).Prelude.XML.Type" else service.genode.extraVfs } + , fsPersistence = ${toBool service.genode.fsPersistence} , interface = ${interface} , ramQuotaMiB = ${toString service.genode.ramQuota} }