Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
nixos/qemu-vm: Option to use squashfs Nix store closure instead of virtfs access to host's store #72354
Motivation for this change
Allow VMs built with
This allows better isolation of guests. A host that runs multiple VMs may not wish the guests to be able to see each others' derivations.
When the store is not shared, the closure used in the VM it is packaged up in a squashfs, just like the ISO installer does.
This allows other parts of this .nix file to know which disk will end up in which position. Presently, there is only one sometimes-there sometimes-not disk -- the boot disk. But the following commit which adds the shareNixStore option adds a second sometimes-there sometimes-not disk, and also needs to know what device name that disk will have inside the VM, which is determined by the device order. This change allows device names to be determined. (We will need to know the device name inside the VM because squashfs does not support volume labels or UUIDs. Feature requests about that: https://sourceforge.net/p/squashfs/feature-requests/36/ plougher/squashfs-tools#59 )