The Linux kernel has a notion of device mapping: a block device,
such as a hard disk partition, can be mapped into another device,
with additional processing over the data that flows through
typical example is encryption device mapping: all writes to the mapped
device are encrypted, and all reads are deciphered, transparently.
Guix extends this notion by considering any device or set of devices that
are transformed in some way to create a new device; for instance,
RAID devices are obtained by assembling several other devices, such
as hard disks or partitions, into a new one that behaves as one partition.
Other examples, not yet implemented, are LVM logical volumes.
Mapped devices are declared using the
defined as follows; for examples, see below.
Objects of this type represent device mappings that will be made when the system boots up.
This is either a string specifying the name of the block device to be mapped,
"/dev/sda3", or a list of such strings when several devices
need to be assembled for creating a new one.
This string specifies the name of the resulting mapped device. For
kernel mappers such as encrypted devices of type
"my-partition" leads to the creation of
For RAID devices of type
raid-device-mapping, the full device name
"/dev/md0" needs to be given.
This must be a
mapped-device-kind object, which specifies how
source is mapped to target.
This defines LUKS block device encryption using the
command from the package with the same name. It relies on the
dm-crypt Linux kernel module.
This defines a RAID device, which is assembled using the
command from the package with the same name. It requires a Linux kernel
module for the appropriate RAID level to be loaded, such as
for RAID-4, RAID-5 or RAID-6, or
raid10 for RAID-10.
The following example specifies a mapping from /dev/sda3 to
/dev/mapper/home using LUKS—the
Linux Unified Key Setup, a
standard mechanism for disk encryption.
device can then be used as the
device of a
declaration (see File Systems).
(mapped-device (source "/dev/sda3") (target "home") (type luks-device-mapping))
Alternatively, to become independent of device numbering, one may obtain the LUKS UUID (unique identifier) of the source device by a command like:
cryptsetup luksUUID /dev/sda3
and use it as follows:
(mapped-device (source (uuid "cb67fc72-0d54-4c88-9d4b-b225f30b0f44")) (target "home") (type luks-device-mapping))
It is also desirable to encrypt swap space, since swap space may contain sensitive data. One way to accomplish that is to use a swap file in a file system on a device mapped via LUKS encryption. In this way, the swap file is encrypted because the entire device is encrypted. See Disk Partitioning, for an example.
A RAID device formed of the partitions /dev/sda1 and /dev/sdb1 may be declared as follows:
(mapped-device (source (list "/dev/sda1" "/dev/sdb1")) (target "/dev/md0") (type raid-device-mapping))
The /dev/md0 device can then be used as the
device of a
file-system declaration (see File Systems).
Note that the RAID level need not be given; it is chosen during the
initial creation and formatting of the RAID device and is determined
Note that the GNU Hurd makes no difference between the concept of a “mapped device” and that of a file system: both boil down to translating input/output operations made on a file to operations on its backing store. Thus, the Hurd implements mapped devices, like file systems, using the generic translator mechanism (see Translators in The GNU Hurd Reference Manual).