public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Set stricter permissions on /nix/store

Browse Source 
The nixbld group doesn't need read permission, it only needs write and
execute permission.

(cherry picked from commit 066758758e7c0768ff8da51d208cdae0f33b368c)
This commit is contained in:
Eelco Dolstra 2015-01-08 16:57:34 +01:00 committed by Vladimír Čunát
parent a2dc00c177
commit 224d0d5302
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/installer/tools/nixos-install.sh
View File

@ -128,7 +128,7 @@ mkdir -m 0755 -p \
$mountPoint/nix/var/nix/db \ $mountPoint/nix/var/nix/db \
$mountPoint/nix/var/log/nix/drvs $mountPoint/nix/var/log/nix/drvs
mkdir -m 1775 -p $mountPoint/nix/store mkdir -m 1735 -p $mountPoint/nix/store
chown root:nixbld $mountPoint/nix/store chown root:nixbld $mountPoint/nix/store

2
nixos/modules/system/boot/stage-2-init.sh
View File

@ -53,7 +53,7 @@ echo "booting system configuration $systemConfig" > /dev/kmsg
# Silence chown/chmod to fail gracefully on a readonly filesystem # Silence chown/chmod to fail gracefully on a readonly filesystem
# like squashfs. # like squashfs.
chown -f 0:30000 /nix/store chown -f 0:30000 /nix/store
chmod -f 1775 /nix/store chmod -f 1735 /nix/store
if [ -n "@readOnlyStore@" ]; then if [ -n "@readOnlyStore@" ]; then
if ! readonly-mountpoint /nix/store; then if ! readonly-mountpoint /nix/store; then
mount --bind /nix/store /nix/store mount --bind /nix/store /nix/store