From 3ca275d7ba92900fa793d4c9bf017e38394fcfec Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Thu, 15 Jan 2015 17:51:43 +0100
Subject: [PATCH] NixOS containers: Create /root with 700 permission

Systemd-nspawn creates /root with 755 permission if it doesn't exist,
which is bad. So we have to create it ourselves before calling
systemd-nspawn.
---
 nixos/modules/virtualisation/containers.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nixos/modules/virtualisation/containers.nix b/nixos/modules/virtualisation/containers.nix
index 3b7f3e248d5..075ec0ea227 100644
--- a/nixos/modules/virtualisation/containers.nix
+++ b/nixos/modules/virtualisation/containers.nix
@@ -194,7 +194,7 @@ in
         script =
           ''
             mkdir -p -m 0755 "$root/etc" "$root/var/lib"
-            mkdir -p -m 0700 "$root/var/lib/private"
+            mkdir -p -m 0700 "$root/var/lib/private" "$root/root"
             if ! [ -e "$root/etc/os-release" ]; then
               touch "$root/etc/os-release"
             fi