public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos/filesystems: don't chown /run/keys recursively

Browse Source 
3c74e48d9c8dbcede89a72ea18cd27def4b498a9 was a bit too much, it updated
permissions of all files recursively, causing files to be readable by
the group.

This isn't a problem immediately after bootup, but on a new activation,
as tmpfiles.d get restarted then, updating the permission bits of
now-existing files.

This updates the `Z` to be a `z` (the non-recursive variant), and adds a
`d` to ensure a directory is created (which should be covered by the
initrd shell script anyway)
This commit is contained in:
Florian Klink 2020-02-11 21:41:04 +01:00
parent 9eaf6f5f5c
commit 4c8bdd1c4f
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/modules/tasks/filesystems.nix
View File

@ -305,7 +305,8 @@ in
in listToAttrs (map formatDevice (filter (fs: fs.autoFormat) fileSystems)); in listToAttrs (map formatDevice (filter (fs: fs.autoFormat) fileSystems));
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"Z /run/keys 0750 root ${toString config.ids.gids.keys}" "d /run/keys 0750 root ${toString config.ids.gids.keys}"
"z /run/keys 0750 root ${toString config.ids.gids.keys}"
]; ];
# Sync mount options with systemd's src/core/mount-setup.c: mount_table. # Sync mount options with systemd's src/core/mount-setup.c: mount_table.