From d4986b5fd3ee75d489828d8d7048d8eb60f14c21 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Wed, 23 Apr 2014 17:45:46 +0200
Subject: [PATCH] Don't create world-readable swapfiles

---
 nixos/modules/config/swap.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nixos/modules/config/swap.nix b/nixos/modules/config/swap.nix
index 427b2519cbd..ac1c32387c5 100644
--- a/nixos/modules/config/swap.nix
+++ b/nixos/modules/config/swap.nix
@@ -106,6 +106,7 @@ with utils;
                 if [ ! -e "${sw.device}" ]; then
                   fallocate -l ${toString sw.size}M "${sw.device}" ||
                     dd if=/dev/zero of="${sw.device}" bs=1M count=${toString sw.size}
+                  chmod 0600 ${sw.device}
                   mkswap ${sw.device}
                 fi
               '';