nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-04-13 10:07:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

etc-overlay: mount the metadata image read-only (#360756)

Browse Source
This commit is contained in:
Jörg Thalheim 2024-12-09 20:10:00 +01:00 committed by GitHub
commit 1ac98af94b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/system/etc/etc-activation.nix
View File

@ -36,7 +36,7 @@
where = "/run/etc-metadata";
what = "/etc-metadata-image";
type = "erofs";
options = "loop";
options = "loop,ro";
unitConfig = {
# Since this unit depends on the nix store being mounted, it cannot
# be a dependency of local-fs.target, because if it did, we'd have

2
nixos/modules/system/etc/etc.nix
View File

@ -232,7 +232,7 @@ in
echo "remounting /etc..."
tmpMetadataMount=$(mktemp --directory -t nixos-etc-metadata.XXXXXXXXXX)
mount --type erofs ${config.system.build.etcMetadataImage} $tmpMetadataMount
mount --type erofs -o ro ${config.system.build.etcMetadataImage} $tmpMetadataMount
# Mount the new /etc overlay to a temporary private mount.
# This needs the indirection via a private bind mount because you