nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-26 00:43:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

nixos/doc: suggest mounting the ESP on /boot with umask=077

Browse Source 
This prevents world-readable access to /boot, which is a security issue
that systemd-boot warns about.

Fixes https://github.com/NixOS/nixpkgs/issues/279362.
This commit is contained in:
Bjørn Forsman 2024-04-01 14:19:41 +02:00
parent e17e60b273
commit 74c1547424
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
nixos/doc/manual/installation/installing.chapter.md
View File

@ -376,7 +376,7 @@ Use the following commands:
```ShellSession
# mkdir -p /mnt/boot
# mount /dev/disk/by-label/boot /mnt/boot
# mount -o umask=077 /dev/disk/by-label/boot /mnt/boot
```
3. If your machine has a limited amount of memory, you may want to
@ -572,7 +572,7 @@ With a partitioned disk.
# mkfs.fat -F 32 -n boot /dev/sda3 # (for UEFI systems only)
# mount /dev/disk/by-label/nixos /mnt
# mkdir -p /mnt/boot # (for UEFI systems only)
# mount /dev/disk/by-label/boot /mnt/boot # (for UEFI systems only)
# mount -o umask=077 /dev/disk/by-label/boot /mnt/boot # (for UEFI systems only)
# nixos-generate-config --root /mnt
# nano /mnt/etc/nixos/configuration.nix
# nixos-install