nixos/systemd-tmpfiles: create /etc/mtab via environmemt.etc instead of tmpfiles

This enables an immutable /etc via `system.etc.overlay.mutable = false`.
This commit is contained in:
nikstur 2024-08-07 16:09:52 +02:00
parent b663d72f08
commit 9e720a5881
3 changed files with 10 additions and 2 deletions

View File

@ -200,6 +200,10 @@ in
rm -f $out/${removePrefix "tmpfiles.d/" name}
'') config.system.build.etc.passthru.targets;
}) + "/*";
"mtab" = {
mode = "direct-symlink";
source = "/proc/mounts";
};
};
systemd.tmpfiles.packages = [
@ -244,13 +248,11 @@ in
"L+ /nix/var/nix/gcroots/booted-system 0755 root root - /run/booted-system"
"d /run/lock 0755 root root - -"
"d /var/db 0755 root root - -"
"L /etc/mtab - - - - ../proc/mounts"
"L /var/lock - - - - ../run/lock"
# Boot-time cleanup
"R! /etc/group.lock - - - - -"
"R! /etc/passwd.lock - - - - -"
"R! /etc/shadow.lock - - - - -"
"R! /etc/mtab* - - - - -"
"R! /nix/var/nix/gcroots/tmp - - - - -"
"R! /nix/var/nix/temproots - - - - -"
];

View File

@ -32,6 +32,9 @@
with subtest("direct symlinks point to the target without indirection"):
assert machine.succeed("readlink -n /etc/localtime") == "/etc/zoneinfo/Utc"
with subtest("/etc/mtab points to the right file"):
assert "/proc/mounts" == machine.succeed("readlink --no-newline /etc/mtab")
with subtest("Correct mode on the source password files"):
assert machine.succeed("stat -c '%a' /var/lib/nixos/etc/passwd") == "644\n"
assert machine.succeed("stat -c '%a' /var/lib/nixos/etc/group") == "644\n"

View File

@ -99,6 +99,9 @@ in {
with subtest("whether systemd-tmpfiles settings works"):
machine.succeed("[ -e /tmp/somefile ]")
with subtest("/etc/mtab"):
assert "/proc/mounts" == machine.succeed("readlink --no-newline /etc/mtab")
with subtest("whether automounting works"):
machine.fail("grep '/tmp2 tmpfs' /proc/mounts")
machine.succeed("touch /tmp2/x")