From da702a4034a14f6ea106a9ac5e4ed4cabfc2ef00 Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Wed, 7 Feb 2018 17:59:04 +0100 Subject: [PATCH] nixos-enter: Don't require root Of course, you'll get a bunch of warnings from the activation script: $ nixos-enter --root /tmp/mnt/ setting up /etc... mount: /dev: permission denied. mount: /dev/pts: permission denied. mount: /dev/shm: permission denied. mount: /sys: permission denied. /nix/var/nix/profiles/system/activate: line 74: /proc/sys/kernel/modprobe: Permission denied chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/dbus-daemon-launch-helper': Invalid argument NOTE: Under Linux, effective file capabilities must either be empty, or exactly match the union of selected permitted and inheritable bits. Failed to set capabilities on file `/run/wrappers/wrappers.0pKlU8JsvV/ping' (Operation not permitted) chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/unix_chkpwd': Invalid argument [root@nixos:/]# --- nixos/modules/installer/tools/nixos-enter.sh | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/nixos/modules/installer/tools/nixos-enter.sh b/nixos/modules/installer/tools/nixos-enter.sh index fcd0c54f5db9..122d9fdcd29b 100644 --- a/nixos/modules/installer/tools/nixos-enter.sh +++ b/nixos/modules/installer/tools/nixos-enter.sh @@ -4,13 +4,14 @@ set -e # Re-exec ourselves in a private mount namespace so that our bind # mounts get cleaned up automatically. -if [ "$(id -u)" = 0 ]; then - if [ -z "$NIXOS_ENTER_REEXEC" ]; then - export NIXOS_ENTER_REEXEC=1 - exec unshare --mount --uts -- "$0" "$@" - else - mount --make-rprivate / +if [ -z "$NIXOS_ENTER_REEXEC" ]; then + export NIXOS_ENTER_REEXEC=1 + if [ "$(id -u)" != 0 ]; then + extraFlags="-r" fi + exec unshare --fork --mount --uts --mount-proc --pid $extraFlags -- "$0" "$@" +else + mount --make-rprivate / fi mountPoint=/mnt @@ -54,6 +55,6 @@ mkdir -m 0755 -p "$mountPoint/dev" mount --rbind /dev "$mountPoint/dev" # Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings. -LOCALE_ARCHIVE=$system/sw/lib/locale/locale-archive chroot "$mountPoint" "$system/activate" >&2 +LOCALE_ARCHIVE=$system/sw/lib/locale/locale-archive chroot "$mountPoint" "$system/activate" >&2 || true exec chroot "$mountPoint" "${command[@]}"