mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-22 04:57:56 +03:00
Set stricter permissions on /nix/store
The nixbld group doesn't need read permission, it only needs write and
execute permission.
(cherry picked from commit 066758758e
)
This commit is contained in:
parent
a2dc00c177
commit
224d0d5302
@ -128,7 +128,7 @@ mkdir -m 0755 -p \
|
||||
$mountPoint/nix/var/nix/db \
|
||||
$mountPoint/nix/var/log/nix/drvs
|
||||
|
||||
mkdir -m 1775 -p $mountPoint/nix/store
|
||||
mkdir -m 1735 -p $mountPoint/nix/store
|
||||
chown root:nixbld $mountPoint/nix/store
|
||||
|
||||
|
||||
|
@ -53,7 +53,7 @@ echo "booting system configuration $systemConfig" > /dev/kmsg
|
||||
# Silence chown/chmod to fail gracefully on a readonly filesystem
|
||||
# like squashfs.
|
||||
chown -f 0:30000 /nix/store
|
||||
chmod -f 1775 /nix/store
|
||||
chmod -f 1735 /nix/store
|
||||
if [ -n "@readOnlyStore@" ]; then
|
||||
if ! readonly-mountpoint /nix/store; then
|
||||
mount --bind /nix/store /nix/store
|
||||
|
Loading…
Reference in New Issue
Block a user