movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 06:00:33 +03:00
Code Activity

nixos/systemd-tmpfiles: create /etc/mtab via environmemt.etc instead of tmpfiles

Browse source 
This enables an immutable /etc via `system.etc.overlay.mutable = false`.
This commit is contained in:
nikstur 2024-08-07 16:09:52 +02:00
parent b663d72f08
commit 9e720a5881
3 changed files with 10 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
nixos/modules/system/boot/systemd/tmpfiles.nix
View file

@ -200,6 +200,10 @@ in
rm -f $out/${removePrefix "tmpfiles.d/" name} rm -f $out/${removePrefix "tmpfiles.d/" name}
'') config.system.build.etc.passthru.targets; '') config.system.build.etc.passthru.targets;
}) + "/*"; }) + "/*";
"mtab" = {
mode = "direct-symlink";
source = "/proc/mounts";
};
}; };
systemd.tmpfiles.packages = [ systemd.tmpfiles.packages = [
@ -244,13 +248,11 @@ in
"L+ /nix/var/nix/gcroots/booted-system 0755 root root - /run/booted-system" "L+ /nix/var/nix/gcroots/booted-system 0755 root root - /run/booted-system"
"d /run/lock 0755 root root - -" "d /run/lock 0755 root root - -"
"d /var/db 0755 root root - -" "d /var/db 0755 root root - -"
"L /etc/mtab - - - - ../proc/mounts"
"L /var/lock - - - - ../run/lock" "L /var/lock - - - - ../run/lock"
# Boot-time cleanup # Boot-time cleanup
"R! /etc/group.lock - - - - -" "R! /etc/group.lock - - - - -"
"R! /etc/passwd.lock - - - - -" "R! /etc/passwd.lock - - - - -"
"R! /etc/shadow.lock - - - - -" "R! /etc/shadow.lock - - - - -"
"R! /etc/mtab* - - - - -"
"R! /nix/var/nix/gcroots/tmp - - - - -" "R! /nix/var/nix/gcroots/tmp - - - - -"
"R! /nix/var/nix/temproots - - - - -" "R! /nix/var/nix/temproots - - - - -"
]; ];

3
nixos/tests/activation/etc-overlay-immutable.nix
View file

@ -32,6 +32,9 @@
with subtest("direct symlinks point to the target without indirection"): with subtest("direct symlinks point to the target without indirection"):
assert machine.succeed("readlink -n /etc/localtime") == "/etc/zoneinfo/Utc" assert machine.succeed("readlink -n /etc/localtime") == "/etc/zoneinfo/Utc"
with subtest("/etc/mtab points to the right file"):
assert "/proc/mounts" == machine.succeed("readlink --no-newline /etc/mtab")
with subtest("Correct mode on the source password files"): with subtest("Correct mode on the source password files"):
assert machine.succeed("stat -c '%a' /var/lib/nixos/etc/passwd") == "644\n" assert machine.succeed("stat -c '%a' /var/lib/nixos/etc/passwd") == "644\n"
assert machine.succeed("stat -c '%a' /var/lib/nixos/etc/group") == "644\n" assert machine.succeed("stat -c '%a' /var/lib/nixos/etc/group") == "644\n"

3
nixos/tests/misc.nix
View file

@ -99,6 +99,9 @@ in {
with subtest("whether systemd-tmpfiles settings works"): with subtest("whether systemd-tmpfiles settings works"):
machine.succeed("[ -e /tmp/somefile ]") machine.succeed("[ -e /tmp/somefile ]")
with subtest("/etc/mtab"):
assert "/proc/mounts" == machine.succeed("readlink --no-newline /etc/mtab")
with subtest("whether automounting works"): with subtest("whether automounting works"):
machine.fail("grep '/tmp2 tmpfs' /proc/mounts") machine.fail("grep '/tmp2 tmpfs' /proc/mounts")
machine.succeed("touch /tmp2/x") machine.succeed("touch /tmp2/x")