gador/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stage-2-init: fix false positives for RO Nix store mounts

Browse Source 
We need to take the "top" mount instead of any mount, which is the last
line printed by findmnt. Additionally, make the regex more strict, so we
don't select mount options ending in ro (like `errors=remount-ro` from
ext4, or overlay paths ending in 'ro') and accidentally leave the Nix
store RW after boot.
This commit is contained in:
Morgan Jones
2025-01-19 23:03:17 -08:00
parent 189200a18d
commit 2f3a80c96f
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
nixos/modules/system/boot/stage-2-init.sh
View File

@@ -69,7 +69,8 @@ fi
chown -f 0:30000 /nix/store
chmod -f 1775 /nix/store
if [ -n "@readOnlyNixStore@" ]; then
if ! [[ "$(findmnt --noheadings --output OPTIONS /nix/store)" =~ ro(,|$) ]]; then
# #375257: Ensure that we pick the "top" (i.e. last) mount so we don't get a false positive for a lower mount.
if ! [[ "$(findmnt --direction backward --first-only --noheadings --output OPTIONS /nix/store)" =~ (^|,)ro(,|$) ]]; then
if [ -z "$container" ]; then
mount --bind /nix/store /nix/store
else