diff options
| author | Domen Kožar <domen@dev.si> | 2016-09-01 20:57:51 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2016-09-01 20:57:51 +0200 |
| commit | a6670c1a0b8cda8235296900cff950f39f60cf4f (patch) | |
| tree | b76ac329a908e68000627d21334bcecbf20f619a /nixos/doc/manual | |
| parent | 78cd9f8ebc36a387fc75ebb03317707a283f43a4 (diff) | |
| download | nixlib-a6670c1a0b8cda8235296900cff950f39f60cf4f.tar nixlib-a6670c1a0b8cda8235296900cff950f39f60cf4f.tar.gz nixlib-a6670c1a0b8cda8235296900cff950f39f60cf4f.tar.bz2 nixlib-a6670c1a0b8cda8235296900cff950f39f60cf4f.tar.lz nixlib-a6670c1a0b8cda8235296900cff950f39f60cf4f.tar.xz nixlib-a6670c1a0b8cda8235296900cff950f39f60cf4f.tar.zst nixlib-a6670c1a0b8cda8235296900cff950f39f60cf4f.zip | |
Fixes #18124: atomically replace /var/setuid-wrappers/ (#18186)
Before this commit updating /var/setuid-wrappers/ folder introduced a small window where NixOS activation scripts could be terminated and resulted into empty /var/setuid-wrappers/ folder. That's very unfortunate because one might lose sudo binary. Instead we use two atomic operations mv and ln (as described in https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/) to achieve atomicity. Since /var/setuid-wrappers is not a directory anymore, tmpfs mountpoints were removed in installation scripts and in boot process. Tested: - upgrade /var/setuid-wrappers/ from folder to a symlink - make sure /run/setuid-wrappers-dirs/ legacy symlink is really deleted
Diffstat (limited to 'nixos/doc/manual')
| -rw-r--r-- | nixos/doc/manual/release-notes/rl-1609.xml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-1609.xml b/nixos/doc/manual/release-notes/rl-1609.xml index 78b57dddf076..70759ee25f86 100644 --- a/nixos/doc/manual/release-notes/rl-1609.xml +++ b/nixos/doc/manual/release-notes/rl-1609.xml @@ -58,6 +58,14 @@ following incompatible changes:</para> </listitem> <listitem> + <para>/var/setuid-wrappers/ + <link xlink:href="https://github.com/NixOS/nixpkgs/pull/18124">is now a symlink so + it can be atomically updated</link> + and it's not mounted as tmpfs anymore since setuid binaries are located on /run/ as tmpfs. + </para> + </listitem> + + <listitem> <para>Gitlab's maintainence script gitlab-runner was removed and split up into the more clearer gitlab-run and gitlab-rake scripts because gitlab-runner is a component of Gitlab CI.</para> </listitem> |