diff options
author | Eelco Dolstra <edolstra@gmail.com> | 2018-02-07 17:59:04 +0100 |
---|---|---|
committer | Eelco Dolstra <edolstra@gmail.com> | 2018-02-07 17:59:04 +0100 |
commit | da702a4034a14f6ea106a9ac5e4ed4cabfc2ef00 (patch) | |
tree | 01b5580aa121364f4db44f5e71adf73b64f017c5 /nixos/modules/installer | |
parent | 16bdaf3d036fed3321d26e5b1ed7b2a5f67b2a51 (diff) | |
download | nixlib-da702a4034a14f6ea106a9ac5e4ed4cabfc2ef00.tar nixlib-da702a4034a14f6ea106a9ac5e4ed4cabfc2ef00.tar.gz nixlib-da702a4034a14f6ea106a9ac5e4ed4cabfc2ef00.tar.bz2 nixlib-da702a4034a14f6ea106a9ac5e4ed4cabfc2ef00.tar.lz nixlib-da702a4034a14f6ea106a9ac5e4ed4cabfc2ef00.tar.xz nixlib-da702a4034a14f6ea106a9ac5e4ed4cabfc2ef00.tar.zst nixlib-da702a4034a14f6ea106a9ac5e4ed4cabfc2ef00.zip |
nixos-enter: Don't require root
Of course, you'll get a bunch of warnings from the activation script: $ nixos-enter --root /tmp/mnt/ setting up /etc... mount: /dev: permission denied. mount: /dev/pts: permission denied. mount: /dev/shm: permission denied. mount: /sys: permission denied. /nix/var/nix/profiles/system/activate: line 74: /proc/sys/kernel/modprobe: Permission denied chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/dbus-daemon-launch-helper': Invalid argument NOTE: Under Linux, effective file capabilities must either be empty, or exactly match the union of selected permitted and inheritable bits. Failed to set capabilities on file `/run/wrappers/wrappers.0pKlU8JsvV/ping' (Operation not permitted) chown: changing ownership of '/run/wrappers/wrappers.0pKlU8JsvV/unix_chkpwd': Invalid argument [root@nixos:/]#
Diffstat (limited to 'nixos/modules/installer')
-rw-r--r-- | nixos/modules/installer/tools/nixos-enter.sh | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/nixos/modules/installer/tools/nixos-enter.sh b/nixos/modules/installer/tools/nixos-enter.sh index fcd0c54f5db9..122d9fdcd29b 100644 --- a/nixos/modules/installer/tools/nixos-enter.sh +++ b/nixos/modules/installer/tools/nixos-enter.sh @@ -4,13 +4,14 @@ set -e # Re-exec ourselves in a private mount namespace so that our bind # mounts get cleaned up automatically. -if [ "$(id -u)" = 0 ]; then - if [ -z "$NIXOS_ENTER_REEXEC" ]; then - export NIXOS_ENTER_REEXEC=1 - exec unshare --mount --uts -- "$0" "$@" - else - mount --make-rprivate / +if [ -z "$NIXOS_ENTER_REEXEC" ]; then + export NIXOS_ENTER_REEXEC=1 + if [ "$(id -u)" != 0 ]; then + extraFlags="-r" fi + exec unshare --fork --mount --uts --mount-proc --pid $extraFlags -- "$0" "$@" +else + mount --make-rprivate / fi mountPoint=/mnt @@ -54,6 +55,6 @@ mkdir -m 0755 -p "$mountPoint/dev" mount --rbind /dev "$mountPoint/dev" # Run the activation script. Set $LOCALE_ARCHIVE to supress some Perl locale warnings. -LOCALE_ARCHIVE=$system/sw/lib/locale/locale-archive chroot "$mountPoint" "$system/activate" >&2 +LOCALE_ARCHIVE=$system/sw/lib/locale/locale-archive chroot "$mountPoint" "$system/activate" >&2 || true exec chroot "$mountPoint" "${command[@]}" |