diff options
author | Domen Kožar <domen@dev.si> | 2016-09-06 17:14:50 +0200 |
---|---|---|
committer | Domen Kožar <domen@dev.si> | 2016-09-06 20:13:33 +0200 |
commit | 3877ec5b2ff7436f4962ac0fe3200833cf78cb8b (patch) | |
tree | 8ea7276ba5e1a4e4c27da160aa8717ea1c80d3cd /nixos/modules/system/activation | |
parent | 9ab141ce273940e65f5243022d34740e4aa005d0 (diff) | |
download | nixlib-3877ec5b2ff7436f4962ac0fe3200833cf78cb8b.tar nixlib-3877ec5b2ff7436f4962ac0fe3200833cf78cb8b.tar.gz nixlib-3877ec5b2ff7436f4962ac0fe3200833cf78cb8b.tar.bz2 nixlib-3877ec5b2ff7436f4962ac0fe3200833cf78cb8b.tar.lz nixlib-3877ec5b2ff7436f4962ac0fe3200833cf78cb8b.tar.xz nixlib-3877ec5b2ff7436f4962ac0fe3200833cf78cb8b.tar.zst nixlib-3877ec5b2ff7436f4962ac0fe3200833cf78cb8b.zip |
Make /var/empty immutable
Fixes #14910 and #18358 Deployed to an existing server, restarted sshd and polkit to verify they don't fail.
Diffstat (limited to 'nixos/modules/system/activation')
-rw-r--r-- | nixos/modules/system/activation/activation-script.nix | 18 |
1 files changed, 13 insertions, 5 deletions
diff --git a/nixos/modules/system/activation/activation-script.nix b/nixos/modules/system/activation/activation-script.nix index 1c587413121e..47550ae76a66 100644 --- a/nixos/modules/system/activation/activation-script.nix +++ b/nixos/modules/system/activation/activation-script.nix @@ -12,11 +12,14 @@ let ''; }); - path = map getBin - [ pkgs.coreutils pkgs.gnugrep pkgs.findutils - pkgs.glibc # needed for getent - pkgs.shadow - pkgs.nettools # needed for hostname + path = with pkgs; map getBin + [ coreutils + gnugrep + findutils + glibc # needed for getent + shadow + nettools # needed for hostname + e2fsprogs # needed for chattr ]; in @@ -137,8 +140,13 @@ in mkdir -m 1777 -p /var/tmp + # Make sure it's really empty + chattr -i /var/empty + rm -rf /var/empty + # Empty, read-only home directory of many system accounts. mkdir -m 0555 -p /var/empty + chattr +i /var/empty ''; system.activationScripts.usrbinenv = if config.environment.usrbinenv != null |