diff options
| author | Shea Levy <shea@shealevy.com> | 2014-02-11 07:00:10 -0500 |
|---|---|---|
| committer | Shea Levy <shea@shealevy.com> | 2014-02-11 07:00:10 -0500 |
| commit | 4ab5646417e3cc606281f71027c12ddced8b65b4 (patch) | |
| tree | add9660ab03d4f30ef0c00872ef795bfa80b617b /nixos/modules/system/boot/stage-2-init.sh | |
| parent | 8f64e74414e683767e5c603a57007de45c0b0501 (diff) | |
| download | nixlib-4ab5646417e3cc606281f71027c12ddced8b65b4.tar nixlib-4ab5646417e3cc606281f71027c12ddced8b65b4.tar.gz nixlib-4ab5646417e3cc606281f71027c12ddced8b65b4.tar.bz2 nixlib-4ab5646417e3cc606281f71027c12ddced8b65b4.tar.lz nixlib-4ab5646417e3cc606281f71027c12ddced8b65b4.tar.xz nixlib-4ab5646417e3cc606281f71027c12ddced8b65b4.tar.zst nixlib-4ab5646417e3cc606281f71027c12ddced8b65b4.zip | |
Add a keys group with read access to /run/keys
This allows processes running as unprivileged users access to keys they might need
Diffstat (limited to 'nixos/modules/system/boot/stage-2-init.sh')
| -rw-r--r-- | nixos/modules/system/boot/stage-2-init.sh | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh index e0ff258c0eec..b749172a3ff3 100644 --- a/nixos/modules/system/boot/stage-2-init.sh +++ b/nixos/modules/system/boot/stage-2-init.sh @@ -136,7 +136,8 @@ fi # elsehwere) if ! mountpoint -q /run/keys; then rm -rf /run/keys - mkdir -m 0700 /run/keys + mkdir -m 0750 /run/keys + chown root:keys /run/keys mount -t ramfs none /run/keys fi |