diff options
author | Jörg Thalheim <Mic92@users.noreply.github.com> | 2017-10-11 14:59:13 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-10-11 14:59:13 +0100 |
commit | 659c7484d1dbfb193085586bd8db8dc6260287f1 (patch) | |
tree | 407b01a708e157efd4cb93ff3f53b14427d1870f /nixos | |
parent | fb7f35db5f6e2c959b5c3deb3edff7ae1fc6633d (diff) | |
parent | 70c3f56bdd37b58f6dfd1a61403835233339819b (diff) | |
download | nixlib-659c7484d1dbfb193085586bd8db8dc6260287f1.tar nixlib-659c7484d1dbfb193085586bd8db8dc6260287f1.tar.gz nixlib-659c7484d1dbfb193085586bd8db8dc6260287f1.tar.bz2 nixlib-659c7484d1dbfb193085586bd8db8dc6260287f1.tar.lz nixlib-659c7484d1dbfb193085586bd8db8dc6260287f1.tar.xz nixlib-659c7484d1dbfb193085586bd8db8dc6260287f1.tar.zst nixlib-659c7484d1dbfb193085586bd8db8dc6260287f1.zip |
Merge pull request #30312 from florianjacob/locatedb-fix-systemd-path-capabilities
locatedb: fix startup fail due to systemd path capabilities
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/misc/locate.nix | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/nixos/modules/misc/locate.nix b/nixos/modules/misc/locate.nix index 0fe91435ce8c..51953d1110c4 100644 --- a/nixos/modules/misc/locate.nix +++ b/nixos/modules/misc/locate.nix @@ -125,13 +125,16 @@ in { warnings = optional (isMLocate && cfg.localuser != null) "mlocate does not support searching as user other than root" ++ optional (isFindutils && cfg.pruneNames != []) "findutils locate does not support pruning by directory component" ++ optional (isFindutils && cfg.pruneBindMounts) "findutils locate does not support skipping bind mounts"; - + + # directory creation needs to be separated from main service + # because ReadWritePaths fails when the directory doesn't already exist + systemd.tmpfiles.rules = [ "d ${dirOf cfg.output} 0755 root root -" ]; + systemd.services.update-locatedb = { description = "Update Locate Database"; path = mkIf (!isMLocate) [ pkgs.su ]; script = '' - mkdir -m 0755 -p ${dirOf cfg.output} exec ${cfg.locate}/bin/updatedb \ ${optionalString (cfg.localuser != null && ! isMLocate) ''--localuser=${cfg.localuser}''} \ --output=${toString cfg.output} ${concatStringsSep " " cfg.extraFlags} @@ -147,8 +150,13 @@ in { serviceConfig.PrivateTmp = "yes"; serviceConfig.PrivateNetwork = "yes"; serviceConfig.NoNewPrivileges = "yes"; - serviceConfig.ReadOnlyDirectories = "/"; - serviceConfig.ReadWriteDirectories = dirOf cfg.output; + serviceConfig.ReadOnlyPaths = "/"; + # Use dirOf cfg.output because mlocate creates temporary files next to + # the actual database. We could specify and create them as well, + # but that would make this quite brittle when they change something. + # NOTE: If /var/cache does not exist, this leads to the misleading error message: + # update-locatedb.service: Failed at step NAMESPACE spawning …/update-locatedb-start: No such file or directory + serviceConfig.ReadWritePaths = dirOf cfg.output; }; systemd.timers.update-locatedb = |