From 4ab5646417e3cc606281f71027c12ddced8b65b4 Mon Sep 17 00:00:00 2001
From: Shea Levy <shea@shealevy.com>
Date: Tue, 11 Feb 2014 07:00:10 -0500
Subject: Add a keys group with read access to /run/keys

This allows processes running as unprivileged users access to keys they might need
---
 nixos/modules/system/boot/stage-2-init.sh | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'nixos/modules/system/boot/stage-2-init.sh')

diff --git a/nixos/modules/system/boot/stage-2-init.sh b/nixos/modules/system/boot/stage-2-init.sh
index e0ff258c0eec..b749172a3ff3 100644
--- a/nixos/modules/system/boot/stage-2-init.sh
+++ b/nixos/modules/system/boot/stage-2-init.sh
@@ -136,7 +136,8 @@ fi
 # elsehwere)
 if ! mountpoint -q /run/keys; then
     rm -rf /run/keys
-    mkdir -m 0700 /run/keys
+    mkdir -m 0750 /run/keys
+    chown root:keys /run/keys
     mount -t ramfs none /run/keys
 fi
 
-- 
cgit 1.4.1