Skip to content

Commit

Permalink
etc-overlay: mount the metadata image read-only
Browse files Browse the repository at this point in the history
On recent kernels (> 6.12 ?) we get the following warning otherwise:
`mount: /tmp/nixos-etc-metadata.aHpRhO5sC4: WARNING: source write-protected, mounted read-only.`
  • Loading branch information
r-vdp authored and Mic92 committed Dec 2, 2024
1 parent 9a94085 commit 013143f
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion nixos/modules/system/etc/etc-activation.nix
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@
where = "/run/etc-metadata";
what = "/etc-metadata-image";
type = "erofs";
options = "loop";
options = "loop,ro";
unitConfig = {
# Since this unit depends on the nix store being mounted, it cannot
# be a dependency of local-fs.target, because if it did, we'd have
Expand Down
2 changes: 1 addition & 1 deletion nixos/modules/system/etc/etc.nix
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ in
echo "remounting /etc..."
tmpMetadataMount=$(mktemp --directory -t nixos-etc-metadata.XXXXXXXXXX)
mount --type erofs ${config.system.build.etcMetadataImage} $tmpMetadataMount
mount --type erofs -o ro ${config.system.build.etcMetadataImage} $tmpMetadataMount
# Mount the new /etc overlay to a temporary private mount.
# This needs the indirection via a private bind mount because you
Expand Down

0 comments on commit 013143f

Please sign in to comment.