mirror of
https://github.com/NixOS/nix
synced 2025-06-25 10:41:16 +02:00
Disable suid and atime on the /nix mount point on Darwin
The Determinate Nix Installer has set nosuid and noatime in https://github.com/DeterminateSystems/nix-installer/pull/1338, and figured this perf and security improvement is worthy of upstreaming.
The /nix volume shouldn't have setuid binaries anyway, and filesystems seem to generally be noatime on macOS.
Further, the garbage collector doesn't use atime.
(cherry picked from commit 4137ead7a1)
This commit is contained in:
Graham Christensen
Mergify
parent
85a4f62400
commit
6e9281be6d
1 changed files with 1 additions and 1 deletions
|
|
@ -463,7 +463,7 @@ EOF
|
|||
|
||||
EDITOR="$SCRATCH/ex_cleanroom_wrapper" _sudo "to add nix to fstab" "$@" <<EOF
|
||||
:a
|
||||
UUID=$uuid $escaped_mountpoint apfs rw,noauto,nobrowse,suid,owners
|
||||
UUID=$uuid $escaped_mountpoint apfs rw,noauto,nobrowse,nosuid,noatime,owners
|
||||
.
|
||||
:x
|
||||
EOF
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue