On Linux, make the Nix store really read-only by using the immutable bit

I was bitten one time too many by Python modifying the Nix store by creating *.pyc files when run as root. On Linux, we can prevent this by setting the immutable bit on files and directories (as in ‘chattr +i’). This isn't supported by all filesystems, so it's not an error if setting the bit fails. The immutable bit is cleared by the garbage collector before deleting a path. The only tricky aspect is in optimiseStore(), since it's forbidden to create hard links to an immutable file. Thus optimiseStore() temporarily clears the immutable bit before creating the link.
2025-07-07 10:11:47 +02:00 · 2012-02-15 01:31:56 +01:00 · 2012-02-15 01:31:56 +01:00 · bd013b6f98
commit bd013b6f98
parent 5e57047d87
7 changed files with 130 additions and 8 deletions
--- a/configure.ac
+++ b/configure.ac
@ -113,8 +113,8 @@ AC_LANG_POP(C++)
 # Check for chroot support (requires chroot() and bind mounts).
 AC_CHECK_FUNCS([chroot])
 AC_CHECK_FUNCS([unshare])
-AC_CHECK_HEADERS([sched.h], [], [], [])
-AC_CHECK_HEADERS([sys/param.h], [], [], [])
+AC_CHECK_HEADERS([sched.h])
+AC_CHECK_HEADERS([sys/param.h])
 AC_CHECK_HEADERS([sys/mount.h], [], [],
 [#ifdef HAVE_SYS_PARAM_H
 # include <sys/param.h>
@ -124,7 +124,7 @@ AC_CHECK_HEADERS([sys/mount.h], [], [],

 # Check for <locale>.
 AC_LANG_PUSH(C++)
-AC_CHECK_HEADERS([locale], [], [], [])
+AC_CHECK_HEADERS([locale])
 AC_LANG_POP(C++)


@ -138,9 +138,13 @@ AC_SUBST([bsddiff_compat_include])
 AC_CHECK_HEADERS([sys/personality.h])


+# Check for <linux/fs.h> (for immutable file support).
+AC_CHECK_HEADERS([linux/fs.h])
+
+
 # Check for tr1/unordered_set.
 AC_LANG_PUSH(C++)
-AC_CHECK_HEADERS([tr1/unordered_set], [], [], [])
+AC_CHECK_HEADERS([tr1/unordered_set])
 AC_LANG_POP(C++)