colin
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos-generate-config: preserve vfat filesystem mount permissions 

The default is to mount these world-readable, but that's a security risk
for the EFI System Partition.

Ref https://github.com/NixOS/nixpkgs/issues/279362.
This commit is contained in:
Bjørn Forsman 2024-04-01 14:14:34 +02:00
parent 7a8dac5cdf
commit e17e60b273
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
nixos/modules/installer/tools/nixos-generate-config.pl
View File

@ -453,6 +453,17 @@ EOF
}
}
# Preserve umask (fmask, dmask) settings for vfat filesystems.
# (The default is to mount these world-readable, but that's a security risk
# for the EFI System Partition.)
if ($fsType eq "vfat") {
for (@superOptions) {
if ($_ =~ /fmask|dmask/) {
push @extraOptions, $_;
}
}
}
# is this a stratis fs?
my $stableDevPath = findStableDevPath $device;
my $stratisPool;