mirror of
https://github.com/NixOS/nix.git
synced 2025-11-11 04:56:01 +01:00
Disable suid and atime on the /nix mount point on Darwin
The Determinate Nix Installer has set nosuid and noatime in https://github.com/DeterminateSystems/nix-installer/pull/1338, and figured this perf and security improvement is worthy of upstreaming.
The /nix volume shouldn't have setuid binaries anyway, and filesystems seem to generally be noatime on macOS.
Further, the garbage collector doesn't use atime.
(cherry picked from commit 4137ead7a1)
This commit is contained in:
Graham Christensen
Mergify
parent
e0c8b0fc4f
commit
56332fda1c
1 changed files with 1 additions and 1 deletions
|
|
@ -463,7 +463,7 @@ EOF
|
|||
|
||||
EDITOR="$SCRATCH/ex_cleanroom_wrapper" _sudo "to add nix to fstab" "$@" <<EOF
|
||||
:a
|
||||
UUID=$uuid $escaped_mountpoint apfs rw,noauto,nobrowse,suid,owners
|
||||
UUID=$uuid $escaped_mountpoint apfs rw,noauto,nobrowse,nosuid,noatime,owners
|
||||
.
|
||||
:x
|
||||
EOF
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue