Unverified Commit 2f3a80c9 authored by Morgan Jones's avatar Morgan Jones
Browse files

stage-2-init: fix false positives for RO Nix store mounts 

We need to take the "top" mount instead of any mount, which is the last
line printed by findmnt. Additionally, make the regex more strict, so we
don't select mount options ending in ro (like `errors=remount-ro` from
ext4, or overlay paths ending in 'ro') and accidentally leave the Nix
store RW after boot.
parent 189200a1

nixos/modules/system/boot/stage-2-init.sh

+2 −1
Original line number Diff line number Diff line
@@ -69,7 +69,8 @@ fi 
chown -f 0:30000 /nix/store

chmod -f 1775 /nix/store

if [ -n "@readOnlyNixStore@" ]; then

    if ! [[ "$(findmnt --noheadings --output OPTIONS /nix/store)" =~ ro(,|$) ]]; then

    # #375257: Ensure that we pick the "top" (i.e. last) mount so we don't get a false positive for a lower mount.

    if ! [[ "$(findmnt --direction backward --first-only --noheadings --output OPTIONS /nix/store)" =~ (^|,)ro(,|$) ]]; then

        if [ -z "$container" ]; then

            mount --bind /nix/store /nix/store

        else