nixos/filesystems: don't chown /run/keys recursively
3c74e48d9c
was a bit too much, it updated
permissions of all files recursively, causing files to be readable by
the group.
This isn't a problem immediately after bootup, but on a new activation,
as tmpfiles.d get restarted then, updating the permission bits of
now-existing files.
This updates the `Z` to be a `z` (the non-recursive variant), and adds a
`d` to ensure a directory is created (which should be covered by the
initrd shell script anyway)
This commit is contained in:
parent
9eaf6f5f5c
commit
4c8bdd1c4f
@ -305,7 +305,8 @@ in
|
||||
in listToAttrs (map formatDevice (filter (fs: fs.autoFormat) fileSystems));
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"Z /run/keys 0750 root ${toString config.ids.gids.keys}"
|
||||
"d /run/keys 0750 root ${toString config.ids.gids.keys}"
|
||||
"z /run/keys 0750 root ${toString config.ids.gids.keys}"
|
||||
];
|
||||
|
||||
# Sync mount options with systemd's src/core/mount-setup.c: mount_table.
|
||||
|
Loading…
Reference in New Issue
Block a user