On Linux, make the Nix store really read-only by using the immutable bit
I was bitten one time too many by Python modifying the Nix store by creating *.pyc files when run as root. On Linux, we can prevent this by setting the immutable bit on files and directories (as in ‘chattr +i’). This isn't supported by all filesystems, so it's not an error if setting the bit fails. The immutable bit is cleared by the garbage collector before deleting a path. The only tricky aspect is in optimiseStore(), since it's forbidden to create hard links to an immutable file. Thus optimiseStore() temporarily clears the immutable bit before creating the link.
Showing
- configure.ac 8 additions, 4 deletionsconfigure.ac
- src/libstore/local-store.cc 7 additions, 0 deletionssrc/libstore/local-store.cc
- src/libstore/optimise-store.cc 24 additions, 2 deletionssrc/libstore/optimise-store.cc
- src/libutil/Makefile.am 2 additions, 2 deletionssrc/libutil/Makefile.am
- src/libutil/immutable.cc 67 additions, 0 deletionssrc/libutil/immutable.cc
- src/libutil/immutable.hh 19 additions, 0 deletionssrc/libutil/immutable.hh
- src/libutil/util.cc 3 additions, 0 deletionssrc/libutil/util.cc
Loading
Please register or sign in to comment