mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-23 06:26:15 +02:00
b9124a5c33
It turns out that the immutable bit doesn't work all that well. A better way is to make the entire Nix store a read-only bind mount, i.e. by doing $ mount --bind /nix/store /nix/store $ mount -o remount,ro,bind /nix/store (This would typically done in an early boot script, before anything from /nix/store is used.) Since Nix needs to be able to write to the Nix store, it now detects if /nix/store is a read-only bind mount and then makes it writable in a private mount namespace. |
||
---|---|---|
.. | ||
bin2c | ||
boost | ||
bsdiff-4.3 | ||
libexpr | ||
libmain | ||
libstore | ||
libutil | ||
nix-env | ||
nix-hash | ||
nix-instantiate | ||
nix-log2xml | ||
nix-setuid-helper | ||
nix-store | ||
nix-worker | ||
Makefile.am |