talexander/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Releases Activity

nixos/shutdown: Create /run/initramfs with mode 0700

Browse Source
This commit is contained in:
Will Fancher 2025-04-02 15:56:28 -04:00
parent 93b98639dd
commit c9ea864d6f
2 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/modules/system/boot/systemd/shutdown.nix
View File

@ -52,6 +52,7 @@ in
what = "tmpfs"; what = "tmpfs";
where = "/run/initramfs"; where = "/run/initramfs";
type = "tmpfs"; type = "tmpfs";
options = "mode=0700";
} }
]; ];

8
nixos/tests/systemd-shutdown.nix
View File

@ -23,6 +23,8 @@ import ./make-test-python.nix (
}; };
testScript = '' testScript = ''
# Check that 'generate-shutdown-ramfs.service' is started
# automatically and that 'systemd-shutdown' runs our script.
machine.wait_for_unit("multi-user.target") machine.wait_for_unit("multi-user.target")
# .shutdown() would wait for the machine to power off # .shutdown() would wait for the machine to power off
machine.succeed("systemctl poweroff") machine.succeed("systemctl poweroff")
@ -31,6 +33,12 @@ import ./make-test-python.nix (
machine.wait_for_console_text("${msg}") machine.wait_for_console_text("${msg}")
# Don't try to sync filesystems # Don't try to sync filesystems
machine.wait_for_shutdown() machine.wait_for_shutdown()
# In a separate boot, start 'generate-shutdown-ramfs.service'
# manually in order to check the permissions on '/run/initramfs'.
machine.systemctl("start generate-shutdown-ramfs.service")
stat = machine.succeed("stat --printf=%a:%u:%g /run/initramfs")
assert stat == "700:0:0", f"Improper permissions on /run/initramfs: {stat}"
''; '';
} }
) )