9553106832
Consider ZFS filesystems meant to be mounted with zfs.mount(8), e.g. ``` config.fileSystems."/media".options = [ "zfsutil" ]; config.fileSystems."/nix".options = [ "zfsutil" ]; ``` `zfsutil` uses dataset properties as mount options such that zfsprops(7) do not have to be duplicated in fstab(5) entries or manual mount(8) invocations. Given the example configuation above, /media is correctly mounted with `setuid=off` translated into `nosuid`: ``` $ zfs get -Ho value setuid /media off $ findmnt -t zfs -no options /media rw,nosuid,nodev,noexec,noatime,xattr,posixacl ``` /nix however was mounted with default mount(8) options: ``` $ zfs get -Ho value setuid /nix off $ findmnt -t zfs -no options /nix rw,relatime,xattr,noacl ``` This holds true for all other ZFS properties/mount options, including `exec/[no]exec`, `devices/[no]dev`, `atime/[no]atime`, etc. /nix is mounted using BusyBox's `mount` during stage 1 init while /media is mounted later using proper systemd and/or util-linux's `mount`. Tracing stage 1 init showed that BusyBox never tried to execute mount.zfs(8) as intended by `zfsutil`. Replacing it with util-linux's `mount` and adding the mount helper showed attempts to execute mount.zfs(8). Ensure ZFS filesystems are mounted with correct options iff `zfsutil` is used. |
||
|---|---|---|
| .. | ||
| doc | ||
| lib | ||
| maintainers | ||
| modules | ||
| tests | ||
| COPYING | ||
| default.nix | ||
| README | ||
| release-combined.nix | ||
| release-small.nix | ||
| release.nix | ||
*** NixOS *** NixOS is a Linux distribution based on the purely functional package management system Nix. More information can be found at https://nixos.org/nixos and in the manual in doc/manual.