diff options
| author | aszlig <aszlig@nix.build> | 2019-03-27 20:27:02 +0100 |
|---|---|---|
| committer | aszlig <aszlig@nix.build> | 2019-03-27 20:34:32 +0100 |
| commit | 52299bccf5a56f6af8a204a71c908c7b7623facb (patch) | |
| tree | ae3f8ad9c75cb67bac351f157ca38a5857502088 | |
| parent | 861a1cec60e202a2a2d17fd61bbfae0264168115 (diff) | |
| download | nixpkgs-52299bccf5a56f6af8a204a71c908c7b7623facb.tar nixpkgs-52299bccf5a56f6af8a204a71c908c7b7623facb.tar.gz nixpkgs-52299bccf5a56f6af8a204a71c908c7b7623facb.tar.bz2 nixpkgs-52299bccf5a56f6af8a204a71c908c7b7623facb.tar.lz nixpkgs-52299bccf5a56f6af8a204a71c908c7b7623facb.tar.xz nixpkgs-52299bccf5a56f6af8a204a71c908c7b7623facb.tar.zst nixpkgs-52299bccf5a56f6af8a204a71c908c7b7623facb.zip | |
nixos/confinement: Use PrivateMounts option
So far we had MountFlags = "private", but as @Infinisil has correctly noticed, there is a dedicated PrivateMounts option, which does exactly that and is better integrated than providing raw mount flags. When checking for the reason why I used MountFlags instead of PrivateMounts, I found that at the time I wrote the initial version of this module (Mar 12 06:15:58 2018 +0100) the PrivateMounts option didn't exist yet and has been added to systemd in Jun 13 08:20:18 2018 +0200. Signed-off-by: aszlig <aszlig@nix.build>
| -rw-r--r-- | nixos/modules/security/systemd-confinement.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/security/systemd-confinement.nix b/nixos/modules/security/systemd-confinement.nix index 31b07b1b03d..cd4eb81dbe1 100644 --- a/nixos/modules/security/systemd-confinement.nix +++ b/nixos/modules/security/systemd-confinement.nix @@ -107,7 +107,7 @@ in { serviceConfig = { RootDirectory = pkgs.runCommand rootName {} "mkdir \"$out\""; TemporaryFileSystem = "/"; - MountFlags = lib.mkDefault "private"; + PrivateMounts = lib.mkDefault true; # https://github.com/NixOS/nixpkgs/issues/14645 is a future attempt # to change some of these to default to true. |