diff options
author | Nikolay Amiantov <ab@fmap.me> | 2016-08-27 13:29:38 +0300 |
---|---|---|
committer | Nikolay Amiantov <ab@fmap.me> | 2016-08-27 13:38:20 +0300 |
commit | 6efcfe03ae4ef426b77a6827243433b5296613a4 (patch) | |
tree | d71e9494714de0dd1d4c5e05aedfa2c35d58a9e7 /nixos/modules/security | |
parent | 3f70fcd4c1512345a5a8a5e41da8a83839a1b16e (diff) | |
download | nixpkgs-6efcfe03ae4ef426b77a6827243433b5296613a4.tar nixpkgs-6efcfe03ae4ef426b77a6827243433b5296613a4.tar.gz nixpkgs-6efcfe03ae4ef426b77a6827243433b5296613a4.tar.bz2 nixpkgs-6efcfe03ae4ef426b77a6827243433b5296613a4.tar.lz nixpkgs-6efcfe03ae4ef426b77a6827243433b5296613a4.tar.xz nixpkgs-6efcfe03ae4ef426b77a6827243433b5296613a4.tar.zst nixpkgs-6efcfe03ae4ef426b77a6827243433b5296613a4.zip |
nixos filesystems: unify early filesystems handling
A new internal config option `fileSystems.<name>.early` is added to indicate that the filesystem needs to be loaded very early (i.e. in initrd). They are transformed to a shell script in `system.build.earlyMountScript` with calls to an undefined `specialMount` function, which is expected to be caller-specific. This option is used by stage-1, stage-2 and activation script to set up and remount those filesystems. Options for them are updated according to systemd defaults.
Diffstat (limited to 'nixos/modules/security')
-rw-r--r-- | nixos/modules/security/hidepid.nix | 19 |
1 files changed, 1 insertions, 18 deletions
diff --git a/nixos/modules/security/hidepid.nix b/nixos/modules/security/hidepid.nix index 8271578c55d..4917327d617 100644 --- a/nixos/modules/security/hidepid.nix +++ b/nixos/modules/security/hidepid.nix @@ -20,23 +20,6 @@ with lib; config = mkIf config.security.hideProcessInformation { users.groups.proc.gid = config.ids.gids.proc; - systemd.services.hidepid = { - wantedBy = [ "local-fs.target" ]; - after = [ "systemd-remount-fs.service" ]; - before = [ "local-fs-pre.target" "local-fs.target" "shutdown.target" ]; - wants = [ "local-fs-pre.target" ]; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - ExecStart = ''${pkgs.utillinux}/bin/mount -o remount,hidepid=2,gid=${toString config.ids.gids.proc} /proc''; - ExecStop = ''${pkgs.utillinux}/bin/mount -o remount,hidepid=0,gid=0 /proc''; - }; - - unitConfig = { - DefaultDependencies = false; - Conflicts = "shutdown.target"; - }; - }; + fileSystems."/proc".options = [ "hidepid=2" "gid=${toString config.ids.gids.proc}" ]; }; } |