nixos-init.nix: Remove /tmp -o noexec

2019-03-11 14:38:07 +01:00 · 2019-03-11 14:38:07 +01:00 · c6374e0931
commit c6374e0931
parent ac49df440f
1 changed files with 3 additions and 3 deletions
--- a/src/nix/modules/service/nixos-init.nix
+++ b/src/nix/modules/service/nixos-init.nix
@ -29,9 +29,9 @@ in
      "/sys/fs/cgroup:/sys/fs/cgroup:ro"
    ];
    service.tmpfs = [
-      "/tmp"
-      "/run"
-      "/run/wrappers"
+      "/tmp:exec,mode=777"
+      "/run"          # noexec is fine because exes should be symlinked from elsewhere anyway
+      "/run/wrappers" # noexec breaks this intentionally
    ];
    service.stop_signal = "SIGRTMIN+3";
    service.tty = true;