diff options
author | rnhmjoj <rnhmjoj@inventati.org> | 2023-01-17 21:00:38 +0100 |
---|---|---|
committer | rnhmjoj <rnhmjoj@inventati.org> | 2023-01-19 20:50:17 +0100 |
commit | 2bc5625877e3abc803cdf37316b5a3af723f1fb7 (patch) | |
tree | 2b1f53fa1c0e53b8a2240c10bd71601a7aaf1bb0 /nixos/modules/installer | |
parent | 4f50411cfc6cb793479818dec6b88732474a4afe (diff) |
nixos-install: remove root requirement for bind mount
This moves the creation of the bind mount inside the `nixos-enter` invocation. The command are executed in an unshared mount namespace, so they can be run as an unprivileged user.
Diffstat (limited to 'nixos/modules/installer')
-rwxr-xr-x | nixos/modules/installer/tools/nixos-install.sh | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/nixos/modules/installer/tools/nixos-install.sh b/nixos/modules/installer/tools/nixos-install.sh index 9f609cefe6ead..20fec525e70bd 100755 --- a/nixos/modules/installer/tools/nixos-install.sh +++ b/nixos/modules/installer/tools/nixos-install.sh @@ -188,17 +188,6 @@ nix-env --store "$mountPoint" "${extraBuildFlags[@]}" \ mkdir -m 0755 -p "$mountPoint/etc" touch "$mountPoint/etc/NIXOS" -# Create a bind mount for each of the mount points inside the target file -# system. This preserves the validity of their absolute paths after changing -# the root with `nixos-enter`. -# Without this the bootloader installation may fail due to options that -# contain paths referenced during evaluation, like initrd.secrets. -if (( EUID == 0 )); then - mount --rbind --mkdir "$mountPoint" "$mountPoint$mountPoint" - mount --make-rslave "$mountPoint$mountPoint" - trap 'umount -R "$mountPoint$mountPoint" && rmdir "$mountPoint$mountPoint"' EXIT -fi - # Switch to the new system configuration. This will install Grub with # a menu default pointing at the kernel/initrd/etc of the new # configuration. @@ -206,7 +195,20 @@ if [[ -z $noBootLoader ]]; then echo "installing the boot loader..." # Grub needs an mtab. ln -sfn /proc/mounts "$mountPoint"/etc/mtab - NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -- /run/current-system/bin/switch-to-configuration boot + export mountPoint + NIXOS_INSTALL_BOOTLOADER=1 nixos-enter --root "$mountPoint" -c "$(cat <<'EOF' + # Create a bind mount for each of the mount points inside the target file + # system. This preserves the validity of their absolute paths after changing + # the root with `nixos-enter`. + # Without this the bootloader installation may fail due to options that + # contain paths referenced during evaluation, like initrd.secrets. + # when not root, re-execute the script in an unshared namespace + mount --rbind --mkdir / "$mountPoint" + mount --make-rslave "$mountPoint" + /run/current-system/bin/switch-to-configuration boot + umount -R "$mountPoint" && rmdir "$mountPoint" +EOF +)" fi # Ask the user to set a root password, but only if the passwd command |