diff options
author | aszlig <aszlig@nix.build> | 2018-07-02 03:42:45 +0200 |
---|---|---|
committer | aszlig <aszlig@nix.build> | 2018-07-02 03:42:45 +0200 |
commit | cd8bde1c98543236ec0ceb4375c03eb55aa8e56d (patch) | |
tree | 3d7dd314c3e2caeef580938e2db8d2a0c657d5de /lib | |
parent | 72abbc69b13dcf40bac429147dc18a8b8c8bae7b (diff) |
pkgs/sandbox: Add flag to bind-mount read-only
While the Nix store should be read-only by default, we can't guarantee this as the Nix store could be mounted read-write (for example on non-NixOS systems). For paths other than store directories, I took a conservative approach here where only /etc is mounted read-only, for all the pseudo- filesystems such as /proc, /sys or /dev write access might still be needed, for example to write to a hardware device exposed via /dev (eg. a gamepad with rumble support). Signed-off-by: aszlig <aszlig@nix.build>
Diffstat (limited to 'lib')
0 files changed, 0 insertions, 0 deletions