Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable suid and atime on the /nix mount point on Darwin (backport #12016) #12185

Merged
merged 1 commit into from
Jan 10, 2025
Merged

Disable suid and atime on the /nix mount point on Darwin (backport #12016) #12185

merged 1 commit into from
Jan 10, 2025

Conversation

mergify[bot]
Copy link
Contributor

@mergify mergify bot commented Jan 10, 2025

The Determinate Nix Installer has set nosuid and noatime in DeterminateSystems/nix-installer#1338, and figured this perf and security improvement is worthy of upstreaming.

The /nix volume shouldn't have setuid binaries anyway, and filesystems seem to generally be noatime on macOS. Further, the garbage collector doesn't use atime.

Motivation

Context

Add 👍 to pull requests you find important.

The Nix maintainer team uses a GitHub project board to schedule and track reviews.

This is an automatic backport of pull request #12016 done by [Mergify](https://mergify.com).

@grahamc @mergify
Disable suid and atime on the /nix mount point on Darwin
56332fd 
The Determinate Nix Installer has set nosuid and noatime in DeterminateSystems/nix-installer#1338, and figured this perf and security improvement is worthy of upstreaming.

The /nix volume shouldn't have setuid binaries anyway, and filesystems seem to generally be noatime on macOS.
Further, the garbage collector doesn't use atime.

(cherry picked from commit 4137ead)
@mergify mergify bot requested a review from edolstra as a code owner January 10, 2025 09:56
@mergify mergify bot added the merge-queue label Jan 10, 2025
@edolstra edolstra enabled auto-merge January 10, 2025 12:31
@edolstra edolstra merged commit f2bb7e0 into 2.24-maintenance Jan 10, 2025
25 checks passed
@edolstra edolstra deleted the mergify/bp/2.24-maintenance/pr-12016 branch January 10, 2025 14:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@edolstra edolstra Awaiting requested review from edolstra edolstra is a code owner

Assignees
No one assigned
Labels
merge-queue
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@edolstra @grahamc