nix-cage icon indicating copy to clipboard operation
nix-cage copied to clipboard
verified publisher icon corpix

Empty mount source for "ro" section results in mounting everything read-only

Open corpix opened this issue 3 years ago • 2 comments 

{
  "mounts": {
    "rw": [
      "~/code",
      "~/dotfiles",
      "~/.emacs.d",
      "~/.cache/emacs",
      "~/.cache",
      "~/.config",
      "~/.local",
      "/tmp"
    ],
    "ro": [
      "$XAUTHORITY",
      "~/.ssh",
      "~/.gitconfig",
      "/"
    ],
    "tmpfs": [
      "/tmp",
      "/home",
      "/run/user",
      "/run/user/$UID"
    ]
  },
  "environment": {
     "SHELL": "$SHELL",
     "NIX_REMOTE": "daemon",
     "DISPLAY": "$DISPLAY"
  },
  "arguments": {
    "mode": "replace",
    "bwrap": [
      "--die-with-parent"
    ]
  }
}

Reproducible when XAUTHORITY is empty or unset

corpix avatar Dec 12 '22 08:12 corpix

is nix-cage.json a place to configure the cage? (I didn't really understand this from the documentation)

coderofsalvation avatar Aug 10 '23 08:08 coderofsalvation

@coderofsalvation yes

corpix avatar Aug 10 '23 09:08 corpix