disko icon indicating copy to clipboard operation
disko copied to clipboard

Published 20 hours ago verified publisher icon nix-community

security hole /boot and /boot/loader/random-seed

Open i-am-logger opened this issue 1 year ago • 3 comments

I'm using disko to setup the partitions of my system via flake.

started to get these warnings recently:

image

the proposed solution without disko is

  fileSystems."/boot" = {
    options = [ "umask=0077" ];
  };

though not sure how to set it with disko

i-am-logger avatar Feb 02 '24 15:02 i-am-logger

though not sure how to set it with disko

Exactly the same (if your disko config contains a /boot). Disko does configure the filesystems attribute, but those settings get merged with your own ones via the nixos module system

phaer avatar Feb 02 '24 15:02 phaer 

...
partitions = {
  boot = {
    type = "EF00";
    size = "500M";
	content = {
      type = "filesystem";
      format = "vfat";
      mountOptions = [ "umask=0077" ];
      mountpoint = "/boot";
    };
  };
};

Lassulus avatar Feb 02 '24 15:02 Lassulus

This issue has been mentioned on NixOS Discourse. There might be relevant details there:

https://discourse.nixos.org/t/nixos-install-with-custom-flake-results-in-boot-being-world-accessible/34555/23

nixos-discourse avatar Feb 09 '24 22:02 nixos-discourse

Thank you for pointing this out! All the examples and documentation reflect this now.

iFreilicht avatar Oct 02 '24 09:10 iFreilicht