8 Oct 2024 |
ElvishJerricco | but something tells me no one will consider that a real attack vector | 00:12:12 |
ElvishJerricco | * like, if there was a pwn_my_system.ko kernel module, you could put x-systemd.requires=modprobe@pwn_my_system.service,x-initrd-mount in a fake sysroot's /etc/fstab | 00:12:24 |
ElvishJerricco | (because the .ko would have to come from the initrd) | 00:12:55 |
atagen | Redacted or Malformed Event | 01:14:02 |
aloisw | You have already lost when you mount the fake sysroot, the kernel does not care about malicious filesystems. | 05:26:31 |
Arian | something something what about we don't run activation in the initrd :D | 08:29:04 |
Ramses 🇵🇸 | How do we feel about merging https://github.com/NixOS/nixpkgs/pull/311394 ? All comments have been addressed, and the extra linting is gated behind an enable option. It would be cool to get it in so that we can get more people to potentially submit fixes for shellcheck issues in systemd service scripts | 09:54:19 |
| schuelermine changed their profile picture. | 16:31:28 |
9 Oct 2024 |
| Alex joined the room. | 02:26:31 |
| Foxikira changed their display name from David to Foxikira. | 06:17:03 |
Arian | Should we get rid of nixos-generate-config generating an fstab entry for /boot ? | 10:28:03 |
Arian | there's an automount and having the FAT partition mounted all the time is not a good idea | 10:28:15 |
ElvishJerricco | Arian: I don't think that always works. IIRC the way the automount is generated is by systemd-gpt-auto-generator determining the backing device of / and extrapolating the ESP from the discoverable partitions spec. So if it can't figure out / -> device, then it won't make the automount | 10:56:41 |
ElvishJerricco | e.g. tmpfs root, zfs root, or anything else more interesting than a single device FS that systemd knows how to find the backing device of. | 10:59:50 |
Arian | Ah but we could make an auto mount instead of a mount unit then though I guess | 12:00:17 |
Arian | Is there a flag in fstab for that? Probably right? | 12:00:34 |
gdamjan | x-systemd.automunt | 13:28:23 |
gdamjan | * x-systemd.automount | 13:28:29 |
gdamjan | In reply to @elvishjerricco:matrix.org Arian: I don't think that always works. IIRC the way the automount is generated is by systemd-gpt-auto-generator determining the backing device of / and extrapolating the ESP from the discoverable partitions spec. So if it can't figure out / -> device, then it won't make the automount yeah, it depends on the gpt-auto-generator. I wonder if ESP auto generator should be extracted in its own thing | 13:29:56 |
ElvishJerricco | In reply to @arianvp:matrix.org Is there a flag in fstab for that? Probably right? Yes. x-systemd.automount . | 14:15:53 |
ElvishJerricco | What's wrong with having the FAT partition mounted at all times btw? | 14:16:02 |
Ramses 🇵🇸 | I think you'd usually combine that with x-systemd.idle-timeout so that the partition gets unmounted again as well | 14:24:38 |
Arian | This was Lennart's rationale for auto-unmounting it: https://github.com/systemd/systemd/issues/1378#issuecomment-143547766 | 14:24:38 |
ElvishJerricco | In reply to @arianvp:matrix.org This was Lennart's rationale for auto-unmounting it: https://github.com/systemd/systemd/issues/1378#issuecomment-143547766 Hm, I guess the point is that the ESP is something you really don't want to have uncleanly shutdown? | 14:29:04 |
mjm | i think that's a fair point: i've corrupted a few ESPs recently by random chance, FAT is fragile | 14:30:07 |
gdamjan | yeah, and FAT structures are not really robust. but also some UEFIs might not like the dirty flag on the filesystem.
IIRC I've encountered at least one such UEFI | 14:30:30 |
Arian | Yeh. If you remember all those "this USB thumbdrive wasn't removed safely" problems on windows XP it's basically that. | 14:42:34 |
mjm | oh boy do i | 14:43:26 |
emily | someone should figure out a way to make FAT CoW | 14:51:59 |
Arian | FAT CoW makes me chuckle | 14:52:15 |