forked from lix-project/lix
b9124a5c33
It turns out that the immutable bit doesn't work all that well. A better way is to make the entire Nix store a read-only bind mount, i.e. by doing $ mount --bind /nix/store /nix/store $ mount -o remount,ro,bind /nix/store (This would typically done in an early boot script, before anything from /nix/store is used.) Since Nix needs to be able to write to the Nix store, it now detects if /nix/store is a read-only bind mount and then makes it writable in a private mount namespace. |
||
---|---|---|
corepkgs | ||
doc | ||
misc | ||
perl | ||
scripts | ||
src | ||
tests | ||
.gitignore | ||
AUTHORS | ||
bootstrap.sh | ||
build.nix | ||
configure.ac | ||
COPYING | ||
INSTALL | ||
Makefile.am | ||
nix.spec.in | ||
README | ||
release.nix | ||
substitute.mk | ||
version |
Nix is a purely functional package manager. For installation and usage instructions, please read the manual, which can be found in `docs/manual/manual.html', and additionally at the Nix website at <http://nixos.org/>. Acknowledgments This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.OpenSSL.org/).