mirrors/sops-nix
mirrors/sops-nix
1
0
Fork 0
mirror of https://github.com/Mic92/sops-nix.git synced 2025-03-31 04:14:37 +00:00
Code Activity

only mount ramfs once

Browse source
This commit is contained in:
Jörg Thalheim 2021-01-27 08:36:33 +01:00
parent 3735915c48
commit 4de7358a2b
No known key found for this signature in database
GPG key ID: B3F5D81B0C6967C4
1 changed files with 10 additions and 2 deletions

12
pkgs/sops-install-secrets/main.go
View file

@ -251,13 +251,21 @@ func decryptSecrets(secrets []secret) error {
return nil
}
const RAMFS_MAGIC = 0x858458f6
func mountSecretFs(mountpoint string, keysGid int) error {
if err := os.MkdirAll(mountpoint, 0750); err != nil {
return fmt.Errorf("Cannot create directory '%s': %w", mountpoint, err)
}
if err := unix.Mount("none", mountpoint, "ramfs", unix.MS_NODEV|unix.MS_NOSUID, "mode=0750"); err != nil {
return fmt.Errorf("Cannot mount: %s", err)
buf := unix.Statfs_t {}
if err := unix.Statfs(mountpoint, &buf); err != nil {
return fmt.Errorf("Cannot get statfs for directory '%s': %w", mountpoint, err)
}
if buf.Type != RAMFS_MAGIC {
if err := unix.Mount("none", mountpoint, "ramfs", unix.MS_NODEV|unix.MS_NOSUID, "mode=0750"); err != nil {
return fmt.Errorf("Cannot mount: %s", err)
}
}
if err := os.Chown(mountpoint, 0, int(keysGid)); err != nil {