streamLayeredImage: Change mode of /nix, /nix/store to 755

The change is insignificant when the owner is root. However, when it is not root, this change is needed to allow using Nix (as an unprivileged user) inside the container.
2024-09-20 04:19:00 +02:00 · 2024-01-22 11:49:52 +00:00 · 2024-01-22 11:49:52 +00:00 · 2697d34603
parent 0ec13cdb90
commit 2697d34603
2 changed files with 2 additions and 2 deletions
--- a/nixos/tests/docker-tools.nix
+++ b/nixos/tests/docker-tools.nix
@ -181,7 +181,7 @@ in {
    ):
        docker.succeed(
            "docker load --input='${examples.bashLayeredWithUser}'",
-            "docker run -u somebody --rm ${examples.bashLayeredWithUser.imageName} ${pkgs.bash}/bin/bash -c 'test 555 == $(stat --format=%a /nix) && test 555 == $(stat --format=%a /nix/store)'",
+            "docker run -u somebody --rm ${examples.bashLayeredWithUser.imageName} ${pkgs.bash}/bin/bash -c 'test 755 == $(stat --format=%a /nix) && test 755 == $(stat --format=%a /nix/store)'",
            "docker rmi ${examples.bashLayeredWithUser.imageName}",
        )

--- a/pkgs/build-support/docker/stream_layered_image.py
+++ b/pkgs/build-support/docker/stream_layered_image.py
@ -70,7 +70,7 @@ def archive_paths_to(obj, paths, mtime, uid, gid, uname, gname):
        return ti

    def nix_root(ti):
-        ti.mode = 0o0555  # r-xr-xr-x
+        ti.mode = 0o0755  # rwxr-xr-x
        return ti

    def dir(path):