I’m using nix to generate a script that needs to be run as root. A colleague of mine complained that he is getting a “Read-only filesystem” error when running that script. It looks like there is an error on my end, as the script copies some data to the containing directory, i.e. the nix store. Also, nix store verify --all confirms that the store directory is corrupted.
I see other complain about that error. I see a good explanation how it should work at How does nix write in the read only store?
The only problem, I’m not getting the “Read-only filesystem” error. I want to have it as a way to protect my set up and help avoid similar errors in my scripts in the future. I even reinstalled Nix as multi-user today by following the instructions at Installation - Nix Reference Manual
I don’t see /nix in the mount output.
I’m running Fedora 39 x86_64, fully up-to-date. The root filesystem is on ext4.
I was able to protect my nix store by running sudo mount --bind -o ro /nix/store /nix/store or by adding this line to /etc/fstab: /nix/store /nix/store none ro,bind 0 0
I’m surprised why the installer didn’t add that line for me.
I think it’s the nix daemon that protect the store
I commented out the line for mounting /nix/store in /etc/fstab and rebooted. /nix/store wasn’t mounted. systemctl status nix-daemon showed that the daemon wasn’t started, so I started it by sudo systemctl start nix-daemon. Still, /nix/store wasn’t mounted after that. So it remains a mystery for my why some other users get the protection by default.