this post was submitted on 18 Feb 2024
129 points (93.9% liked)
Linux
48372 readers
1797 users here now
From Wikipedia, the free encyclopedia
Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).
Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.
Rules
- Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
- No misinformation
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon by Alpár-Etele Méder, licensed under CC BY 3.0
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It may just be that the firmware of your particular board is buggy to the point of being broken.
You could try updating it but sometimes it's futile and the firmware is just the biggest pile of crap.
Absolutely reasonable expectation. I wish we had that.
I initially glossed over the fact that you said "user-owned" here. It still shouldn't affect anything because nothing uses /nix for anything security-critical at any point but it'd certainly be smelly.
User-owned
/nix
is only the case in single-user installs which I believe have been deprecated for a while and certainly aren't the way to go anymore.These days the preferred and default method is a multi-user install where
/nix
is owned by root there and exclusively managed by the privileged nix-daemon.Nix (the package manager) itself does have some limited local state (cache, current profile link) that is put into the appropriate XDG user dirs. It will never touch anything outside of those specific state dirs, the TMPDIR and
/nix
.Nix is designed to be fully contained in
/nix
. This property enables you to even wipe their entire root on every boot under NixOS.Apps installed via Nix behave as they always do w.r.t. cluttering directories.
openssh
will still create and manage its~/.ssh
directory for instance, just like on other distros. If you ran some daemon that you installed via Nix with sufficient privileges, it may try to create its state directory in/var
or whatever; just like the same daemon from any other distro's package would.That is all to say: Nix does not do anything special here. Its packages largely behave the same as they do on any other distro and that behaviour includes state directory cluttering behaviour at runtime.
No SELinux support whatsoever.
There is somewhat explicit non-support even as Nix' model of files and directories does not include xattrs; you cannot produce a Nix store path that has special xattrs for SELinux purposes.
Metadata like permissions, dates and owner information are all normalised in the Nix store. The only permitted metadata apart from the file name is whether regular files can be executed.
If your system uses SELinux, you must add an explicit exception for the Nix store. (Installers may do that automatically these days, I haven't kept up with that.)
Other distros simply do not touch
/nix
; it's not their domain.FHS distros control FHS directories such as
/usr
or/bin
depending on what individual packages contain but no sane package of an FHS distro will try to control/nix/store/hugehash-whatever/
.Nix does many things that go against original design principles of Unix and that's a good thing. It's not the 70s anymore and some aspects of Unix have not aged well.
https://economicsfromthetopdown.com/2024/02/17/nixing-technological-lock-in/
Using Nix for applications that have userspace driver dependencies on non-NixOS requires a hack unfortunately: https://github.com/nix-community/nixGL
Thanks for taking the time to answer all of my questions. I'm much more likely to try NIX again now.