From 0cd7cac74467c3028cc974e8f41108a5e78a56d5 Mon Sep 17 00:00:00 2001 From: Kaede Akino Date: Wed, 22 May 2024 21:19:56 +0800 Subject: [PATCH] sops-install-secrets: add mount options for darwin --- pkgs/sops-install-secrets/darwin.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkgs/sops-install-secrets/darwin.go b/pkgs/sops-install-secrets/darwin.go index 46e6383..5070633 100644 --- a/pkgs/sops-install-secrets/darwin.go +++ b/pkgs/sops-install-secrets/darwin.go @@ -84,7 +84,7 @@ func MountSecretFs(mountpoint string, keysGID int, _useTmpfs bool, userMode bool // See https://stackoverflow.com/a/49048846/4108673 // err = unix.Mount("hfs", mountpoint, unix.MNT_NOEXEC|unix.MNT_NODEV, mount_args) // Instead we call: - out, err = exec.Command("mount", "-t", "hfs", diskpath, mountpoint).Output() + out, err = exec.Command("mount", "-t", "hfs", "-o", "nobrowse,nodev,nosuid,-m=0751", diskpath, mountpoint).Output() log.Printf("mount ret %v. out: %s", err, out) // There is no documented way to check for memfs mountpoint. Thus we place a file.