From 26439de75bdeb322530f4b5f7126a7e0c09419c5 Mon Sep 17 00:00:00 2001
From: Eelco Dolstra <eelco.dolstra@logicblox.com>
Date: Sun, 16 Aug 2009 21:11:04 +0000
Subject: [PATCH] * security.setuidPrograms: don't set the default in the
 "default"   mkOption argument, because then we lose them if somebody sets  
 security.setuidPrograms somewhere else.  (Shouldn't "default" be   merged as
 well?)

svn path=/nixos/trunk/; revision=16734
---
 modules/security/setuid-wrappers.nix | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/modules/security/setuid-wrappers.nix b/modules/security/setuid-wrappers.nix
index 103929a12d4d..5450bbb7bab5 100644
--- a/modules/security/setuid-wrappers.nix
+++ b/modules/security/setuid-wrappers.nix
@@ -10,7 +10,8 @@ let
     name = "setuid-wrapper";
     buildCommand = ''
       ensureDir $out/bin
-      gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" ${./setuid-wrapper.c} -o $out/bin/setuid-wrapper
+      gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" \
+          ${./setuid-wrapper.c} -o $out/bin/setuid-wrapper
       strip -s $out/bin/setuid-wrapper
     '';
   };
@@ -24,10 +25,7 @@ in
   options = {
 
     security.setuidPrograms = mkOption {
-      default =
-        [ "passwd" "su" "crontab" "ping" "ping6"
-          "fusermount" "wodim" "cdrdao" "growisofs"
-        ];
+      default = [];
       description = ''
         Only the programs from system path listed here will be made
         setuid root (through a wrapper program).
@@ -75,7 +73,12 @@ in
   ###### implementation
 
   config = {
-  
+
+    security.setuidPrograms =
+      [ "passwd" "su" "crontab" "ping" "ping6"
+        "fusermount" "wodim" "cdrdao" "growisofs"
+      ];
+
     system.activationScripts.setuid =
       let
         setuidPrograms =