dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

* security.setuidPrograms: don't set the default in the "default"

Browse Source 
mkOption argument, because then we lose them if somebody sets
  security.setuidPrograms somewhere else.  (Shouldn't "default" be
  merged as well?)

svn path=/nixos/trunk/; revision=16734
This commit is contained in:
Eelco Dolstra 2009-08-16 21:11:04 +00:00
parent dba1964122
commit 26439de75b
1 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
modules/security/setuid-wrappers.nix
View File

@ -10,7 +10,8 @@ let
name = "setuid-wrapper"; name = "setuid-wrapper";
buildCommand = '' buildCommand = ''
ensureDir $out/bin ensureDir $out/bin
gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" ${./setuid-wrapper.c} -o $out/bin/setuid-wrapper gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" \
${./setuid-wrapper.c} -o $out/bin/setuid-wrapper
strip -s $out/bin/setuid-wrapper strip -s $out/bin/setuid-wrapper
''; '';
}; };
@ -24,10 +25,7 @@ in
options = { options = {
security.setuidPrograms = mkOption { security.setuidPrograms = mkOption {
default = default = [];
[ "passwd" "su" "crontab" "ping" "ping6"
"fusermount" "wodim" "cdrdao" "growisofs"
];
description = '' description = ''
Only the programs from system path listed here will be made Only the programs from system path listed here will be made
setuid root (through a wrapper program). setuid root (through a wrapper program).
@ -76,6 +74,11 @@ in
config = { config = {
security.setuidPrograms =
[ "passwd" "su" "crontab" "ping" "ping6"
"fusermount" "wodim" "cdrdao" "growisofs"
];
system.activationScripts.setuid = system.activationScripts.setuid =
let let
setuidPrograms = setuidPrograms =