dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

nixos/virtualbox-host: Fix hardening with headless vbox

Browse Source 
Fixes #157157.
This commit is contained in:
Zhaofeng Li 2022-10-08 15:41:17 -06:00
parent f677051b8d
commit 6ed7e545ec
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nixos/modules/virtualisation/virtualbox-host.nix
View File

@ -104,16 +104,18 @@ in
group = "vboxusers"; group = "vboxusers";
setuid = true; setuid = true;
}; };
executables = [
"VBoxHeadless"
"VBoxNetAdpCtl"
"VBoxNetDHCP"
"VBoxNetNAT"
"VBoxVolInfo"
] ++ (lib.optionals (!cfg.headless) [
"VBoxSDL"
"VirtualBoxVM"
]);
in mkIf cfg.enableHardening in mkIf cfg.enableHardening
(builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) [ (builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) executables));
"VBoxHeadless"
"VBoxNetAdpCtl"
"VBoxNetDHCP"
"VBoxNetNAT"
"VBoxSDL"
"VBoxVolInfo"
"VirtualBoxVM"
]));
users.groups.vboxusers.gid = config.ids.gids.vboxusers; users.groups.vboxusers.gid = config.ids.gids.vboxusers;