diff options
author | Pierre Bourdon <delroth@gmail.com> | 2018-12-05 04:24:37 +0100 |
---|---|---|
committer | Robin Gloster <mail@glob.in> | 2018-12-05 11:26:38 +0100 |
commit | 3873f43fc39d6662ffedc3e0413a8741558e5952 (patch) | |
tree | f6d9a6163052a6243661168e076c8f465227914a | |
parent | 199b4c47434aecea7aa56edb82879327df228b23 (diff) | |
download | nixlib-3873f43fc39d6662ffedc3e0413a8741558e5952.tar nixlib-3873f43fc39d6662ffedc3e0413a8741558e5952.tar.gz nixlib-3873f43fc39d6662ffedc3e0413a8741558e5952.tar.bz2 nixlib-3873f43fc39d6662ffedc3e0413a8741558e5952.tar.lz nixlib-3873f43fc39d6662ffedc3e0413a8741558e5952.tar.xz nixlib-3873f43fc39d6662ffedc3e0413a8741558e5952.tar.zst nixlib-3873f43fc39d6662ffedc3e0413a8741558e5952.zip |
prometheus/exporters: fix regression in DynamicUser behavior
Instead of setting User/Group only when DynamicUser is disabled, the previous version of the code set it only when it was enabled. This caused services with DynamicUser enabled to actually run as nobody, and services without DynamicUser enabled to run as root. Regression from fbb7e0c82f297815950e9153c21e561a704bfcd5.
-rw-r--r-- | nixos/modules/services/monitoring/prometheus/exporters.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/services/monitoring/prometheus/exporters.nix b/nixos/modules/services/monitoring/prometheus/exporters.nix index 950af848c0f6..5308c9c4ee08 100644 --- a/nixos/modules/services/monitoring/prometheus/exporters.nix +++ b/nixos/modules/services/monitoring/prometheus/exporters.nix @@ -127,7 +127,7 @@ let serviceConfig.Restart = mkDefault "always"; serviceConfig.PrivateTmp = mkDefault true; serviceConfig.WorkingDirectory = mkDefault /tmp; - } serviceOpts ] ++ optional (serviceOpts.serviceConfig.DynamicUser or false) { + } serviceOpts ] ++ optional (!(serviceOpts.serviceConfig.DynamicUser or false)) { serviceConfig.User = conf.user; serviceConfig.Group = conf.group; }); |