diff options
| author | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-29 05:33:56 -0600 |
|---|---|---|
| committer | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-29 05:33:56 -0600 |
| commit | 628e6a83d0f3b7ddc0592c88fef7978a7ee0063e (patch) | |
| tree | 9be8f15d5603d70e65795410ac9140812f9a79a5 /nixos/modules/security/wrappers | |
| parent | 70b8167d4ac3572a2f364bba18432ea15df92971 (diff) | |
| download | nixlib-628e6a83d0f3b7ddc0592c88fef7978a7ee0063e.tar nixlib-628e6a83d0f3b7ddc0592c88fef7978a7ee0063e.tar.gz nixlib-628e6a83d0f3b7ddc0592c88fef7978a7ee0063e.tar.bz2 nixlib-628e6a83d0f3b7ddc0592c88fef7978a7ee0063e.tar.lz nixlib-628e6a83d0f3b7ddc0592c88fef7978a7ee0063e.tar.xz nixlib-628e6a83d0f3b7ddc0592c88fef7978a7ee0063e.tar.zst nixlib-628e6a83d0f3b7ddc0592c88fef7978a7ee0063e.zip | |
More derp
Diffstat (limited to 'nixos/modules/security/wrappers')
| -rw-r--r-- | nixos/modules/security/wrappers/default.nix | 24 |
1 files changed, 1 insertions, 23 deletions
diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix index 8e20d773125f..9909c6406471 100644 --- a/nixos/modules/security/wrappers/default.nix +++ b/nixos/modules/security/wrappers/default.nix @@ -4,22 +4,13 @@ let inherit (config.security) wrapperDir wrappers setuidPrograms; programs = - (map (x: { program = x; owner = "root"; group = "root"; setuid = true; }) setuidPrograms) - ++ (lib.mapAttrsToList (n: v: (if v ? "program" then v else v // {program=n;})) wrappers); mkWrapper = { program, source ? null, ...}: '' - if ! source=${if source != null || source != "" then source else "$(readlink -f $(PATH=$WRAPPER_PATH type -tP ${program}))"}; then - # If we can't find the program, fall back to the - # system profile. - source=/nix/var/nix/profiles/default/bin/${program} - fi - parentWrapperDir=$(dirname ${wrapperDir}) - - gcc -Wall -O2 -DSOURCE_PROG=\"$source\" -DWRAPPER_DIR=\"$parentWrapperDir\" \ + gcc -Wall -O2 -DSOURCE_PROG=\"${source}\" -DWRAPPER_DIR=\"$parentWrapperDir\" \ -lcap-ng -lcap ${./wrapper.c} -o $out/bin/${program}.wrapper -L ${pkgs.libcap.lib}/lib -L ${pkgs.libcap_ng}/lib \ -I ${pkgs.libcap.dev}/include -I ${pkgs.libcap_ng}/include -I ${pkgs.linuxHeaders}/include ''; @@ -96,19 +87,6 @@ in ###### interface options = { - security.setuidPrograms = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - example = ["passwd"]; - description = '' - The Nix store cannot contain setuid/setgid programs directly. - For this reason, NixOS can automatically generate wrapper - programs that have the necessary privileges. This option - lists the names of programs in the system environment for - which setuid root wrappers should be created. - ''; - }; - security.wrappers = lib.mkOption { type = lib.types.attrs; default = {}; |