diff options
author | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-26 01:31:49 -0800 |
---|---|---|
committer | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-26 01:31:49 -0800 |
commit | ce36b58e21e8d15c1de0c300819b06e83a2a1c5a (patch) | |
tree | fabf8a37f190ee7a464c70be28d0a4b5d3c2f936 /nixos/modules/security | |
parent | f64b06a3e045c14110d9a7fcac9e4c8ee70ae8f0 (diff) | |
download | nixlib-ce36b58e21e8d15c1de0c300819b06e83a2a1c5a.tar nixlib-ce36b58e21e8d15c1de0c300819b06e83a2a1c5a.tar.gz nixlib-ce36b58e21e8d15c1de0c300819b06e83a2a1c5a.tar.bz2 nixlib-ce36b58e21e8d15c1de0c300819b06e83a2a1c5a.tar.lz nixlib-ce36b58e21e8d15c1de0c300819b06e83a2a1c5a.tar.xz nixlib-ce36b58e21e8d15c1de0c300819b06e83a2a1c5a.tar.zst nixlib-ce36b58e21e8d15c1de0c300819b06e83a2a1c5a.zip |
Derp
Diffstat (limited to 'nixos/modules/security')
3 files changed, 15 insertions, 5 deletions
diff --git a/nixos/modules/security/permissions-wrappers/default.nix b/nixos/modules/security/permissions-wrappers/default.nix index bb5ffff8e275..585e4a13be61 100644 --- a/nixos/modules/security/permissions-wrappers/default.nix +++ b/nixos/modules/security/permissions-wrappers/default.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let - inherit (config.security) permissionsWrapperDir; + inherit (config.security) run-permissionsWrapperDir permissionsWrapperDir; isNotNull = v: if v != null then true else false; @@ -132,6 +132,16 @@ in ''; }; + security.run-permissionsWrapperDir = lib.mkOption { + type = lib.types.path; + default = "/run/permissions-wrapper-dirs"; + internal = true; + description = '' + This option defines the run path to the permissions + wrappers. It should not be overriden. + ''; + }; + }; @@ -158,8 +168,8 @@ in # programs to be wrapped. PERMISSIONS_WRAPPER_PATH=${config.system.path}/bin:${config.system.path}/sbin - mkdir -p /run/permissions-wrapper-dirs - permissionsWrapperDir=$(mktemp --directory --tmpdir=/run/permissions-wrapper-dirs permissions-wrappers.XXXXXXXXXX) + mkdir -p ${run-permissionsWrapperDir} + permissionsWrapperDir=$(mktemp --directory --tmpdir=${run-permissionsWrapperDir} permissions-wrappers.XXXXXXXXXX) chmod a+rx $permissionsWrapperDir ${lib.concatMapStrings configureSetcapWrapper (builtins.filter isNotNull cfg.setcap)} diff --git a/nixos/modules/security/permissions-wrappers/setcap-wrapper-drv.nix b/nixos/modules/security/permissions-wrappers/setcap-wrapper-drv.nix index 04cae3c84931..3ec9b829a949 100644 --- a/nixos/modules/security/permissions-wrappers/setcap-wrapper-drv.nix +++ b/nixos/modules/security/permissions-wrappers/setcap-wrapper-drv.nix @@ -12,7 +12,7 @@ let source=/nix/var/nix/profiles/default/bin/${program} fi - gcc -Wall -O2 -DWRAPPER_SETCAP=1 -DSOURCE_PROG=\"$source\" -DWRAPPER_DIR=\"${config.security.permissionsWrapperDir}\" \ + gcc -Wall -O2 -DWRAPPER_SETCAP=1 -DSOURCE_PROG=\"$source\" -DWRAPPER_DIR=\"${cfg.run-permissionsWrapperDir}\" \ -lcap-ng -lcap ${./permissions-wrapper.c} -o $out/bin/${program}.wrapper -L ${pkgs.libcap.lib}/lib -L ${pkgs.libcap_ng}/lib \ -I ${pkgs.libcap.dev}/include -I ${pkgs.libcap_ng}/include -I ${pkgs.linuxHeaders}/include ''; diff --git a/nixos/modules/security/permissions-wrappers/setuid-wrapper-drv.nix b/nixos/modules/security/permissions-wrappers/setuid-wrapper-drv.nix index 3bf3effb801a..97dc3c1b0e06 100644 --- a/nixos/modules/security/permissions-wrappers/setuid-wrapper-drv.nix +++ b/nixos/modules/security/permissions-wrappers/setuid-wrapper-drv.nix @@ -12,7 +12,7 @@ let source=/nix/var/nix/profiles/default/bin/${program} fi - gcc -Wall -O2 -DWRAPPER_SETUID=1 -DSOURCE_PROG=\"$source\" -DWRAPPER_DIR=\"${config.security.permissionsWrapperDir}\" \ + gcc -Wall -O2 -DWRAPPER_SETUID=1 -DSOURCE_PROG=\"$source\" -DWRAPPER_DIR=\"${cfg.run-permissionsWrapperDir}\" \ -lcap-ng -lcap ${./permissions-wrapper.c} -o $out/bin/${program}.wrapper -L ${pkgs.libcap.lib}/lib -L ${pkgs.libcap_ng}/lib \ -I ${pkgs.libcap.dev}/include -I ${pkgs.libcap_ng}/include -I ${pkgs.linuxHeaders}/include ''; |