summary refs log tree commit diff
path: root/nixos/modules/security
diff options
context:
space:
mode:
authorParnell Springmeyer <parnell@digitalmentat.com>2017-02-14 08:40:12 -0600
committerParnell Springmeyer <parnell@digitalmentat.com>2017-02-14 08:40:12 -0600
commite856d6efe812f24034aa8077fb538af0e8f8462d (patch)
tree7d23652fa07d08dfb3c33af7f753a08c71a01181 /nixos/modules/security
parentc01689f8dab3387eb004192ce078659e9a4f334c (diff)
downloadnixlib-e856d6efe812f24034aa8077fb538af0e8f8462d.tar
nixlib-e856d6efe812f24034aa8077fb538af0e8f8462d.tar.gz
nixlib-e856d6efe812f24034aa8077fb538af0e8f8462d.tar.bz2
nixlib-e856d6efe812f24034aa8077fb538af0e8f8462d.tar.lz
nixlib-e856d6efe812f24034aa8077fb538af0e8f8462d.tar.xz
nixlib-e856d6efe812f24034aa8077fb538af0e8f8462d.tar.zst
nixlib-e856d6efe812f24034aa8077fb538af0e8f8462d.zip
Default should be to set owner and group to root on setcap wrappers too
Diffstat (limited to 'nixos/modules/security')
-rw-r--r--nixos/modules/security/wrappers/default.nix5


1 files changed, 4 insertions, 1 deletions
diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 144053a4ea3b..2ed8a601a035 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -73,7 +73,10 @@ let
   mkWrappedPrograms =
     builtins.map
       (s: if (s ? "capabilities")
-          then mkSetcapProgram s
+          then mkSetcapProgram
+                 ({ owner = "root";
+                  , group = "root";
+                  } // s)
           else if 
              (s ? "setuid"  && s.setuid  == true) ||
              (s ? "setguid" && s.setguid == true) ||

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-07-06 11:29:28 +0000