diff options
| author | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-26 01:13:19 -0800 |
|---|---|---|
| committer | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-26 01:13:19 -0800 |
| commit | f64b06a3e045c14110d9a7fcac9e4c8ee70ae8f0 (patch) | |
| tree | 74ec5600ea54aa80ad9e3970a583dbcf0f74f9b0 /nixos/modules/security | |
| parent | fd974085bf5b7a18c0c053a1fdd331c523221fb1 (diff) | |
| download | nixlib-f64b06a3e045c14110d9a7fcac9e4c8ee70ae8f0.tar nixlib-f64b06a3e045c14110d9a7fcac9e4c8ee70ae8f0.tar.gz nixlib-f64b06a3e045c14110d9a7fcac9e4c8ee70ae8f0.tar.bz2 nixlib-f64b06a3e045c14110d9a7fcac9e4c8ee70ae8f0.tar.lz nixlib-f64b06a3e045c14110d9a7fcac9e4c8ee70ae8f0.tar.xz nixlib-f64b06a3e045c14110d9a7fcac9e4c8ee70ae8f0.tar.zst nixlib-f64b06a3e045c14110d9a7fcac9e4c8ee70ae8f0.zip | |
Hmmm
Diffstat (limited to 'nixos/modules/security')
| -rw-r--r-- | nixos/modules/security/permissions-wrappers/default.nix | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/nixos/modules/security/permissions-wrappers/default.nix b/nixos/modules/security/permissions-wrappers/default.nix index 0ea465fbd787..bb5ffff8e275 100644 --- a/nixos/modules/security/permissions-wrappers/default.nix +++ b/nixos/modules/security/permissions-wrappers/default.nix @@ -23,11 +23,11 @@ let , owner ? "nobody" , group ? "nogroup" }: '' - cp ${setcapWrappers}/bin/${program}.wrapper ${permissionsWrapperDir}/${program} + cp ${setcapWrappers}/bin/${program}.wrapper $permissionsWrapperDir/${program} # Prevent races - chmod 0000 ${permissionsWrapperDir}/${program} - chown ${owner}.${group} ${permissionsWrapperDir}/${program} + chmod 0000 $permissionsWrapperDir/${program} + chown ${owner}.${group} $permissionsWrapperDir/${program} # Set desired capabilities on the file plus cap_setpcap so # the wrapper program can elevate the capabilities set on @@ -35,10 +35,10 @@ let # # Only set the capabilities though if we're being told to # do so. - ${pkgs.libcap.out}/bin/setcap "cap_setpcap,${capabilities}" ${permissionsWrapperDir}/${program} + ${pkgs.libcap.out}/bin/setcap "cap_setpcap,${capabilities}" $permissionsWrapperDir/${program} # Set the executable bit - chmod u+rx,g+x,o+x ${permissionsWrapperDir}/${program} + chmod u+rx,g+x,o+x $permissionsWrapperDir/${program} ''; ###### Activation script for the setuid wrappers @@ -51,13 +51,13 @@ let , setgid ? false , permissions ? "u+rx,g+x,o+x" }: '' - cp ${setuidWrappers}/bin/${program}.wrapper ${permissionsWrapperDir}/${program} + cp ${setuidWrappers}/bin/${program}.wrapper $permissionsWrapperDir/${program} # Prevent races - chmod 0000 ${permissionsWrapperDir}/${program} - chown ${owner}.${group} ${permissionsWrapperDir}/${program} + chmod 0000 $permissionsWrapperDir/${program} + chown ${owner}.${group} $permissionsWrapperDir/${program} - chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" ${permissionsWrapperDir}/${program} + chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" $permissionsWrapperDir/${program} ''; in { @@ -143,11 +143,11 @@ in # variable when initializing the shell environment.extraInit = '' # The permissions wrappers override other bin directories. - export PATH="${config.security.permissionsWrapperDir}:$PATH" + export PATH="${permissionsWrapperDir}:$PATH" ''; system.activationScripts.wrapper-dir = '' - mkdir -p "${config.security.permissionsWrapperDir}" + mkdir -p "${permissionsWrapperDir}" ''; ###### setcap activation script |