diff options
| author | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-29 05:39:18 -0600 |
|---|---|---|
| committer | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-29 05:39:18 -0600 |
| commit | 3215bcf4450080c44411171b4d69d0cb2dd1b1bd (patch) | |
| tree | 8cdcf20c88bbe33f1aae2ea32a2f44030ed97d54 /nixos/modules/tasks | |
| parent | a3e9d77640b686c29692294ca7d557b11dfe2c65 (diff) | |
| download | nixlib-3215bcf4450080c44411171b4d69d0cb2dd1b1bd.tar nixlib-3215bcf4450080c44411171b4d69d0cb2dd1b1bd.tar.gz nixlib-3215bcf4450080c44411171b4d69d0cb2dd1b1bd.tar.bz2 nixlib-3215bcf4450080c44411171b4d69d0cb2dd1b1bd.tar.lz nixlib-3215bcf4450080c44411171b4d69d0cb2dd1b1bd.tar.xz nixlib-3215bcf4450080c44411171b4d69d0cb2dd1b1bd.tar.zst nixlib-3215bcf4450080c44411171b4d69d0cb2dd1b1bd.zip | |
Beebooboop
Diffstat (limited to 'nixos/modules/tasks')
| -rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 28 |
1 files changed, 10 insertions, 18 deletions
diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 3ef0a2ee1a2f..dc77a6a40f83 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -898,27 +898,19 @@ in # Capabilities won't work unless we have at-least a 4.3 Linux # kernel because we need the ambient capability - security = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") { - wrappers = { - ping = { - source = "${pkgs.iputils.out}/bin/ping"; - capabilities = "cap_net_raw+p"; - }; - - ping6 = { - source = "${pkgs.iputils.out}/bin/ping6"; - capabilities = "cap_net_raw+p"; - }; + security.wrappers = if (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") then { + ping = { + source = "${pkgs.iputils.out}/bin/ping"; + capabilities = "cap_net_raw+p"; }; - }; - # If the linux kernel IS older than 4.3, create setuid wrappers - # for ping and ping6 - security = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") { - wrappers = { - ping.source = "${pkgs.iputils.out}/bin/ping"; - "ping6".source = "${pkgs.iputils.out}/bin/ping6"; + ping6 = { + source = "${pkgs.iputils.out}/bin/ping6"; + capabilities = "cap_net_raw+p"; }; + } else { + ping.source = "${pkgs.iputils.out}/bin/ping"; + "ping6".source = "${pkgs.iputils.out}/bin/ping6"; }; # Set the host and domain names in the activation script. Don't |