diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2018-10-10 01:20:42 +0200 |
---|---|---|
committer | Maximilian Bosch <maximilian@mbosch.me> | 2018-10-10 11:11:34 +0200 |
commit | 018573b7579b4212d7001bf6f0e9b31e1bdadb14 (patch) | |
tree | 0b8174228a67bf4da14a962fbb6f8e68ad13ffcd /nixos | |
parent | fc847785d89255fb34c32fb28212a66044f655f3 (diff) | |
download | nixlib-018573b7579b4212d7001bf6f0e9b31e1bdadb14.tar nixlib-018573b7579b4212d7001bf6f0e9b31e1bdadb14.tar.gz nixlib-018573b7579b4212d7001bf6f0e9b31e1bdadb14.tar.bz2 nixlib-018573b7579b4212d7001bf6f0e9b31e1bdadb14.tar.lz nixlib-018573b7579b4212d7001bf6f0e9b31e1bdadb14.tar.xz nixlib-018573b7579b4212d7001bf6f0e9b31e1bdadb14.tar.zst nixlib-018573b7579b4212d7001bf6f0e9b31e1bdadb14.zip |
nixos/weechat: add setuid wrapper for `screen' to ensure true multiuser capabilities
Previously you either had to set the setuid bit yourself or workaround `isSystemUser = true` (for a loginable shell) to access the weechat screen. `programs.screen` shouldn't do this by default to avoid taking too much assumptions about the setup, however `services.weechat` explicitly requires tihs. See #45728
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/services/misc/weechat.nix | 4 | ||||
-rw-r--r-- | nixos/modules/services/misc/weechat.xml | 2 |
2 files changed, 4 insertions, 2 deletions
diff --git a/nixos/modules/services/misc/weechat.nix b/nixos/modules/services/misc/weechat.nix index 1fcfb440485d..c6ff540ea12f 100644 --- a/nixos/modules/services/misc/weechat.nix +++ b/nixos/modules/services/misc/weechat.nix @@ -46,10 +46,12 @@ in Group = "weechat"; RemainAfterExit = "yes"; }; - script = "exec ${pkgs.screen}/bin/screen -Dm -S ${cfg.sessionName} ${cfg.binary}"; + script = "exec ${config.security.wrapperDir}/screen -Dm -S ${cfg.sessionName} ${cfg.binary}"; wantedBy = [ "multi-user.target" ]; wants = [ "network.target" ]; }; + + security.wrappers.screen.source = "${pkgs.screen}/bin/screen"; }; meta.doc = ./weechat.xml; diff --git a/nixos/modules/services/misc/weechat.xml b/nixos/modules/services/misc/weechat.xml index 9c9ee0448c92..b7f755bbc5c7 100644 --- a/nixos/modules/services/misc/weechat.xml +++ b/nixos/modules/services/misc/weechat.xml @@ -54,7 +54,7 @@ </programlisting> Now, the session can be re-attached like this: <programlisting> -screen -r weechat-screen +screen -x weechat/weechat-screen </programlisting> </para> |