diff options
| author | Domen Kožar <domen@dev.si> | 2016-08-31 16:24:40 +0200 |
|---|---|---|
| committer | Domen Kožar <domen@dev.si> | 2016-08-31 16:25:18 +0200 |
| commit | d8d75ddec6c960796e2c556db4dc67a73feb314a (patch) | |
| tree | 9c384edcc99e7445dcbbbe79016daaa924e3eac7 /nixos | |
| parent | 4499a505ed9c71c2fccbd746052bdffdaac1a1e0 (diff) | |
| download | nixlib-d8d75ddec6c960796e2c556db4dc67a73feb314a.tar nixlib-d8d75ddec6c960796e2c556db4dc67a73feb314a.tar.gz nixlib-d8d75ddec6c960796e2c556db4dc67a73feb314a.tar.bz2 nixlib-d8d75ddec6c960796e2c556db4dc67a73feb314a.tar.lz nixlib-d8d75ddec6c960796e2c556db4dc67a73feb314a.tar.xz nixlib-d8d75ddec6c960796e2c556db4dc67a73feb314a.tar.zst nixlib-d8d75ddec6c960796e2c556db4dc67a73feb314a.zip | |
Revert "setuid-wrappers: Update wrapper dir atomically."
This reverts commit ee535056ce01514854cdd1c2d56faad84ae347af. It doesn't work yet.
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/modules/security/setuid-wrappers.nix | 26 |
1 files changed, 6 insertions, 20 deletions
diff --git a/nixos/modules/security/setuid-wrappers.nix b/nixos/modules/security/setuid-wrappers.nix index 162b3a2cec7d..99dd514feea3 100644 --- a/nixos/modules/security/setuid-wrappers.nix +++ b/nixos/modules/security/setuid-wrappers.nix @@ -102,11 +102,11 @@ in source=/nix/var/nix/profiles/default/bin/${program} fi - cp ${setuidWrapper}/bin/setuid-wrapper $wrapperDir/${program} - echo -n "$source" > $wrapperDir/${program}.real - chmod 0000 $wrapperDir/${program} # to prevent races - chown ${owner}.${group} $wrapperDir/${program} - chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" $wrapperDir/${program} + cp ${setuidWrapper}/bin/setuid-wrapper ${wrapperDir}/${program} + echo -n "$source" > ${wrapperDir}/${program}.real + chmod 0000 ${wrapperDir}/${program} # to prevent races + chown ${owner}.${group} ${wrapperDir}/${program} + chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" ${wrapperDir}/${program} ''; in stringAfter [ "users" ] @@ -115,23 +115,9 @@ in # programs to be wrapped. SETUID_PATH=${config.system.path}/bin:${config.system.path}/sbin - mkdir -p /run/setuid-wrapper-dirs - wrapperDir=$(mktemp --directory --tmpdir=/run/setuid-wrapper-dirs setuid-wrappers.XXXXXXXXXX) + rm -f ${wrapperDir}/* # */ ${concatMapStrings makeSetuidWrapper setuidPrograms} - - if [ -d ${wrapperDir} ]; then - mv --no-target-directory ${wrapperDir} ${wrapperDir}-old - ln --symbolic $wrapperDir ${wrapperDir} - rm --force --recursive ${wrapperDir}-old - elif [ -L ${wrapperDir} ]; then - ln --symbolic --force --no-dereference $wrapperDir ${wrapperDir}-tmp - old=$(readlink ${wrapperDir}) - mv --no-target-directory ${wrapperDir}-tmp ${wrapperDir} - rm --force --recursive $old - else - ln --symbolic $wrapperDir ${wrapperDir} - fi ''; }; |