diff options
| author | Joachim Fasting <joachifm@fastmail.fm> | 2016-11-26 02:52:41 +0100 |
|---|---|---|
| committer | Joachim Fasting <joachifm@fastmail.fm> | 2016-11-26 02:59:35 +0100 |
| commit | fdbf7dc8b38cd523804d342d2c153dfeb10cc83d (patch) | |
| tree | a481ef84d40c4af7764f05e35124784f4bbd6827 /pkgs/os-specific/linux/gradm | |
| parent | a51378c4191aa76f909ac1826a5a963c8a6810a0 (diff) | |
| download | nixlib-fdbf7dc8b38cd523804d342d2c153dfeb10cc83d.tar nixlib-fdbf7dc8b38cd523804d342d2c153dfeb10cc83d.tar.gz nixlib-fdbf7dc8b38cd523804d342d2c153dfeb10cc83d.tar.bz2 nixlib-fdbf7dc8b38cd523804d342d2c153dfeb10cc83d.tar.lz nixlib-fdbf7dc8b38cd523804d342d2c153dfeb10cc83d.tar.xz nixlib-fdbf7dc8b38cd523804d342d2c153dfeb10cc83d.tar.zst nixlib-fdbf7dc8b38cd523804d342d2c153dfeb10cc83d.zip | |
gradm: fix using gradm while the RBAC system is active
The built-in ACL prevents the gradm binary from loading dynamic libraries from the Nix store. Thus, once the RBAC system is activated, the gradm binary cannot be used. Fix by patching in rules to allow references to the Nix store where appropriate.
Diffstat (limited to 'pkgs/os-specific/linux/gradm')
| -rw-r--r-- | pkgs/os-specific/linux/gradm/default.nix | 2 | ||||
| -rw-r--r-- | pkgs/os-specific/linux/gradm/gradm_nix_store.patch | 31 |
2 files changed, 33 insertions, 0 deletions
diff --git a/pkgs/os-specific/linux/gradm/default.nix b/pkgs/os-specific/linux/gradm/default.nix index 7f64ed227719..2beb07094697 100644 --- a/pkgs/os-specific/linux/gradm/default.nix +++ b/pkgs/os-specific/linux/gradm/default.nix @@ -12,6 +12,8 @@ stdenv.mkDerivation rec { sha256 = "0y5565rhil5ciprwz7nx4s4ah7dsxx7zrkg42dbq0mcg8m316xrb"; }; + patches = [ ./gradm_nix_store.patch ]; + nativeBuildInputs = [ bison flex ]; buildInputs = [ pam ]; diff --git a/pkgs/os-specific/linux/gradm/gradm_nix_store.patch b/pkgs/os-specific/linux/gradm/gradm_nix_store.patch new file mode 100644 index 000000000000..c1b7047324b1 --- /dev/null +++ b/pkgs/os-specific/linux/gradm/gradm_nix_store.patch @@ -0,0 +1,31 @@ +diff -ruN a/gradm_adm.c b/gradm_adm.c +--- a/gradm_adm.c 2016-08-13 18:56:45.000000000 +0200 ++++ b/gradm_adm.c 2016-11-26 02:47:05.829718770 +0100 +@@ -166,6 +166,8 @@ + ADD_OBJ("/usr/libx32", "rx"); + ADD_OBJ("/lib64", "rx"); + ADD_OBJ("/usr/lib64", "rx"); ++ ADD_OBJ("/nix/store", "h"); ++ ADD_OBJ("/nix/store/*/lib", "rx"); + ADD_OBJ(gradm_name, "x"); + ADD_OBJ(grpam_path, "x"); + +@@ -286,6 +288,8 @@ + ADD_OBJ("/usr/lib32", "rx"); + ADD_OBJ("/lib64", "rx"); + ADD_OBJ("/usr/lib64", "rx"); ++ ADD_OBJ("/nix/store", "h"); ++ ADD_OBJ("/nix/store/*/lib", "rx"); + ADD_OBJ("/tmp", ""); + ADD_OBJ("/tmp/krb5cc_pam*", "rwcd"); + ADD_OBJ(grpam_path, "x"); +@@ -369,6 +373,9 @@ + ADD_OBJ("/lib", "rx"); + ADD_OBJ("/lib32", "rx"); + ADD_OBJ("/lib64", "rx"); ++ ADD_OBJ("/nix/store", "h"); ++ ADD_OBJ("/nix/store/*/bin", "rx"); ++ ADD_OBJ("/nix/store/*/lib", "rx"); + ADD_OBJ("/usr", "rx"); + ADD_OBJ("/proc", "r"); + ADD_OBJ("/boot", "h"); |