diff options
-rw-r--r-- | nixos/modules/security/permissions-wrappers/default.nix | 7 | ||||
-rw-r--r-- | nixos/modules/security/permissions-wrappers/setuid-wrapper-drv.nix | 1 |
2 files changed, 0 insertions, 8 deletions
diff --git a/nixos/modules/security/permissions-wrappers/default.nix b/nixos/modules/security/permissions-wrappers/default.nix index 585e4a13be61..480bd371040e 100644 --- a/nixos/modules/security/permissions-wrappers/default.nix +++ b/nixos/modules/security/permissions-wrappers/default.nix @@ -92,13 +92,6 @@ in capabilities!! This may be too restrictive for cases in which the real program needs cap_setpcap but it at least leans on the side security paranoid vs. too relaxed. - - The attribute `setcap` defaults to false and it will create a - wrapper program but never set the capability set on it. This - is done so that you can remove a capability sent entirely from - a wrapper program without also needing to go change any - absolute paths that may be directly referencing the wrapper - program. ''; }; diff --git a/nixos/modules/security/permissions-wrappers/setuid-wrapper-drv.nix b/nixos/modules/security/permissions-wrappers/setuid-wrapper-drv.nix index 42b00c8548ab..53cce2ff48e7 100644 --- a/nixos/modules/security/permissions-wrappers/setuid-wrapper-drv.nix +++ b/nixos/modules/security/permissions-wrappers/setuid-wrapper-drv.nix @@ -21,7 +21,6 @@ in # This is only useful for Linux platforms and a kernel version of # 4.3 or greater assert pkgs.stdenv.isLinux; -assert lib.versionAtLeast (lib.getVersion config.boot.kernelPackages.kernel) "4.3"; pkgs.stdenv.mkDerivation { name = "setuid-wrapper"; |