diff options
-rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 26 |
1 files changed, 15 insertions, 11 deletions
diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index a01bf21af51a..3ef0a2ee1a2f 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -898,23 +898,27 @@ in # Capabilities won't work unless we have at-least a 4.3 Linux # kernel because we need the ambient capability - security.wrappers = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") { - ping = { - source = "${pkgs.iputils.out}/bin/ping"; - capabilities = "cap_net_raw+p"; - }; + security = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") { + wrappers = { + ping = { + source = "${pkgs.iputils.out}/bin/ping"; + capabilities = "cap_net_raw+p"; + }; - ping6 = { - source = "${pkgs.iputils.out}/bin/ping6"; - capabilities = "cap_net_raw+p"; + ping6 = { + source = "${pkgs.iputils.out}/bin/ping6"; + capabilities = "cap_net_raw+p"; + }; }; }; # If the linux kernel IS older than 4.3, create setuid wrappers # for ping and ping6 - security.wrappers = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") { - ping.source = "${pkgs.iputils.out}/bin/ping"; - "ping6".source = "${pkgs.iputils.out}/bin/ping6"; + security = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") { + wrappers = { + ping.source = "${pkgs.iputils.out}/bin/ping"; + "ping6".source = "${pkgs.iputils.out}/bin/ping6"; + }; }; # Set the host and domain names in the activation script. Don't |