diff options
Diffstat (limited to 'nixos/modules/security/wrappers/setcap-wrapper-drv.nix')
-rw-r--r-- | nixos/modules/security/wrappers/setcap-wrapper-drv.nix | 37 |
1 files changed, 0 insertions, 37 deletions
diff --git a/nixos/modules/security/wrappers/setcap-wrapper-drv.nix b/nixos/modules/security/wrappers/setcap-wrapper-drv.nix deleted file mode 100644 index 03dca5c9f42b..000000000000 --- a/nixos/modules/security/wrappers/setcap-wrapper-drv.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - cfg = config.security.wrappers; - - # Produce a shell-code splice intended to be stitched into one of - # the build or install phases within the derivation. - mkSetcapWrapper = { program, source ? null, ...}: '' - if ! source=${if source != null then source else "$(readlink -f $(PATH=$PERMISSIONS_WRAPPER_PATH type -tP ${program}))"}; then - # If we can't find the program, fall back to the - # system profile. - source=/nix/var/nix/profiles/default/bin/${program} - fi - - gcc -Wall -O2 -DWRAPPER_SETCAP=1 -DSOURCE_PROG=\"$source\" -DWRAPPER_DIR=\"${config.security.run-wrapperDir}\" \ - -lcap-ng -lcap ${./permissions-wrapper.c} -o $out/bin/${program}.wrapper -L ${pkgs.libcap.lib}/lib -L ${pkgs.libcap_ng}/lib \ - -I ${pkgs.libcap.dev}/include -I ${pkgs.libcap_ng}/include -I ${pkgs.linuxHeaders}/include - ''; -in - -# This is only useful for Linux platforms and a kernel version of -# 4.3 or greater -assert pkgs.stdenv.isLinux; -assert lib.versionAtLeast (lib.getVersion config.boot.kernelPackages.kernel) "4.3"; - -pkgs.stdenv.mkDerivation { - name = "setcap-wrapper"; - unpackPhase = "true"; - buildInputs = [ pkgs.linuxHeaders ]; - installPhase = '' - mkdir -p $out/bin - - # Concat together all of our shell splices to compile - # binary wrapper programs for all configured setcap programs. - ${lib.concatMapStrings mkSetcapWrapper cfg.setcap} - ''; -} |