about summary refs log tree commit diff
path: root/nixos/modules/security/wrappers
Commit message (Collapse)AuthorAge
* nixos/treewide: Move rename.nix imports to their respective modulesSilvan Mosberger2019-12-10
| | | | | | | | A centralized list for these renames is not good because: - It breaks disabledModules for modules that have a rename defined - Adding/removing renames for a module means having to find them in the central file - Merge conflicts due to multiple people editing the central file
* treewide: remove redundant quotesvolth2019-08-26
|
* nixos/wrappers: remove outdated upgrade codeLinus Heckemann2018-10-21
| | | | | As mentioned in the code comments themselves, this was only necessary for 16.09 -> 17.03 and as such is obsolete.
* wrapper.c: fixup includes to work w/muslWill Dietz2018-03-25
|
* nixos/security-wrapper: Fix cross-compilationBen Gamari2018-01-09
|
* fuse3: init at 3.1.1Michael Weiss2017-09-21
| | | | | | | | | | | | | | | | | | | | | | | This includes fuse-common (fusePackages.fuse_3.common) as recommended by upstream. But while fuse(2) and fuse3 would normally depend on fuse-common we can't do that in nixpkgs while fuse-common is just another output from the fuse3 multiple-output derivation (i.e. this would result in a circular dependency). To avoid building fuse3 twice I decided it would be best to copy the shared files (i.e. the ones provided by fuse(2) and fuse3) from fuse-common to fuse (version 2) and avoid collision warnings by defining priorities. Now it should be possible to install an arbitrary combination of "fuse", "fuse3", and "fuse-common" without getting any collision warnings. The end result should be the same and all changes should be backwards compatible (assuming that mount.fuse from fuse3 is backwards compatible as stated by upstream [0] - if not this might break some /etc/fstab definitions but that should be very unlikely). My tests with sshfs (version 2 and 3) didn't show any problems. See #28409 for some additional information. [0]: https://github.com/libfuse/libfuse/releases/tag/fuse-3.0.0
* security-wrapper: run activation script after specialfstv2017-06-26
| | | | | | Ensures that parentWrapperDir exists before it is used. Closes #26851
* Fixing attribute name mistake: setguid => setgidParnell Springmeyer2017-06-15
|
* security-wrapper: link old wrapper dir to new oneRobin Gloster2017-03-23
| | | | | | This makes setuid wrappers not fail after upgrading. references #23641, #22914, #19862, #16654
* Revert "security-wrapper: Don't remove the old paths yet as that can create ↵Robin Gloster2017-03-23
| | | | | | | | migration pain" This reverts commit 4c751ced376e0042ddd4f2aa8bd40754b9ea8926. This does not fix the issue as /run is now mounted with nosuid.
* security-wrapper: Don't remove the old paths yet as that can create ↵Parnell Springmeyer2017-03-08
| | | | migration pain
* wrappers service: make /run/wrappers a mountpointNikolay Amiantov2017-02-21
| | | | | Also remove some compatibility code because the directory in question would be shadowed by a mountpoint anyway.
* setcapWrapper: add support for setting permissionsRobin Gloster2017-02-17
|
* nixos/security.wrappers: improve documentationBjørn Forsman2017-02-15
| | | | | | | * The source attribute is mandatory, not optional * The program attribute is optional * Move the info about the mandatory attribute first (most important, IMHO)
* nixos/security.wrappers: use literalExample in documentationBjørn Forsman2017-02-15
| | | | | It's much more readable when the example attrset is pretty printed instead of written as one line.
* nixos: remove remaining reference to setuidProgramsBjørn Forsman2017-02-15
| | | | The option doesn't exist anymore.
* security-wrapper: Wrap <para> tags in a <note> tagParnell Springmeyer2017-02-14
|
* Using para tags for manual formattingParnell Springmeyer2017-02-14
|
* Syntax wibbleParnell Springmeyer2017-02-14
|
* Default should be to set owner and group to root on setcap wrappers tooParnell Springmeyer2017-02-14
|
* Fixing ref to old-wrappersDirParnell Springmeyer2017-02-14
|
* Simplifying the wrapper program derivationParnell Springmeyer2017-02-14
|
* Addressing feedback and fixing a bugParnell Springmeyer2017-02-14
|
* Removing unused module option old-wrapperDirParnell Springmeyer2017-02-14
|
* Derp, correctly write the source program's pathParnell Springmeyer2017-02-13
|
* Resurrecting the single-wrapper read from sibling .real file behaviorParnell Springmeyer2017-02-13
|
* Conditionally logging debug messages based on the WRAPPER_DEBUG env var ↵Parnell Springmeyer2017-01-30
| | | | being set (or not)
* Switching to individually generated derivationsParnell Springmeyer2017-01-30
|
* Set merge + mkIf always surprises meParnell Springmeyer2017-01-29
|
* Derp, wrong path nameParnell Springmeyer2017-01-29
|
* More migration cleanup + todos for cleanupParnell Springmeyer2017-01-29
|
* Gotta provide sane defaults! This is what I get for 5AM codingParnell Springmeyer2017-01-29
|
* More derpParnell Springmeyer2017-01-29
|
* A few more tweaksParnell Springmeyer2017-01-29
|
* Getting rid of the var indirection and using a bin path insteadParnell Springmeyer2017-01-29
|
* More wibbles?Parnell Springmeyer2017-01-29
|
* Another wibbleParnell Springmeyer2017-01-29
|
* Derp derpParnell Springmeyer2017-01-29
|
* Qualify with libParnell Springmeyer2017-01-29
|
* Qualify mkOption with libParnell Springmeyer2017-01-29
|
* Removing dead codeParnell Springmeyer2017-01-29
|
* setcap-wrapper: Syntax wibbleParnell Springmeyer2017-01-29
|
* setcap-wrapper: Syntax wibbleParnell Springmeyer2017-01-29
|
* setcap-wrapper: Minor refactorParnell Springmeyer2017-01-29
|
* setcap-wrapper: Addressing more PR feedback, unifying drvs, and cleaning up ↵Parnell Springmeyer2017-01-29
| | | | a bit
* Addressing PR feedbackParnell Springmeyer2017-01-28
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-03 01:43:01 +0000