From e856d6efe812f24034aa8077fb538af0e8f8462d Mon Sep 17 00:00:00 2001
From: Parnell Springmeyer <parnell@digitalmentat.com>
Date: Tue, 14 Feb 2017 08:40:12 -0600
Subject: Default should be to set owner and group to root on setcap wrappers
 too

---
 nixos/modules/security/wrappers/default.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'nixos/modules/security')

diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 144053a4ea3b..2ed8a601a035 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -73,7 +73,10 @@ let
   mkWrappedPrograms =
     builtins.map
       (s: if (s ? "capabilities")
-          then mkSetcapProgram s
+          then mkSetcapProgram
+                 ({ owner = "root";
+                  , group = "root";
+                  } // s)
           else if 
              (s ? "setuid"  && s.setuid  == true) ||
              (s ? "setguid" && s.setguid == true) ||
-- 
cgit 1.4.1