From e92b8402b05f34072a20075ed54660e7a7237cc3 Mon Sep 17 00:00:00 2001
From: Parnell Springmeyer <parnell@digitalmentat.com>
Date: Sat, 28 Jan 2017 20:48:03 -0800
Subject: Addressing PR feedback

---
 nixos/modules/tasks/network-interfaces.nix | 47 ++++++++++--------------------
 1 file changed, 16 insertions(+), 31 deletions(-)

(limited to 'nixos/modules/tasks')

diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix
index 61519c6a3ce8..1afcddd915f7 100644
--- a/nixos/modules/tasks/network-interfaces.nix
+++ b/nixos/modules/tasks/network-interfaces.nix
@@ -898,38 +898,23 @@ in
 
     # Capabilities won't work unless we have at-least a 4.3 Linux
     # kernel because we need the ambient capability
-    security.permissionsWrappers.setcap = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") (
-      [
-        { program = "ping";
-          source  = "${pkgs.iputils.out}/bin/ping";
-          capabilities = "cap_net_raw+p";
-        }
+    security.wrappers = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") {
+      ping = {
+        source  = "${pkgs.iputils.out}/bin/ping";
+        capabilities = "cap_net_raw+p";
+      };
 
-        { program = "ping6";
-          source  = "${pkgs.iputils.out}/bin/ping6";
-          capabilities = "cap_net_raw+p";
-        }
-      ]
-    );
-
-    # If our linux kernel IS older than 4.3, let's setuid ping and ping6
-    security.permissionsWrappers.setuid = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") (
-      [
-        { program = "ping";
-          source  = "${pkgs.iputils.out}/bin/ping";
-          owner   = "root";
-          group   = "root";
-          setuid  = true;
-        }
-        
-        { program = "ping6";
-          source  = "${pkgs.iputils.out}/bin/ping6";
-          owner   = "root";
-          group   = "root";
-          setuid  = true;
-        }
-      ]
-    );
+      ping6 = {
+        source  = "${pkgs.iputils.out}/bin/ping6";
+        capabilities = "cap_net_raw+p";
+      };
+    };
+
+    # If the linux kernel IS older than 4.3, create setuid wrappers
+    # for ping and ping6
+    security.setuidPrograms = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") [
+      "ping" "ping6"
+    ];
 
     # Set the host and domain names in the activation script.  Don't
     # clear it if it's not configured in the NixOS configuration,
-- 
cgit 1.4.1