* security.setuidPrograms: don't set the default in the "default"

mkOption argument, because then we lose them if somebody sets security.setuidPrograms somewhere else. (Shouldn't "default" be merged as well?) svn path=/nixos/trunk/; revision=16734
2009-08-16 21:11:04 +00:00 · 2009-08-16 21:11:04 +00:00 · 26439de75b
parent dba1964122
commit 26439de75b
1 changed files with 9 additions and 6 deletions
--- a/modules/security/setuid-wrappers.nix
+++ b/modules/security/setuid-wrappers.nix
@ -10,7 +10,8 @@ let
    name = "setuid-wrapper";
    buildCommand = ''
      ensureDir $out/bin
-      gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" ${./setuid-wrapper.c} -o $out/bin/setuid-wrapper
+      gcc -Wall -O2 -DWRAPPER_DIR=\"${wrapperDir}\" \
+          ${./setuid-wrapper.c} -o $out/bin/setuid-wrapper
      strip -s $out/bin/setuid-wrapper
    '';
  };
@ -24,10 +25,7 @@ in
  options = {

    security.setuidPrograms = mkOption {
-      default =
-        [ "passwd" "su" "crontab" "ping" "ping6"
-          "fusermount" "wodim" "cdrdao" "growisofs"
-        ];
+      default = [];
      description = ''
        Only the programs from system path listed here will be made
        setuid root (through a wrapper program).
@ -75,7 +73,12 @@ in
  ###### implementation

  config = {
-  
+
+    security.setuidPrograms =
+      [ "passwd" "su" "crontab" "ping" "ping6"
+        "fusermount" "wodim" "cdrdao" "growisofs"
+      ];
+
    system.activationScripts.setuid =
      let
        setuidPrograms =