public
/
nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a keys group with read access to /run/keys 

This allows processes running as unprivileged users access to keys they might need
This commit is contained in:
Shea Levy 2014-02-11 07:00:10 -05:00
parent 8f64e74414
commit 4ab5646417
3 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
nixos/modules/misc/ids.nix
View File

@ -201,6 +201,7 @@
openldap = 93; openldap = 93;
connman = 94; connman = 94;
munin = 95; munin = 95;
keys = 96;
# When adding a gid, make sure it doesn't match an existing uid. # When adding a gid, make sure it doesn't match an existing uid.

3
nixos/modules/system/boot/stage-2-init.sh
View File

@ -136,7 +136,8 @@ fi
# elsehwere) # elsehwere)
if ! mountpoint -q /run/keys; then if ! mountpoint -q /run/keys; then
rm -rf /run/keys rm -rf /run/keys
mkdir -m 0700 /run/keys mkdir -m 0750 /run/keys
chown root:keys /run/keys
mount -t ramfs none /run/keys mount -t ramfs none /run/keys
fi fi

2
nixos/modules/system/boot/systemd.nix
View File

@ -645,6 +645,8 @@ in
''; '';
# Target for charon send-keys to hook into. # Target for charon send-keys to hook into.
users.extraGroups.keys.gid = config.ids.gids.keys;
systemd.targets.keys = systemd.targets.keys =
{ description = "Security Keys"; { description = "Security Keys";
}; };