public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

security: need to specify the ping binary paths for setcap wrappers.

Browse Source
This commit is contained in:
Parnell Springmeyer 2016-07-01 11:53:21 -05:00
parent 2efb60c8e9
commit 79f1a1e07a
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/tasks/network-interfaces.nix
View File

@ -894,11 +894,13 @@ in
security.setcapCapabilities = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") ( security.setcapCapabilities = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") (
[ [
{ program = "ping"; { program = "ping";
source = "${pkgs.iputils.out}/bin/ping";
setcap = true; setcap = true;
capabilities = "cap_net_raw+p"; capabilities = "cap_net_raw+p";
} }
{ program = "ping6"; { program = "ping6";
source = "${pkgs.iputils.out}/bin/ping6";
setcap = true; setcap = true;
capabilities = "cap_net_raw+p"; capabilities = "cap_net_raw+p";
} }