public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* dbus: enable support for system services (these are programs that

Browse Source 
the bus daemon can start on demand).  ConsoleKit and PolicyKit need
  this.  This requires a setuid wrapper for dbus-daemon-launch-helper,
  as well as a "messagebus" group.

svn path=/nixos/trunk/; revision=16736
This commit is contained in:
Eelco Dolstra 2009-08-16 21:46:26 +00:00
parent 26439de75b
commit 7dbf523ddc
2 changed files with 45 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
modules/misc/ids.nix
View File

@ -57,6 +57,7 @@ in
wheel = 1; wheel = 1;
kmem = 2; kmem = 2;
tty = 3; tty = 3;
messagebus = 4; # D-Bus
haldaemon = 5; haldaemon = 5;
disk = 6; disk = 6;
vsftpd = 7; vsftpd = 7;

48
modules/services/system/dbus.nix
View File

@ -7,16 +7,27 @@ let
cfg = config.services.dbus; cfg = config.services.dbus;
inherit (pkgs) dbus; # !!! dbus_temp uses /etc/dbus-1; will be merged into pkgs.dbus later.
dbus = pkgs.dbus_temp;
homeDir = "/var/run/dbus"; homeDir = "/var/run/dbus";
configFile = pkgs.stdenv.mkDerivation { configDir = pkgs.stdenv.mkDerivation {
name = "dbus-conf"; name = "dbus-conf";
buildCommand = '' buildCommand = ''
ensureDir $out ensureDir $out
ln -s ${dbus}/etc/dbus-1/system.conf $out/system.conf
cp ${dbus}/etc/dbus-1/system.conf $out/system.conf
# Tell the daemon where the setuid wrapper around
# dbus-daemon-launch-helper lives.
sed -i $out/system.conf \
-e 's|<servicehelper>.*/libexec/dbus-daemon-launch-helper|<servicehelper>${config.security.wrapperDir}/dbus-daemon-launch-helper|'
# Add the system-services directories to the daemon's search path.
sed -i $out/system.conf \
-e 's|<standard_system_servicedirs/>|${systemServiceDirs}|'
# Note: system.conf includes ./system.d (i.e. it has a relative, # Note: system.conf includes ./system.d (i.e. it has a relative,
# not absolute path). # not absolute path).
ensureDir $out/system.d ensureDir $out/system.d
@ -26,6 +37,10 @@ let
''; # */ ''; # */
}; };
systemServiceDirs = concatMapStrings
(d: "<servicedir>${d}/share/dbus-1/system-services</servicedir> ")
cfg.packages;
in in
{ {
@ -67,11 +82,26 @@ in
environment.systemPackages = [dbus.daemon dbus.tools]; environment.systemPackages = [dbus.daemon dbus.tools];
environment.etc = singleton
# We need /etc/dbus-1/system.conf for now, because
# dbus-daemon-launch-helper is called with an empty environment
# and no arguments. So we have no way to tell it the location
# of our config file.
{ source = configDir;
target = "dbus-1";
};
users.extraUsers = singleton users.extraUsers = singleton
{ name = "messagebus"; { name = "messagebus";
uid = config.ids.uids.messagebus; uid = config.ids.uids.messagebus;
description = "D-Bus system message bus daemon user"; description = "D-Bus system message bus daemon user";
home = homeDir; home = homeDir;
group = "messagebus";
};
users.extraGroups = singleton
{ name = "messagebus";
gid = config.ids.gids.messagebus;
}; };
jobs = singleton jobs = singleton
@ -92,7 +122,7 @@ in
# !!! hack - dbus should be running once this job is # !!! hack - dbus should be running once this job is
# considered "running"; should be fixable once we have # considered "running"; should be fixable once we have
# Upstart 0.6. # Upstart 0.6.
${dbus}/bin/dbus-daemon --config-file=${configFile}/system.conf ${dbus}/bin/dbus-daemon --config-file=${configDir}/system.conf
''; '';
postStop = postStop =
@ -104,6 +134,16 @@ in
''; '';
}; };
security.setuidOwners = singleton
{ program = "dbus-daemon-launch-helper";
source = "${dbus}/libexec/dbus-daemon-launch-helper";
owner = "root";
group = "messagebus";
setuid = true;
setgid = false;
permissions = "u+rx,g+rx,o-rx";
};
}; };
} }