Setuid wrapper should not be constrained to a specific linux kernel version

2017-01-26 09:39:37 -08:00 · 2017-01-26 09:39:37 -08:00 · 9de070e620
commit 9de070e620
parent 01e6b82f3f
2 changed files with 0 additions and 8 deletions
--- a/nixos/modules/security/permissions-wrappers/default.nix
+++ b/nixos/modules/security/permissions-wrappers/default.nix
@ -92,13 +92,6 @@ in
        capabilities!! This may be too restrictive for cases in which
        the real program needs cap_setpcap but it at least leans on
        the side security paranoid vs. too relaxed.
-
-        The attribute `setcap` defaults to false and it will create a
-        wrapper program but never set the capability set on it. This
-        is done so that you can remove a capability sent entirely from
-        a wrapper program without also needing to go change any
-        absolute paths that may be directly referencing the wrapper
-        program.
      '';
    };

--- a/nixos/modules/security/permissions-wrappers/setuid-wrapper-drv.nix
+++ b/nixos/modules/security/permissions-wrappers/setuid-wrapper-drv.nix
@ -21,7 +21,6 @@ in
 # This is only useful for Linux platforms and a kernel version of
 # 4.3 or greater
 assert pkgs.stdenv.isLinux;
-assert lib.versionAtLeast (lib.getVersion config.boot.kernelPackages.kernel) "4.3";

 pkgs.stdenv.mkDerivation {
  name         = "setuid-wrapper";