* Obsolete security.extraSetuidPrograms.

svn path=/nixos/trunk/; revision=32723
2012-03-01 20:10:46 +00:00 · 2012-03-01 20:10:46 +00:00 · a6f410f144
parent 58c6231a20
commit a6f410f144
2 changed files with 11 additions and 15 deletions
--- a/modules/rename.nix
+++ b/modules/rename.nix
@ -67,6 +67,8 @@ in zipModules ([]
 # ++ rename alias "services.xserver.slim.theme" "services.xserver.displayManager.slim.theme"
 ++ rename obsolete "environment.extraPackages" "environment.systemPackages"

++ rename obsolete "security.extraSetuidPrograms" "security.setuidPrograms"
+
 # Old Grub-related options.
 ++ rename obsolete "boot.copyKernels" "boot.loader.grub.copyKernels"
 ++ rename obsolete "boot.extraGrubEntries" "boot.loader.grub.extraEntries"
--- a/modules/security/setuid-wrappers.nix
+++ b/modules/security/setuid-wrappers.nix
@ -27,17 +27,11 @@ in
    security.setuidPrograms = mkOption {
      default = [];
      description = ''
-        Only the programs from system path listed here will be made
-        setuid root (through a wrapper program).
-      '';
-    };
-
-    security.extraSetuidPrograms = mkOption {
-      default = [];
-      example = ["fusermount"];
-      description = ''
-        This option lists additional programs that must be made setuid
-        root. Obsolete, use setuidPrograms instead.
+        The Nix store cannot contain setuid/setgid programs directly.
+        For this reason, NixOS can automatically generate wrapper
+        programs that have the necessary privileges.  This option
+        lists the names of programs in the system environment for
+        which setuid root wrappers should be created.
      '';
    };

@ -62,8 +56,9 @@ in
      default = "/var/setuid-wrappers";
      description = ''
        This option defines the path to the setuid wrappers.  It
-        should generally not be overriden. Some packages in nixpkgs rely on
-        wrapperDir == /var/setuid-wrappers
+        should generally not be overriden. Some packages in Nixpkgs
+        expect that <option>wrapperDir</option> is
+        <filename>/var/setuid-wrappers</filename>.
      '';
    };

@ -81,8 +76,7 @@ in
      let
        setuidPrograms =
          (map (x: { program = x; owner = "root"; group = "root"; setuid = true; })
-            (config.security.setuidPrograms ++
-             config.security.extraSetuidPrograms))
+            config.security.setuidPrograms)
          ++ config.security.setuidOwners;

        makeSetuidWrapper =