* Obsolete security.extraSetuidPrograms.
svn path=/nixos/trunk/; revision=32723
This commit is contained in:
Eelco Dolstra
parent
58c6231a20
commit
a6f410f144
@ -67,6 +67,8 @@ in zipModules ([]
|
|||||||
# ++ rename alias "services.xserver.slim.theme" "services.xserver.displayManager.slim.theme"
|
# ++ rename alias "services.xserver.slim.theme" "services.xserver.displayManager.slim.theme"
|
||||||
++ rename obsolete "environment.extraPackages" "environment.systemPackages"
|
++ rename obsolete "environment.extraPackages" "environment.systemPackages"
|
||||||
|
|
||||||
|
++ rename obsolete "security.extraSetuidPrograms" "security.setuidPrograms"
|
||||||
|
|
||||||
# Old Grub-related options.
|
# Old Grub-related options.
|
||||||
++ rename obsolete "boot.copyKernels" "boot.loader.grub.copyKernels"
|
++ rename obsolete "boot.copyKernels" "boot.loader.grub.copyKernels"
|
||||||
++ rename obsolete "boot.extraGrubEntries" "boot.loader.grub.extraEntries"
|
++ rename obsolete "boot.extraGrubEntries" "boot.loader.grub.extraEntries"
|
||||||
|
|||||||
@ -27,17 +27,11 @@ in
|
|||||||
security.setuidPrograms = mkOption {
|
security.setuidPrograms = mkOption {
|
||||||
default = [];
|
default = [];
|
||||||
description = ''
|
description = ''
|
||||||
Only the programs from system path listed here will be made
|
The Nix store cannot contain setuid/setgid programs directly.
|
||||||
setuid root (through a wrapper program).
|
For this reason, NixOS can automatically generate wrapper
|
||||||
'';
|
programs that have the necessary privileges. This option
|
||||||
};
|
lists the names of programs in the system environment for
|
||||||
|
which setuid root wrappers should be created.
|
||||||
security.extraSetuidPrograms = mkOption {
|
|
||||||
default = [];
|
|
||||||
example = ["fusermount"];
|
|
||||||
description = ''
|
|
||||||
This option lists additional programs that must be made setuid
|
|
||||||
root. Obsolete, use setuidPrograms instead.
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -62,8 +56,9 @@ in
|
|||||||
default = "/var/setuid-wrappers";
|
default = "/var/setuid-wrappers";
|
||||||
description = ''
|
description = ''
|
||||||
This option defines the path to the setuid wrappers. It
|
This option defines the path to the setuid wrappers. It
|
||||||
should generally not be overriden. Some packages in nixpkgs rely on
|
should generally not be overriden. Some packages in Nixpkgs
|
||||||
wrapperDir == /var/setuid-wrappers
|
expect that <option>wrapperDir</option> is
|
||||||
|
<filename>/var/setuid-wrappers</filename>.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -81,8 +76,7 @@ in
|
|||||||
let
|
let
|
||||||
setuidPrograms =
|
setuidPrograms =
|
||||||
(map (x: { program = x; owner = "root"; group = "root"; setuid = true; })
|
(map (x: { program = x; owner = "root"; group = "root"; setuid = true; })
|
||||||
(config.security.setuidPrograms ++
|
config.security.setuidPrograms)
|
||||||
config.security.extraSetuidPrograms))
|
|
||||||
++ config.security.setuidOwners;
|
++ config.security.setuidOwners;
|
||||||
|
|
||||||
makeSetuidWrapper =
|
makeSetuidWrapper =
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user