public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
242,186 Commits 1 Branch 0 Tags
Commit Graph

48 Commits

Author SHA1 Message Date
Julien Moutinho
fb6d63f3fd apparmor: fix and improve the service 2020-09-06 07:43:03 +02:00
Doron Behar
a854b77b08 nixos/wrappers: make (u)mount have the +s bit. 
See
https://discourse.nixos.org/t/how-to-make-a-derivations-executables-have-the-s-permission/8555
and:
https://www.linuxquestions.org/questions/slackware-14/must-be-superuser-to-use-mount-fstab-is-correct-however-144932/
 2020-08-15 21:57:16 +03:00
Silvan Mosberger
4ee3e8b21d
nixos/treewide: Move rename.nix imports to their respective modules 
A centralized list for these renames is not good because:
- It breaks disabledModules for modules that have a rename defined
- Adding/removing renames for a module means having to find them in the
central file
- Merge conflicts due to multiple people editing the central file
 2019-12-10 02:51:19 +01:00
volth
35d68ef143 treewide: remove redundant quotes 2019-08-26 21:40:19 +00:00
Linus Heckemann
45981145ad nixos/wrappers: remove outdated upgrade code 
As mentioned in the code comments themselves, this was only necessary
for 16.09 -> 17.03 and as such is obsolete.
 2018-10-21 15:12:36 +02:00
Will Dietz
cb30a1b425 wrapper.c: fixup includes to work w/musl 2018-03-25 18:06:02 -05:00
Ben Gamari
b2cbffae64 nixos/security-wrapper: Fix cross-compilation 2018-01-09 11:25:19 -05:00
Michael Weiss
351f5fc585 fuse3: init at 3.1.1 
This includes fuse-common (fusePackages.fuse_3.common) as recommended by
upstream. But while fuse(2) and fuse3 would normally depend on
fuse-common we can't do that in nixpkgs while fuse-common is just
another output from the fuse3 multiple-output derivation (i.e. this
would result in a circular dependency). To avoid building fuse3 twice I
decided it would be best to copy the shared files (i.e. the ones
provided by fuse(2) and fuse3) from fuse-common to fuse (version 2) and
avoid collision warnings by defining priorities. Now it should be
possible to install an arbitrary combination of "fuse", "fuse3", and
"fuse-common" without getting any collision warnings. The end result
should be the same and all changes should be backwards compatible
(assuming that mount.fuse from fuse3 is backwards compatible as stated
by upstream [0] - if not this might break some /etc/fstab definitions
but that should be very unlikely).

My tests with sshfs (version 2 and 3) didn't show any problems.

See #28409 for some additional information.

[0]: https://github.com/libfuse/libfuse/releases/tag/fuse-3.0.0
 2017-09-21 23:59:46 +02:00
tv
ea44ca47f3 security-wrapper: run activation script after specialfs 
Ensures that parentWrapperDir exists before it is used.

Closes #26851
 2017-06-26 09:26:16 +02:00
Parnell Springmeyer
5ca644c228
Fixing attribute name mistake: setguid => setgid 2017-06-15 19:25:43 -07:00
Robin Gloster
e82baf043e
security-wrapper: link old wrapper dir to new one 
This makes setuid wrappers not fail after upgrading.

references #23641, #22914, #19862, #16654
 2017-03-23 15:57:30 +01:00
Robin Gloster
45f486f096
Revert "security-wrapper: Don't remove the old paths yet as that can create migration pain" 
This reverts commit 4c751ced376e0042ddd4f2aa8bd40754b9ea8926.

This does not fix the issue as /run is now mounted with nosuid.
 2017-03-23 15:57:23 +01:00
Parnell Springmeyer
4c751ced37
security-wrapper: Don't remove the old paths yet as that can create migration pain 2017-03-08 08:57:52 -06:00
Nikolay Amiantov
2cc4703a2d wrappers service: make /run/wrappers a mountpoint 
Also remove some compatibility code because the directory in question would be
shadowed by a mountpoint anyway.
 2017-02-21 12:13:35 +03:00
Robin Gloster
070825d443
setcapWrapper: add support for setting permissions 2017-02-17 15:42:54 +01:00
Bjørn Forsman
ce0a52f9bf nixos/security.wrappers: improve documentation 
* The source attribute is mandatory, not optional
* The program attribute is optional
* Move the info about the mandatory attribute first (most important,
  IMHO)
 2017-02-15 20:05:27 +01:00
Bjørn Forsman
f9cb2b5640 nixos/security.wrappers: use literalExample in documentation 
It's much more readable when the example attrset is pretty printed
instead of written as one line.
 2017-02-15 09:08:41 +01:00
Bjørn Forsman
448acd8e5e nixos: remove remaining reference to setuidPrograms 
The option doesn't exist anymore.
 2017-02-15 07:25:33 +01:00
Parnell Springmeyer
1f83f1c878
security-wrapper: Wrap <para> tags in a <note> tag 2017-02-14 21:30:04 -06:00
Parnell Springmeyer
69794e333a
Using para tags for manual formatting 2017-02-14 08:53:30 -06:00
Parnell Springmeyer
794b3721bc
Syntax wibble 2017-02-14 08:42:08 -06:00
Parnell Springmeyer
e856d6efe8
Default should be to set owner and group to root on setcap wrappers too 2017-02-14 08:40:12 -06:00
Parnell Springmeyer
c01689f8da
Fixing ref to old-wrappersDir 2017-02-14 08:33:07 -06:00
Parnell Springmeyer
f8b8c353ff
Simplifying the wrapper program derivation 2017-02-14 08:27:40 -06:00
Parnell Springmeyer
fb6d13c01a
Addressing feedback and fixing a bug 2017-02-14 07:38:45 -06:00
Parnell Springmeyer
ba499e3aa0
Removing unused module option old-wrapperDir 2017-02-14 07:30:21 -06:00
Parnell Springmeyer
a27f35993d
Derp, correctly write the source program's path 2017-02-13 18:28:13 -06:00
Parnell Springmeyer
cca2e11556
Resurrecting the single-wrapper read from sibling .real file behavior 2017-02-13 18:03:06 -06:00
Parnell Springmeyer
128bdac94f
Conditionally logging debug messages based on the WRAPPER_DEBUG env var being set (or not) 2017-01-30 12:59:29 -06:00
Parnell Springmeyer
d8ecd5eb0d
Switching to individually generated derivations 2017-01-30 12:26:56 -06:00
Parnell Springmeyer
264db4e309
Set merge + mkIf always surprises me 2017-01-29 17:10:32 -06:00
Parnell Springmeyer
f2f3f1479e
Derp, wrong path name 2017-01-29 16:54:27 -06:00
Parnell Springmeyer
0f728de67e
More migration cleanup + todos for cleanup 2017-01-29 16:52:23 -06:00
Parnell Springmeyer
4856b42ab6
Gotta provide sane defaults! This is what I get for 5AM coding 2017-01-29 16:47:14 -06:00
Parnell Springmeyer
628e6a83d0
More derp 2017-01-29 05:33:56 -06:00
Parnell Springmeyer
70b8167d4a
A few more tweaks 2017-01-29 05:05:30 -06:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead 2017-01-29 04:11:01 -06:00
Parnell Springmeyer
af3b9a3d46
More wibbles? 2017-01-29 01:41:39 -06:00
Parnell Springmeyer
48564d1ae5
Another wibble 2017-01-29 01:31:33 -06:00
Parnell Springmeyer
5077699605
Derp derp 2017-01-29 01:27:11 -06:00
Parnell Springmeyer
0707a3eaa2
Qualify with lib 2017-01-29 01:23:10 -06:00
Parnell Springmeyer
8e159b9d1e
Qualify mkOption with lib 2017-01-29 01:22:47 -06:00
Parnell Springmeyer
70ec24093c
Removing dead code 2017-01-29 01:22:19 -06:00
Parnell Springmeyer
82de4c0fad
setcap-wrapper: Syntax wibble 2017-01-29 01:20:02 -06:00
Parnell Springmeyer
7680a40a37
setcap-wrapper: Syntax wibble 2017-01-29 01:16:04 -06:00
Parnell Springmeyer
2f113ee90a
setcap-wrapper: Minor refactor 2017-01-29 01:08:36 -06:00
Parnell Springmeyer
3fe7b1a4c9
setcap-wrapper: Addressing more PR feedback, unifying drvs, and cleaning up a bit 2017-01-29 01:07:12 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback 2017-01-28 20:48:03 -08:00