diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-03-01 20:10:46 +0000 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2012-03-01 20:10:46 +0000 |
commit | a6f410f1448404928f46e2bd8d1b8b42460494bb (patch) | |
tree | ebc19b1c06f7f370d56857d3064e06fcd8f3b8e6 /modules/security | |
parent | 58c6231a2089d8190509a762ca5e12c831c22c56 (diff) | |
download | nixpkgs-a6f410f1448404928f46e2bd8d1b8b42460494bb.tar nixpkgs-a6f410f1448404928f46e2bd8d1b8b42460494bb.tar.gz nixpkgs-a6f410f1448404928f46e2bd8d1b8b42460494bb.tar.bz2 nixpkgs-a6f410f1448404928f46e2bd8d1b8b42460494bb.tar.lz nixpkgs-a6f410f1448404928f46e2bd8d1b8b42460494bb.tar.xz nixpkgs-a6f410f1448404928f46e2bd8d1b8b42460494bb.tar.zst nixpkgs-a6f410f1448404928f46e2bd8d1b8b42460494bb.zip |
* Obsolete security.extraSetuidPrograms.
svn path=/nixos/trunk/; revision=32723
Diffstat (limited to 'modules/security')
-rw-r--r-- | modules/security/setuid-wrappers.nix | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/modules/security/setuid-wrappers.nix b/modules/security/setuid-wrappers.nix index ebd9e1ed537..a81376517eb 100644 --- a/modules/security/setuid-wrappers.nix +++ b/modules/security/setuid-wrappers.nix @@ -27,17 +27,11 @@ in security.setuidPrograms = mkOption { default = []; description = '' - Only the programs from system path listed here will be made - setuid root (through a wrapper program). - ''; - }; - - security.extraSetuidPrograms = mkOption { - default = []; - example = ["fusermount"]; - description = '' - This option lists additional programs that must be made setuid - root. Obsolete, use setuidPrograms instead. + The Nix store cannot contain setuid/setgid programs directly. + For this reason, NixOS can automatically generate wrapper + programs that have the necessary privileges. This option + lists the names of programs in the system environment for + which setuid root wrappers should be created. ''; }; @@ -62,8 +56,9 @@ in default = "/var/setuid-wrappers"; description = '' This option defines the path to the setuid wrappers. It - should generally not be overriden. Some packages in nixpkgs rely on - wrapperDir == /var/setuid-wrappers + should generally not be overriden. Some packages in Nixpkgs + expect that <option>wrapperDir</option> is + <filename>/var/setuid-wrappers</filename>. ''; }; @@ -81,8 +76,7 @@ in let setuidPrograms = (map (x: { program = x; owner = "root"; group = "root"; setuid = true; }) - (config.security.setuidPrograms ++ - config.security.extraSetuidPrograms)) + config.security.setuidPrograms) ++ config.security.setuidOwners; makeSetuidWrapper = |