Revert "security-wrapper: Don't remove the old paths yet as that can create migration pain"

This reverts commit 4c751ced376e0042ddd4f2aa8bd40754b9ea8926.

This does not fix the issue as /run is now mounted with nosuid.

1 files changed, 19 insertions, 0 deletions

diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 0aca39fd6be..65d875c3a37 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -177,6 +177,25 @@ in
           # programs to be wrapped.
           WRAPPER_PATH=${config.system.path}/bin:${config.system.path}/sbin
 
+          # Remove the old /var/setuid-wrappers path from the system...
+          #
+          # TODO: this is only necessary for ugprades 16.09 => 17.x;
+          # this conditional removal block needs to be removed after
+          # the release.
+          if [ -d /var/setuid-wrappers ]; then
+            rm -rf /var/setuid-wrappers
+          fi
+
+          # Remove the old /run/setuid-wrappers-dir path from the
+          # system as well...
+          #
+          # TODO: this is only necessary for ugprades 16.09 => 17.x;
+          # this conditional removal block needs to be removed after
+          # the release.
+          if [ -d /run/setuid-wrapper-dirs ]; then
+            rm -rf /run/setuid-wrapper-dirs
+          fi
+
           # We want to place the tmpdirs for the wrappers to the parent dir.
           wrapperDir=$(mktemp --directory --tmpdir="${parentWrapperDir}" wrappers.XXXXXXXXXX)
           chmod a+rx $wrapperDir