diff options
author | Maximilian Bosch <maximilian@mbosch.me> | 2018-10-10 01:20:42 +0200 |
---|---|---|
committer | Maximilian Bosch <maximilian@mbosch.me> | 2018-10-10 11:11:34 +0200 |
commit | 018573b7579b4212d7001bf6f0e9b31e1bdadb14 (patch) | |
tree | 0b8174228a67bf4da14a962fbb6f8e68ad13ffcd /nixos/modules/services/misc/weechat.nix | |
parent | fc847785d89255fb34c32fb28212a66044f655f3 (diff) | |
download | nixpkgs-018573b7579b4212d7001bf6f0e9b31e1bdadb14.tar nixpkgs-018573b7579b4212d7001bf6f0e9b31e1bdadb14.tar.gz nixpkgs-018573b7579b4212d7001bf6f0e9b31e1bdadb14.tar.bz2 nixpkgs-018573b7579b4212d7001bf6f0e9b31e1bdadb14.tar.lz nixpkgs-018573b7579b4212d7001bf6f0e9b31e1bdadb14.tar.xz nixpkgs-018573b7579b4212d7001bf6f0e9b31e1bdadb14.tar.zst nixpkgs-018573b7579b4212d7001bf6f0e9b31e1bdadb14.zip |
nixos/weechat: add setuid wrapper for `screen' to ensure true multiuser capabilities
Previously you either had to set the setuid bit yourself or workaround `isSystemUser = true` (for a loginable shell) to access the weechat screen. `programs.screen` shouldn't do this by default to avoid taking too much assumptions about the setup, however `services.weechat` explicitly requires tihs. See #45728
Diffstat (limited to 'nixos/modules/services/misc/weechat.nix')
-rw-r--r-- | nixos/modules/services/misc/weechat.nix | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/nixos/modules/services/misc/weechat.nix b/nixos/modules/services/misc/weechat.nix index 1fcfb440485..c6ff540ea12 100644 --- a/nixos/modules/services/misc/weechat.nix +++ b/nixos/modules/services/misc/weechat.nix @@ -46,10 +46,12 @@ in Group = "weechat"; RemainAfterExit = "yes"; }; - script = "exec ${pkgs.screen}/bin/screen -Dm -S ${cfg.sessionName} ${cfg.binary}"; + script = "exec ${config.security.wrapperDir}/screen -Dm -S ${cfg.sessionName} ${cfg.binary}"; wantedBy = [ "multi-user.target" ]; wants = [ "network.target" ]; }; + + security.wrappers.screen.source = "${pkgs.screen}/bin/screen"; }; meta.doc = ./weechat.xml; |