diff options
| author | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-28 20:48:03 -0800 |
|---|---|---|
| committer | Parnell Springmeyer <parnell@digitalmentat.com> | 2017-01-28 20:48:03 -0800 |
| commit | e92b8402b05f34072a20075ed54660e7a7237cc3 (patch) | |
| tree | 554ae0ff77ff4192a895bab155e5e7116c80f28d /nixos/modules/tasks/network-interfaces.nix | |
| parent | 9de070e620544f9637b20966eec62cbff42988d8 (diff) | |
| download | nixpkgs-e92b8402b05f34072a20075ed54660e7a7237cc3.tar nixpkgs-e92b8402b05f34072a20075ed54660e7a7237cc3.tar.gz nixpkgs-e92b8402b05f34072a20075ed54660e7a7237cc3.tar.bz2 nixpkgs-e92b8402b05f34072a20075ed54660e7a7237cc3.tar.lz nixpkgs-e92b8402b05f34072a20075ed54660e7a7237cc3.tar.xz nixpkgs-e92b8402b05f34072a20075ed54660e7a7237cc3.tar.zst nixpkgs-e92b8402b05f34072a20075ed54660e7a7237cc3.zip | |
Addressing PR feedback
Diffstat (limited to 'nixos/modules/tasks/network-interfaces.nix')
| -rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 47 |
1 files changed, 16 insertions, 31 deletions
diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 61519c6a3ce..1afcddd915f 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -898,38 +898,23 @@ in # Capabilities won't work unless we have at-least a 4.3 Linux # kernel because we need the ambient capability - security.permissionsWrappers.setcap = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") ( - [ - { program = "ping"; - source = "${pkgs.iputils.out}/bin/ping"; - capabilities = "cap_net_raw+p"; - } + security.wrappers = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") { + ping = { + source = "${pkgs.iputils.out}/bin/ping"; + capabilities = "cap_net_raw+p"; + }; - { program = "ping6"; - source = "${pkgs.iputils.out}/bin/ping6"; - capabilities = "cap_net_raw+p"; - } - ] - ); - - # If our linux kernel IS older than 4.3, let's setuid ping and ping6 - security.permissionsWrappers.setuid = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") ( - [ - { program = "ping"; - source = "${pkgs.iputils.out}/bin/ping"; - owner = "root"; - group = "root"; - setuid = true; - } - - { program = "ping6"; - source = "${pkgs.iputils.out}/bin/ping6"; - owner = "root"; - group = "root"; - setuid = true; - } - ] - ); + ping6 = { + source = "${pkgs.iputils.out}/bin/ping6"; + capabilities = "cap_net_raw+p"; + }; + }; + + # If the linux kernel IS older than 4.3, create setuid wrappers + # for ping and ping6 + security.setuidPrograms = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") [ + "ping" "ping6" + ]; # Set the host and domain names in the activation script. Don't # clear it if it's not configured in the NixOS configuration, |