Merge pull request #253764 from linj-fork/fix-ping-wrapper

nixos/network-interfaces: stop wrapping ping with cap_net_raw
author: Martin Weinelt <mweinelt@users.noreply.github.com> 2023-10-20 00:57:55 +0200
committer: GitHub <noreply@github.com> 2023-10-20 00:57:55 +0200
commit: d042a296139c6a111be3e3d5dc9ef6783b5e7c16 (patch)
tree: 4ced7f46c1e8fc4b4f6d14208e038c7f1b6f6041 /nixos/modules/tasks
parent: 9f27f8b28ee45597d113498db0ee0d726f2b74a2 (diff)
parent: 759ec1113d0a1d6315b38bd83ec3562dacc08238 (diff)
download: nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.tar
nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.tar.gz
nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.tar.bz2
nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.tar.lz
nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.tar.xz
nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.tar.zst
nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.zip
1 files changed, 0 insertions, 22 deletions
diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix
index cd0de51a6e0..853a2cb3143 100644
--- a/nixos/modules/tasks/network-interfaces.nix
+++ b/nixos/modules/tasks/network-interfaces.nix
@@ -1406,28 +1406,6 @@ in
           val = tempaddrValues.${opt}.sysctl;
          in nameValuePair "net.ipv6.conf.${replaceStrings ["."] ["/"] i.name}.use_tempaddr" val));
 
-    security.wrappers = {
-      ping = {
-        owner = "root";
-        group = "root";
-        capabilities = "cap_net_raw+p";
-        source = "${pkgs.iputils.out}/bin/ping";
-      };
-    };
-    security.apparmor.policies."bin.ping".profile = lib.mkIf config.security.apparmor.policies."bin.ping".enable (lib.mkAfter ''
-      /run/wrappers/bin/ping {
-        include <abstractions/base>
-        include <nixos/security.wrappers/ping>
-        rpx /run/wrappers/wrappers.*/ping,
-      }
-      /run/wrappers/wrappers.*/ping {
-        include <abstractions/base>
-        include <nixos/security.wrappers/ping>
-        capability net_raw,
-        capability setpcap,
-      }
-    '');
-
     # Set the host and domain names in the activation script.  Don't
     # clear it if it's not configured in the NixOS configuration,
     # since it may have been set by dhcpcd in the meantime.
author	Martin Weinelt <mweinelt@users.noreply.github.com>	2023-10-20 00:57:55 +0200
committer	GitHub <noreply@github.com>	2023-10-20 00:57:55 +0200
commit	d042a296139c6a111be3e3d5dc9ef6783b5e7c16 (patch)
tree	4ced7f46c1e8fc4b4f6d14208e038c7f1b6f6041 /nixos/modules/tasks
parent	9f27f8b28ee45597d113498db0ee0d726f2b74a2 (diff)
parent	759ec1113d0a1d6315b38bd83ec3562dacc08238 (diff)
download	nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.tar nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.tar.gz nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.tar.bz2 nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.tar.lz nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.tar.xz nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.tar.zst nixpkgs-d042a296139c6a111be3e3d5dc9ef6783b5e7c16.zip