1 files changed, 0 insertions, 191 deletions
diff --git a/nixos/modules/security/permissions-wrappers/default.nix b/nixos/modules/security/permissions-wrappers/default.nix
deleted file mode 100644
index 480bd371040..00000000000
--- a/nixos/modules/security/permissions-wrappers/default.nix
+++ /dev/null
@@ -1,191 +0,0 @@
-{ config, lib, pkgs, ... }:
-let
-
-  inherit (config.security) run-permissionsWrapperDir permissionsWrapperDir;
-
-  isNotNull = v: if v != null then true else false;
-
-  cfg = config.security.permissionsWrappers;
-
-  setcapWrappers = import ./setcap-wrapper-drv.nix {
-    inherit config lib pkgs;
-  };
-
-  setuidWrappers = import ./setuid-wrapper-drv.nix {
-    inherit config lib pkgs;
-  };
-
-  ###### Activation script for the setcap wrappers
-  configureSetcapWrapper =
-    { program
-    , capabilities
-    , source ? null
-    , owner  ? "nobody"
-    , group  ? "nogroup"
-    }: ''
-      cp ${setcapWrappers}/bin/${program}.wrapper $permissionsWrapperDir/${program}
-
-      # Prevent races
-      chmod 0000 $permissionsWrapperDir/${program}
-      chown ${owner}.${group} $permissionsWrapperDir/${program}
-
-      # Set desired capabilities on the file plus cap_setpcap so
-      # the wrapper program can elevate the capabilities set on
-      # its file into the Ambient set.
-      #
-      # Only set the capabilities though if we're being told to
-      # do so.
-      ${pkgs.libcap.out}/bin/setcap "cap_setpcap,${capabilities}" $permissionsWrapperDir/${program}
-
-      # Set the executable bit
-      chmod u+rx,g+x,o+x $permissionsWrapperDir/${program}
-    '';
-
-  ###### Activation script for the setuid wrappers
-  configureSetuidWrapper =
-    { program
-    , source ? null
-    , owner  ? "nobody"
-    , group  ? "nogroup"
-    , setuid ? false
-    , setgid ? false
-    , permissions ? "u+rx,g+x,o+x"
-    }: ''
-      cp ${setuidWrappers}/bin/${program}.wrapper $permissionsWrapperDir/${program}
-
-      # Prevent races
-      chmod 0000 $permissionsWrapperDir/${program}
-      chown ${owner}.${group} $permissionsWrapperDir/${program}
-
-      chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" $permissionsWrapperDir/${program}
-    '';
-in
-{
-
-  ###### interface
-
-  options = {
-    security.permissionsWrappers.setcap = lib.mkOption {
-      type    = lib.types.listOf lib.types.attrs;
-      default = [];
-      example =
-        [ { program = "ping";
-            source  = "${pkgs.iputils.out}/bin/ping";
-            owner   = "nobody";
-            group   = "nogroup";
-            capabilities = "cap_net_raw+ep";
-          }
-        ];
-      description = ''
-        This option sets capabilities on a wrapper program that
-        propagates those capabilities down to the wrapped, real
-        program.
-
-        The `program` attribute is the name of the program to be
-        wrapped. If no `source` attribute is provided, specifying the
-        absolute path to the program, then the program will be
-        searched for in the path environment variable.
-
-        NOTE: cap_setpcap, which is required for the wrapper program
-        to be able to raise caps into the Ambient set is NOT raised to
-        the Ambient set so that the real program cannot modify its own
-        capabilities!! This may be too restrictive for cases in which
-        the real program needs cap_setpcap but it at least leans on
-        the side security paranoid vs. too relaxed.
-      '';
-    };
-
-    security.permissionsWrappers.setuid = lib.mkOption {
-      type = lib.types.listOf lib.types.attrs;
-      default = [];
-      example =
-        [ { program = "sendmail";
-            source = "/nix/store/.../bin/sendmail";
-            owner = "nobody";
-            group = "postdrop";
-            setuid = false;
-            setgid = true;
-            permissions = "u+rx,g+x,o+x";
-          }
-        ];
-      description = ''
-        This option allows the ownership and permissions on the setuid
-        wrappers for specific programs to be overridden from the
-        default (setuid root, but not setgid root).
-      '';
-    };
-
-    security.permissionsWrapperDir = lib.mkOption {
-      type        = lib.types.path;
-      default     = "/var/permissions-wrappers";
-      internal    = true;
-      description = ''
-        This option defines the path to the permissions wrappers. It
-        should not be overriden.
-      '';
-    };
-
-    security.run-permissionsWrapperDir = lib.mkOption {
-      type        = lib.types.path;
-      default     = "/run/permissions-wrapper-dirs";
-      internal    = true;
-      description = ''
-        This option defines the run path to the permissions
-        wrappers. It should not be overriden.
-      '';
-    };
-
-  };
-
-
-  ###### implementation
-  
-  config = {
-
-    # Make sure our setcap-wrapper dir exports to the PATH env
-    # variable when initializing the shell
-    environment.extraInit = ''
-    # The permissions wrappers override other bin directories.
-    export PATH="${permissionsWrapperDir}:$PATH"
-    '';
-
-    system.activationScripts.wrapper-dir = ''
-      mkdir -p "${permissionsWrapperDir}"
-    '';
-
-    ###### setcap activation script
-    system.activationScripts.permissions-wrappers =
-      lib.stringAfter [ "users" ]
-        ''
-          # Look in the system path and in the default profile for
-          # programs to be wrapped.
-          PERMISSIONS_WRAPPER_PATH=${config.system.path}/bin:${config.system.path}/sbin
-
-          mkdir -p ${run-permissionsWrapperDir}
-          permissionsWrapperDir=$(mktemp --directory --tmpdir=${run-permissionsWrapperDir} permissions-wrappers.XXXXXXXXXX)
-          chmod a+rx $permissionsWrapperDir
-
-          ${lib.concatMapStrings configureSetcapWrapper (builtins.filter isNotNull cfg.setcap)}
-          ${lib.concatMapStrings configureSetuidWrapper (builtins.filter isNotNull cfg.setuid)}
-
-          if [ -L ${permissionsWrapperDir} ]; then
-            # Atomically replace the symlink
-            # See https://axialcorps.com/2013/07/03/atomically-replacing-files-and-directories/
-            old=$(readlink ${permissionsWrapperDir})
-            ln --symbolic --force --no-dereference $permissionsWrapperDir ${permissionsWrapperDir}-tmp
-            mv --no-target-directory ${permissionsWrapperDir}-tmp ${permissionsWrapperDir}
-            rm --force --recursive $old
-          elif [ -d ${permissionsWrapperDir} ]; then
-            # Compatibility with old state, just remove the folder and symlink
-            rm -f ${permissionsWrapperDir}/*
-            # if it happens to be a tmpfs
-            ${pkgs.utillinux}/bin/umount ${permissionsWrapperDir} || true
-            rm -d ${permissionsWrapperDir}
-            ln -d --symbolic $permissionsWrapperDir ${permissionsWrapperDir}
-          else
-            # For initial setup
-            ln --symbolic $permissionsWrapperDir ${permissionsWrapperDir}
-          fi
-        '';
-  };
-}