From 45f486f096bb3f3fe030571d2bcfd561f921b0cc Mon Sep 17 00:00:00 2001
From: Robin Gloster <mail@glob.in>
Date: Thu, 23 Mar 2017 13:29:08 +0100
Subject: Revert "security-wrapper: Don't remove the old paths yet as that can
 create migration pain"

This reverts commit 4c751ced376e0042ddd4f2aa8bd40754b9ea8926.

This does not fix the issue as /run is now mounted with nosuid.
---
 nixos/modules/security/wrappers/default.nix | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'nixos/modules/security/wrappers')

diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 0aca39fd6be..65d875c3a37 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -177,6 +177,25 @@ in
           # programs to be wrapped.
           WRAPPER_PATH=${config.system.path}/bin:${config.system.path}/sbin
 
+          # Remove the old /var/setuid-wrappers path from the system...
+          #
+          # TODO: this is only necessary for ugprades 16.09 => 17.x;
+          # this conditional removal block needs to be removed after
+          # the release.
+          if [ -d /var/setuid-wrappers ]; then
+            rm -rf /var/setuid-wrappers
+          fi
+
+          # Remove the old /run/setuid-wrappers-dir path from the
+          # system as well...
+          #
+          # TODO: this is only necessary for ugprades 16.09 => 17.x;
+          # this conditional removal block needs to be removed after
+          # the release.
+          if [ -d /run/setuid-wrapper-dirs ]; then
+            rm -rf /run/setuid-wrapper-dirs
+          fi
+
           # We want to place the tmpdirs for the wrappers to the parent dir.
           wrapperDir=$(mktemp --directory --tmpdir="${parentWrapperDir}" wrappers.XXXXXXXXXX)
           chmod a+rx $wrapperDir
-- 
cgit 1.4.1