From 9b2faeb38e6f4f33f69d356a000cd5aef02a89c9 Mon Sep 17 00:00:00 2001
From: Rémy Grünblatt <remy@grunblatt.org>
Date: Tue, 16 Nov 2021 13:54:34 +0100
Subject: wpa_supplicant: prevent writing non-writable configuration

---
 nixos/modules/services/networking/supplicant.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'nixos/modules/services/networking/supplicant.nix')

diff --git a/nixos/modules/services/networking/supplicant.nix b/nixos/modules/services/networking/supplicant.nix
index eb24130e519..8df450a11c6 100644
--- a/nixos/modules/services/networking/supplicant.nix
+++ b/nixos/modules/services/networking/supplicant.nix
@@ -43,7 +43,7 @@ let
         path = [ pkgs.coreutils ];
 
         preStart = ''
-          ${optionalString (suppl.configFile.path!=null) ''
+          ${optionalString (suppl.configFile.path!=null && suppl.configFile.writable) ''
             (umask 077 && touch -a "${suppl.configFile.path}")
           ''}
           ${optionalString suppl.userControlled.enable ''
-- 
cgit 1.4.1