Add known setuid programs to the path' variable passed to activate-configuration'.

This is really a hack since programs not known to `system.nix' will not be in the path of `activate-configuration', which consequently creates empty `.real' files under `/var/setuid-wrappers'. I don't know what the best way to address this is: let admins write `.real' files by hand? Add a `setuidPackages' attribute, listing the names of packages that contain the binaries listed in `setuidPrograms'? svn path=/nixos/trunk/; revision=11153
2025-02-04 11:15:12 +00:00 · 2008-03-17 10:31:40 +00:00 · 2008-03-17 10:31:40 +00:00 · 6354623143
commit 6354623143
parent 5568ef6e8d
1 changed files with 14 additions and 5 deletions
--- a/system/system.nix
+++ b/system/system.nix
@ -284,7 +284,7 @@ rec {
  # The script that activates the configuration, i.e., it sets up
  # /etc, accounts, etc.  It doesn't do anything that can only be done
  # at boot time (such as start `init').
-  activateConfiguration = pkgs.substituteAll {
+  activateConfiguration = pkgs.substituteAll rec {
    src = ./activate-configuration.sh;
    isExecutable = true;

@ -298,10 +298,19 @@ rec {
    inherit (usersGroups) createUsersGroups usersList groupsList;

    path = [
-      pkgs.coreutils pkgs.gnugrep pkgs.findutils
-      pkgs.glibc # needed for getent
-      pkgs.pwdutils
-    ];
+        pkgs.coreutils pkgs.gnugrep pkgs.findutils
+        pkgs.glibc # needed for getent
+        pkgs.pwdutils
+      ]
+
+      # XXX: Hack to recognize common setuid programs.
+      ++ pkgs.lib.optional (pkgs.lib.any (x: x == "xlock") setuidPrograms)
+                           pkgs.xlockmore
+      ++ pkgs.lib.optional (pkgs.lib.any (x: x == "xscreensaver")
+                                         setuidPrograms)
+                           pkgs.xscreensaver
+      ++ pkgs.lib.optional (pkgs.lib.any (x: x == "xlaunch") setuidPrograms)
+                           pkgs.xlaunch;

    bash = pkgs.bashInteractive;
  };