From a8cb2afa981099889cf47185be33f4a831ff482b Mon Sep 17 00:00:00 2001 From: Parnell Springmeyer Date: Sun, 29 Jan 2017 01:58:12 -0600 Subject: [PATCH] Fixing a bunch of issues --- nixos/modules/services/mail/mail.nix | 2 +- nixos/modules/services/networking/gale.nix | 2 +- nixos/modules/services/scheduling/atd.nix | 4 +--- nixos/modules/services/scheduling/cron.nix | 2 +- nixos/modules/services/system/dbus.nix | 17 ++++++++--------- .../services/x11/desktop-managers/kde4.nix | 8 +------- .../services/x11/desktop-managers/kde5.nix | 18 ++++-------------- .../modules/virtualisation/virtualbox-host.nix | 5 ++--- 8 files changed, 19 insertions(+), 39 deletions(-) diff --git a/nixos/modules/services/mail/mail.nix b/nixos/modules/services/mail/mail.nix index aef02eddbe1c..cfe1b5496a45 100644 --- a/nixos/modules/services/mail/mail.nix +++ b/nixos/modules/services/mail/mail.nix @@ -26,7 +26,7 @@ with lib; config = mkIf (config.services.mail.sendmailSetuidWrapper != null) { - security.wrappers.setuid = [ config.services.mail.sendmailSetuidWrapper ]; + security.wrappers.sendmail = config.services.mail.sendmailSetuidWrapper; }; diff --git a/nixos/modules/services/networking/gale.nix b/nixos/modules/services/networking/gale.nix index f4c75c17290f..fd83f9e3c1b7 100644 --- a/nixos/modules/services/networking/gale.nix +++ b/nixos/modules/services/networking/gale.nix @@ -141,7 +141,7 @@ in setgid = false; }; - security.wrappers.setuid = [ cfg.setuidWrapper ]; + security.wrappers.gksign = cfg.setuidWrapper; systemd.services.gale-galed = { description = "Gale messaging daemon"; diff --git a/nixos/modules/services/scheduling/atd.nix b/nixos/modules/services/scheduling/atd.nix index 316ab847b343..7b4937b5c673 100644 --- a/nixos/modules/services/scheduling/atd.nix +++ b/nixos/modules/services/scheduling/atd.nix @@ -42,9 +42,7 @@ in config = mkIf cfg.enable { - security.wrappers.setuid = map (program: { - inherit program; - + security.wrappers.setuid = map (program: "${program}" = { source = "${pkgs.atd}/bin/${program}"; owner = "atd"; group = "atd"; diff --git a/nixos/modules/services/scheduling/cron.nix b/nixos/modules/services/scheduling/cron.nix index 26ce3c98d67c..7bd1e4818048 100644 --- a/nixos/modules/services/scheduling/cron.nix +++ b/nixos/modules/services/scheduling/cron.nix @@ -61,7 +61,7 @@ in A list of Cron jobs to be appended to the system-wide crontab. See the manual page for crontab for the expected format. If you want to get the results mailed you must setuid - sendmail. See + sendmail. See If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root will is allowed to have its own crontab file. The /var/cron/cron.deny file diff --git a/nixos/modules/services/system/dbus.nix b/nixos/modules/services/system/dbus.nix index 47fc4426af08..f787c02540d3 100644 --- a/nixos/modules/services/system/dbus.nix +++ b/nixos/modules/services/system/dbus.nix @@ -114,15 +114,14 @@ in systemd.packages = [ pkgs.dbus.daemon ]; - security.wrappers.setuid = singleton - { program = "dbus-daemon-launch-helper"; - source = "${pkgs.dbus.daemon}/libexec/dbus-daemon-launch-helper"; - owner = "root"; - group = "messagebus"; - setuid = true; - setgid = false; - permissions = "u+rx,g+rx,o-rx"; - }; + security.wrappers.dbus-daemon-launch-helper = { + source = "${pkgs.dbus.daemon}/libexec/dbus-daemon-launch-helper"; + owner = "root"; + group = "messagebus"; + setuid = true; + setgid = false; + permissions = "u+rx,g+rx,o-rx"; + }; services.dbus.packages = [ pkgs.dbus.out diff --git a/nixos/modules/services/x11/desktop-managers/kde4.nix b/nixos/modules/services/x11/desktop-managers/kde4.nix index d21a1f28dca3..25ae75592c9d 100644 --- a/nixos/modules/services/x11/desktop-managers/kde4.nix +++ b/nixos/modules/services/x11/desktop-managers/kde4.nix @@ -131,13 +131,7 @@ in ''; }; - security.wrappers.setuid = singleton - { program = "kcheckpass"; - source = "${kde_workspace}/lib/kde4/libexec/kcheckpass"; - owner = "root"; - group = "root"; - setuid = true; - }; + security.wrappers.kcheckpass.source = "${kde_workspace}/lib/kde4/libexec/kcheckpass"; environment.systemPackages = [ pkgs.kde4.kdelibs diff --git a/nixos/modules/services/x11/desktop-managers/kde5.nix b/nixos/modules/services/x11/desktop-managers/kde5.nix index a4124aaefa9a..00fdfedbc7bb 100644 --- a/nixos/modules/services/x11/desktop-managers/kde5.nix +++ b/nixos/modules/services/x11/desktop-managers/kde5.nix @@ -68,20 +68,10 @@ in ''; }; - security.wrappers.setuid = [ - { - program = "kcheckpass"; - source = "${kde5.plasma-workspace.out}/lib/libexec/kcheckpass"; - owner = "root"; - setuid = true; - } - { - program = "start_kdeinit"; - source = "${kde5.kinit.out}/lib/libexec/kf5/start_kdeinit"; - owner = "root"; - setuid = true; - } - ]; + security.wrappers = { + kcheckpass.source = "${kde5.plasma-workspace.out}/lib/libexec/kcheckpass"; + "start_kdeinit".source = "${kde5.kinit.out}/lib/libexec/kf5/start_kdeinit"; + }; environment.systemPackages = [ diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix index 405a630dfa78..70ee44680ab8 100644 --- a/nixos/modules/virtualisation/virtualbox-host.nix +++ b/nixos/modules/virtualisation/virtualbox-host.nix @@ -68,9 +68,8 @@ in boot.extraModulePackages = [ kernelModules ]; environment.systemPackages = [ virtualbox ]; - security.wrappers.setuid = let - mkSuid = program: { - inherit program; + security.wrappers = let + mkSuid = program: "${program}" = { source = "${virtualbox}/libexec/virtualbox/${program}"; owner = "root"; group = "vboxusers";