nordic-dev.net/nixpkgs
nordic-dev.net/nixpkgs
2
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2024-11-23 07:23:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

Derp

Browse Source
This commit is contained in:
Parnell Springmeyer 2017-01-26 01:31:49 -08:00
parent f64b06a3e0
commit ce36b58e21
No known key found for this signature in database
GPG Key ID: DCCF89258EAD874A
3 changed files with 15 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
nixos/modules/security/permissions-wrappers/default.nix
View File

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
let
inherit (config.security) permissionsWrapperDir;
inherit (config.security) run-permissionsWrapperDir permissionsWrapperDir;
isNotNull = v: if v != null then true else false;
@ -132,6 +132,16 @@ in
'';
};
security.run-permissionsWrapperDir = lib.mkOption {
type = lib.types.path;
default = "/run/permissions-wrapper-dirs";
internal = true;
description = ''
This option defines the run path to the permissions
wrappers. It should not be overriden.
'';
};
};
@ -158,8 +168,8 @@ in
# programs to be wrapped.
PERMISSIONS_WRAPPER_PATH=${config.system.path}/bin:${config.system.path}/sbin
mkdir -p /run/permissions-wrapper-dirs
permissionsWrapperDir=$(mktemp --directory --tmpdir=/run/permissions-wrapper-dirs permissions-wrappers.XXXXXXXXXX)
mkdir -p ${run-permissionsWrapperDir}
permissionsWrapperDir=$(mktemp --directory --tmpdir=${run-permissionsWrapperDir} permissions-wrappers.XXXXXXXXXX)
chmod a+rx $permissionsWrapperDir
${lib.concatMapStrings configureSetcapWrapper (builtins.filter isNotNull cfg.setcap)}

2
nixos/modules/security/permissions-wrappers/setcap-wrapper-drv.nix
View File

@ -12,7 +12,7 @@ let
source=/nix/var/nix/profiles/default/bin/${program}
fi
gcc -Wall -O2 -DWRAPPER_SETCAP=1 -DSOURCE_PROG=\"$source\" -DWRAPPER_DIR=\"${config.security.permissionsWrapperDir}\" \
gcc -Wall -O2 -DWRAPPER_SETCAP=1 -DSOURCE_PROG=\"$source\" -DWRAPPER_DIR=\"${cfg.run-permissionsWrapperDir}\" \
-lcap-ng -lcap ${./permissions-wrapper.c} -o $out/bin/${program}.wrapper -L ${pkgs.libcap.lib}/lib -L ${pkgs.libcap_ng}/lib \
-I ${pkgs.libcap.dev}/include -I ${pkgs.libcap_ng}/include -I ${pkgs.linuxHeaders}/include
'';

2
nixos/modules/security/permissions-wrappers/setuid-wrapper-drv.nix
View File

@ -12,7 +12,7 @@ let
source=/nix/var/nix/profiles/default/bin/${program}
fi
gcc -Wall -O2 -DWRAPPER_SETUID=1 -DSOURCE_PROG=\"$source\" -DWRAPPER_DIR=\"${config.security.permissionsWrapperDir}\" \
gcc -Wall -O2 -DWRAPPER_SETUID=1 -DSOURCE_PROG=\"$source\" -DWRAPPER_DIR=\"${cfg.run-permissionsWrapperDir}\" \
-lcap-ng -lcap ${./permissions-wrapper.c} -o $out/bin/${program}.wrapper -L ${pkgs.libcap.lib}/lib -L ${pkgs.libcap_ng}/lib \
-I ${pkgs.libcap.dev}/include -I ${pkgs.libcap_ng}/include -I ${pkgs.linuxHeaders}/include
'';