mirror of
https://github.com/NixOS/nixpkgs.git
synced 2024-12-01 03:12:51 +00:00
759ec1113d
From systemd 243 release note[1]:
This release enables unprivileged programs (i.e. requiring neither
setuid nor file capabilities) to send ICMP Echo (i.e. ping) requests
by turning on the "net.ipv4.ping_group_range" sysctl of the Linux
kernel for the whole UNIX group range, i.e. all processes.
So this wrapper is not needed any more.
See also [2] and [3].
This patch also removes:
- apparmor profiles in NixOS for ping itself and the wrapped one
- other references for the wrapped ping
[1]: 8e2d9d40b3/NEWS (L6457-L6464)
[2]: https://github.com/systemd/systemd/pull/13141
[3]: https://fedoraproject.org/wiki/Changes/EnableSysctlPingGroupRange
6 lines
140 B
Nix
6 lines
140 B
Nix
{ config, lib, pkgs, ... }:
|
|
let apparmor = config.security.apparmor; in
|
|
{
|
|
config.security.apparmor.packages = [ pkgs.apparmor-profiles ];
|
|
}
|