Tuomas Tynkkynen
1ac0e05f69
nixos/setuid-wrappers: Build with normal mkDerivation phases
...
This way the binary gets stripped & rpath-shrinked etc. as usual.
We'd seem to get a runtime reference to gcc otherwise.
2015-10-03 14:08:55 +02:00
Eelco Dolstra
bb9ee6a13f
Remove some setuid wrappers for non-standard programs
2014-09-05 14:46:36 +02:00
Eelco Dolstra
cd7129a037
Revert "nixos: add setuid wrappers for some networked filesystems' helpers"
...
This reverts commit 26a4001a98
. It
breaks the NFS test:
http://hydra.nixos.org/build/13943148
Also, having more setuid programs is a bad thing security-wise.
2014-09-05 14:43:11 +02:00
Jan Malakhovski
26a4001a98
nixos: add setuid wrappers for some networked filesystems' helpers
...
So that `user` mount option would work allowing normal users to mount
and umount stuff marked with it in `fileSystems.<name>.options`.
2014-09-01 10:33:48 +04:00
Eelco Dolstra
785ed2b528
Don't silently ignore errors from the activation script
2014-08-15 02:14:34 +02:00
Eelco Dolstra
9f1c9404da
Put /var/setuid-wrappers on a tmpfs
...
This allows all other filesystems to be mounted without the suid
option.
2014-04-19 12:40:09 +02:00
Eelco Dolstra
b80e6b27c7
setuid-wrapper: Drop runtime dependency on setuid-wrapper.c
2014-04-19 10:53:17 +02:00
Eelco Dolstra
29027fd1e1
Rewrite ‘with pkgs.lib’ -> ‘with lib’
...
Using pkgs.lib on the spine of module evaluation is problematic
because the pkgs argument depends on the result of module
evaluation. To prevent an infinite recursion, pkgs and some of the
modules are evaluated twice, which is inefficient. Using ‘with lib’
prevents this problem.
2014-04-14 16:26:48 +02:00
Bjørn Forsman
6fa1ad04da
nixos: extend documentation example for security.setuidOwners
...
Show that it is possible to set custom permission bits.
2014-04-13 12:31:08 +02:00
Eelco Dolstra
408b8b5725
Add lots of missing option types
2013-10-30 18:47:43 +01:00
Eelco Dolstra
5c1f8cbc70
Move all of NixOS to nixos/ in preparation of the repository merge
2013-10-10 13:28:20 +02:00