tv
ea44ca47f3
security-wrapper: run activation script after specialfs
...
Ensures that parentWrapperDir exists before it is used.
Closes #26851
2017-06-26 09:26:16 +02:00
Parnell Springmeyer
5ca644c228
Fixing attribute name mistake: setguid => setgid
2017-06-15 19:25:43 -07:00
Robin Gloster
e82baf043e
security-wrapper: link old wrapper dir to new one
...
This makes setuid wrappers not fail after upgrading.
references #23641 , #22914 , #19862 , #16654
2017-03-23 15:57:30 +01:00
Robin Gloster
45f486f096
Revert "security-wrapper: Don't remove the old paths yet as that can create migration pain"
...
This reverts commit 4c751ced37
.
This does not fix the issue as /run is now mounted with nosuid.
2017-03-23 15:57:23 +01:00
Parnell Springmeyer
4c751ced37
security-wrapper: Don't remove the old paths yet as that can create migration pain
2017-03-08 08:57:52 -06:00
Nikolay Amiantov
2cc4703a2d
wrappers service: make /run/wrappers a mountpoint
...
Also remove some compatibility code because the directory in question would be
shadowed by a mountpoint anyway.
2017-02-21 12:13:35 +03:00
Robin Gloster
070825d443
setcapWrapper: add support for setting permissions
2017-02-17 15:42:54 +01:00
Bjørn Forsman
ce0a52f9bf
nixos/security.wrappers: improve documentation
...
* The source attribute is mandatory, not optional
* The program attribute is optional
* Move the info about the mandatory attribute first (most important,
IMHO)
2017-02-15 20:05:27 +01:00
Bjørn Forsman
f9cb2b5640
nixos/security.wrappers: use literalExample in documentation
...
It's much more readable when the example attrset is pretty printed
instead of written as one line.
2017-02-15 09:08:41 +01:00
Bjørn Forsman
448acd8e5e
nixos: remove remaining reference to setuidPrograms
...
The option doesn't exist anymore.
2017-02-15 07:25:33 +01:00
Parnell Springmeyer
1f83f1c878
security-wrapper: Wrap <para> tags in a <note> tag
2017-02-14 21:30:04 -06:00
Parnell Springmeyer
69794e333a
Using para tags for manual formatting
2017-02-14 08:53:30 -06:00
Parnell Springmeyer
794b3721bc
Syntax wibble
2017-02-14 08:42:08 -06:00
Parnell Springmeyer
e856d6efe8
Default should be to set owner and group to root on setcap wrappers too
2017-02-14 08:40:12 -06:00
Parnell Springmeyer
c01689f8da
Fixing ref to old-wrappersDir
2017-02-14 08:33:07 -06:00
Parnell Springmeyer
f8b8c353ff
Simplifying the wrapper program derivation
2017-02-14 08:27:40 -06:00
Parnell Springmeyer
fb6d13c01a
Addressing feedback and fixing a bug
2017-02-14 07:38:45 -06:00
Parnell Springmeyer
ba499e3aa0
Removing unused module option old-wrapperDir
2017-02-14 07:30:21 -06:00
Parnell Springmeyer
a27f35993d
Derp, correctly write the source program's path
2017-02-13 18:28:13 -06:00
Parnell Springmeyer
cca2e11556
Resurrecting the single-wrapper read from sibling .real file behavior
2017-02-13 18:03:06 -06:00
Parnell Springmeyer
128bdac94f
Conditionally logging debug messages based on the WRAPPER_DEBUG env var being set (or not)
2017-01-30 12:59:29 -06:00
Parnell Springmeyer
d8ecd5eb0d
Switching to individually generated derivations
2017-01-30 12:26:56 -06:00
Parnell Springmeyer
264db4e309
Set merge + mkIf always surprises me
2017-01-29 17:10:32 -06:00
Parnell Springmeyer
f2f3f1479e
Derp, wrong path name
2017-01-29 16:54:27 -06:00
Parnell Springmeyer
0f728de67e
More migration cleanup + todos for cleanup
2017-01-29 16:52:23 -06:00
Parnell Springmeyer
4856b42ab6
Gotta provide sane defaults! This is what I get for 5AM coding
2017-01-29 16:47:14 -06:00
Parnell Springmeyer
628e6a83d0
More derp
2017-01-29 05:33:56 -06:00
Parnell Springmeyer
70b8167d4a
A few more tweaks
2017-01-29 05:05:30 -06:00
Parnell Springmeyer
4aa0923009
Getting rid of the var indirection and using a bin path instead
2017-01-29 04:11:01 -06:00
Parnell Springmeyer
af3b9a3d46
More wibbles?
2017-01-29 01:41:39 -06:00
Parnell Springmeyer
48564d1ae5
Another wibble
2017-01-29 01:31:33 -06:00
Parnell Springmeyer
5077699605
Derp derp
2017-01-29 01:27:11 -06:00
Parnell Springmeyer
0707a3eaa2
Qualify with lib
2017-01-29 01:23:10 -06:00
Parnell Springmeyer
8e159b9d1e
Qualify mkOption with lib
2017-01-29 01:22:47 -06:00
Parnell Springmeyer
70ec24093c
Removing dead code
2017-01-29 01:22:19 -06:00
Parnell Springmeyer
82de4c0fad
setcap-wrapper: Syntax wibble
2017-01-29 01:20:02 -06:00
Parnell Springmeyer
7680a40a37
setcap-wrapper: Syntax wibble
2017-01-29 01:16:04 -06:00
Parnell Springmeyer
2f113ee90a
setcap-wrapper: Minor refactor
2017-01-29 01:08:36 -06:00
Parnell Springmeyer
3fe7b1a4c9
setcap-wrapper: Addressing more PR feedback, unifying drvs, and cleaning up a bit
2017-01-29 01:07:12 -06:00
Parnell Springmeyer
e92b8402b0
Addressing PR feedback
2017-01-28 20:48:03 -08:00