summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2017-02-20 01:45:04 +0100
committerGregor Kleen <gkleen@yggdrasil.li>2017-02-20 01:45:04 +0100
commit65924ba6e9a34aac5d5ab51db4cfb43d08825269 (patch)
tree414d4775178c6b56ed5809c26e8215db43a4a855
parentdbb20f11069af3c302de02f122dd3f54535068a4 (diff)
downloadnixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar
nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar.gz
nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar.bz2
nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar.xz
nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.zip
Bump setuid wrappers
-rw-r--r--custom/uucp.nix2
-rw-r--r--hel.nix25
2 files changed, 14 insertions, 13 deletions
diff --git a/custom/uucp.nix b/custom/uucp.nix
index b5e5a0aa..2fbba8f9 100644
--- a/custom/uucp.nix
+++ b/custom/uucp.nix
@@ -208,7 +208,7 @@ in {
208 text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes); 208 text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes);
209 }; 209 };
210 210
211 security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]; 211 security.wrappers = listToAttrs (map (p: {source = "${pkgs.uucp}/bin/${p}"; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]);
212 212
213 nixpkgs.config.packageOverrides = pkgs: with pkgs; { 213 nixpkgs.config.packageOverrides = pkgs: with pkgs; {
214 uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: { 214 uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: {
diff --git a/hel.nix b/hel.nix
index 3eb83309..5d9de1b8 100644
--- a/hel.nix
+++ b/hel.nix
@@ -45,7 +45,6 @@
45 git 45 git
46 slock 46 slock
47 shadow 47 shadow
48 (callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })
49 (callPackage ./utils/nix/rebuild-system.nix {}) 48 (callPackage ./utils/nix/rebuild-system.nix {})
50 rewacom 49 rewacom
51 ]; 50 ];
@@ -350,17 +349,19 @@
350 %wheel ALL=(ALL) NOPASSWD: SYSCTRL 349 %wheel ALL=(ALL) NOPASSWD: SYSCTRL
351 ''; 350 '';
352 351
353 setuidPrograms = ["slock" "mount" "mount.nfs" "umount" "newgrp" "thinklight"]; 352 security.wrappers = { "slock".source = "${pkgs.slock}/bin/slock";
354 353 "mount".source = "${pkgs.utillinux.bin}/bin/mount";
355 setuidOwners = [ { group = "users"; 354 "umount".source = "${pkgs.utillinux.bin}/bin/umount";
356 owner = "gkleen"; 355 "newgrp".source = "${pkgs.shadow}/bin/newgrp";
357 permissions = "u+rx,g+x,o+x"; 356 "thinklight".source =
358 program = "notify-gkleen"; 357 "${(callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight";
359 setgid = true; 358 "notify-gkleen" = {
360 setuid = true; 359 group = "users";
361 source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen''; 360 owner = "gkleen";
362 } 361 setgid = true;
363 ]; 362 setuid = true;
363 source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen'';
364 };
364 365
365 polkit = { 366 polkit = {
366 enable = true; 367 enable = true;