diff options
author | Gregor Kleen <gkleen@yggdrasil.li> | 2017-02-20 01:45:04 +0100 |
---|---|---|
committer | Gregor Kleen <gkleen@yggdrasil.li> | 2017-02-20 01:45:04 +0100 |
commit | 65924ba6e9a34aac5d5ab51db4cfb43d08825269 (patch) | |
tree | 414d4775178c6b56ed5809c26e8215db43a4a855 | |
parent | dbb20f11069af3c302de02f122dd3f54535068a4 (diff) | |
download | nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar.gz nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar.bz2 nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.tar.xz nixos-65924ba6e9a34aac5d5ab51db4cfb43d08825269.zip |
Bump setuid wrappers
-rw-r--r-- | custom/uucp.nix | 2 | ||||
-rw-r--r-- | hel.nix | 25 |
2 files changed, 14 insertions, 13 deletions
diff --git a/custom/uucp.nix b/custom/uucp.nix index b5e5a0aa..2fbba8f9 100644 --- a/custom/uucp.nix +++ b/custom/uucp.nix | |||
@@ -208,7 +208,7 @@ in { | |||
208 | text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes); | 208 | text = config.services.uucp.extraSys + "\n" + concatStringsSep "\n" (map sysSpec config.services.uucp.remoteNodes); |
209 | }; | 209 | }; |
210 | 210 | ||
211 | security.setuidOwners = map (p: {program = p; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]; | 211 | security.wrappers = listToAttrs (map (p: {source = "${pkgs.uucp}/bin/${p}"; owner = "root"; group = "root"; setuid = true; setgid = false;}) ["uucico" "uuxqt" "cu" "uucp" "uuname" "uustat" "uux"]); |
212 | 212 | ||
213 | nixpkgs.config.packageOverrides = pkgs: with pkgs; { | 213 | nixpkgs.config.packageOverrides = pkgs: with pkgs; { |
214 | uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: { | 214 | uucp = stdenv.lib.overrideDerivation uucp (oldAttrs: { |
@@ -45,7 +45,6 @@ | |||
45 | git | 45 | git |
46 | slock | 46 | slock |
47 | shadow | 47 | shadow |
48 | (callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; }) | ||
49 | (callPackage ./utils/nix/rebuild-system.nix {}) | 48 | (callPackage ./utils/nix/rebuild-system.nix {}) |
50 | rewacom | 49 | rewacom |
51 | ]; | 50 | ]; |
@@ -350,17 +349,19 @@ | |||
350 | %wheel ALL=(ALL) NOPASSWD: SYSCTRL | 349 | %wheel ALL=(ALL) NOPASSWD: SYSCTRL |
351 | ''; | 350 | ''; |
352 | 351 | ||
353 | setuidPrograms = ["slock" "mount" "mount.nfs" "umount" "newgrp" "thinklight"]; | 352 | security.wrappers = { "slock".source = "${pkgs.slock}/bin/slock"; |
354 | 353 | "mount".source = "${pkgs.utillinux.bin}/bin/mount"; | |
355 | setuidOwners = [ { group = "users"; | 354 | "umount".source = "${pkgs.utillinux.bin}/bin/umount"; |
356 | owner = "gkleen"; | 355 | "newgrp".source = "${pkgs.shadow}/bin/newgrp"; |
357 | permissions = "u+rx,g+x,o+x"; | 356 | "thinklight".source = |
358 | program = "notify-gkleen"; | 357 | "${(callPackage ./custom/thinklight.nix { thinklight = "kbd_backlight"; })}/bin/thinklight"; |
359 | setgid = true; | 358 | "notify-gkleen" = { |
360 | setuid = true; | 359 | group = "users"; |
361 | source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen''; | 360 | owner = "gkleen"; |
362 | } | 361 | setgid = true; |
363 | ]; | 362 | setuid = true; |
363 | source = ''${pkgs.callPackage ./custom/notify-user.nix { inherit (pkgs.haskellPackages) ghcWithPackages; }}/bin/notify-gkleen''; | ||
364 | }; | ||
364 | 365 | ||
365 | polkit = { | 366 | polkit = { |
366 | enable = true; | 367 | enable = true; |