Hi!
It seems that I found a nice way to fool packages about suid wrappers.
The problem: some packages hardcode paths to their $out/libexec/* suid
helpers.
My solution:
In post-install:
mv $out/libexec/helper $out/libexec/.helper.orig
echo "exec /var/setuid-wrappers/helper" > $out/libexec/helper
chmod +x $out/libexec/helper
Probably, we should use something like "if [[ -x /var/setuid-wrappers/helper
]]; then exec it, else exec .helper.orig".
In NixOS module:
setuidOwners = [ { source = "${package}/libexec/.helper.orig; program =
"helper"; ... } ];
Any comments?
_______________________________________________
nix-dev mailing list
nix-dev@cs.uu.nl
https://mail.cs.uu.nl/mailman/listinfo/nix-dev
