Hi! It seems that I found a nice way to fool packages about suid wrappers.
The problem: some packages hardcode paths to their $out/libexec/* suid helpers. My solution: In post-install: mv $out/libexec/helper $out/libexec/.helper.orig echo "exec /var/setuid-wrappers/helper" > $out/libexec/helper chmod +x $out/libexec/helper Probably, we should use something like "if [[ -x /var/setuid-wrappers/helper ]]; then exec it, else exec .helper.orig". In NixOS module: setuidOwners = [ { source = "${package}/libexec/.helper.orig; program = "helper"; ... } ]; Any comments? _______________________________________________ nix-dev mailing list nix-dev@cs.uu.nl https://mail.cs.uu.nl/mailman/listinfo/nix-dev