[Nix-commits] SVN commit: nix - r32723 - in nixos/trunk/modules: . security

Thu, 01 Mar 2012 12:10:53 -0800 

Author: eelco
Date: Thu Mar  1 20:10:46 2012
New Revision: 32723
URL: https://nixos.org/websvn/nix/?rev=32723&sc=1

Log:
* Obsolete security.extraSetuidPrograms.

Modified:
   nixos/trunk/modules/rename.nix
   nixos/trunk/modules/security/setuid-wrappers.nix

Modified: nixos/trunk/modules/rename.nix
==============================================================================
--- nixos/trunk/modules/rename.nix      Thu Mar  1 20:10:08 2012        (r32722)
+++ nixos/trunk/modules/rename.nix      Thu Mar  1 20:10:46 2012        (r32723)
@@ -67,6 +67,8 @@
 # ++ rename alias "services.xserver.slim.theme" 
"services.xserver.displayManager.slim.theme"
 ++ rename obsolete "environment.extraPackages" "environment.systemPackages"
 
+++ rename obsolete "security.extraSetuidPrograms" "security.setuidPrograms"
+
 # Old Grub-related options.
 ++ rename obsolete "boot.copyKernels" "boot.loader.grub.copyKernels"
 ++ rename obsolete "boot.extraGrubEntries" "boot.loader.grub.extraEntries"

Modified: nixos/trunk/modules/security/setuid-wrappers.nix
==============================================================================
--- nixos/trunk/modules/security/setuid-wrappers.nix    Thu Mar  1 20:10:08 
2012        (r32722)
+++ nixos/trunk/modules/security/setuid-wrappers.nix    Thu Mar  1 20:10:46 
2012        (r32723)
@@ -27,17 +27,11 @@
     security.setuidPrograms = mkOption {
       default = [];
       description = ''
-        Only the programs from system path listed here will be made
-        setuid root (through a wrapper program).
-      '';
-    };
-
-    security.extraSetuidPrograms = mkOption {
-      default = [];
-      example = ["fusermount"];
-      description = ''
-        This option lists additional programs that must be made setuid
-        root. Obsolete, use setuidPrograms instead.
+        The Nix store cannot contain setuid/setgid programs directly.
+        For this reason, NixOS can automatically generate wrapper
+        programs that have the necessary privileges.  This option
+        lists the names of programs in the system environment for
+        which setuid root wrappers should be created.
       '';
     };
 
@@ -62,8 +56,9 @@
       default = "/var/setuid-wrappers";
       description = ''
         This option defines the path to the setuid wrappers.  It
-        should generally not be overriden. Some packages in nixpkgs rely on
-        wrapperDir == /var/setuid-wrappers
+        should generally not be overriden. Some packages in Nixpkgs
+        expect that <option>wrapperDir</option> is
+        <filename>/var/setuid-wrappers</filename>.
       '';
     };
 
@@ -81,8 +76,7 @@
       let
         setuidPrograms =
           (map (x: { program = x; owner = "root"; group = "root"; setuid = 
true; })
-            (config.security.setuidPrograms ++
-             config.security.extraSetuidPrograms))
+            config.security.setuidPrograms)
           ++ config.security.setuidOwners;
 
         makeSetuidWrapper =
_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits

Reply via email to