upstart

Mathijs Kwik Sun, 04 Mar 2012 04:58:16 -0800

Author: mkwik
Date: Sun Mar  4 12:58:06 2012
New Revision: 32762
URL: https://nixos.org/websvn/nix/?rev=32762&sc=1


Log:
upstart: options for setuid and setgid
as jobs running as different users cannot create their logfile, I moved that to 
an activationScript

Modified:
   nixos/trunk/modules/system/upstart/upstart.nix

Modified: nixos/trunk/modules/system/upstart/upstart.nix
==============================================================================
--- nixos/trunk/modules/system/upstart/upstart.nix      Sun Mar  4 12:28:50 
2012        (r32761)
+++ nixos/trunk/modules/system/upstart/upstart.nix      Sun Mar  4 12:58:06 
2012        (r32762)
@@ -6,6 +6,11 @@
 
   upstart = pkgs.upstart;
 
+  userExists = u:
+    (u == "") || any (uu: uu.name == u) (attrValues config.users.extraUsers);
+
+  groupExists = g:
+    (g == "") || any (gg: gg.name == g) (attrValues config.users.extraGroups);
 
   # From a job description, generate an Upstart job file.
   makeJob = job:
@@ -95,6 +100,14 @@
              throw "invalid daemon type `${job.daemonType}'"
           )}
 
+          ${optionalString (job.setuid != "") ''
+            setuid ${job.setuid}
+          ''}
+
+          ${optionalString (job.setgid != "") ''
+            setuid ${job.setgid}
+          ''}
+
           ${job.extraConfig}
         '';
 
@@ -255,6 +268,24 @@
       '';
     };
 
+    setuid = mkOption {
+      type = types.string;
+      check = userExists;
+      default = "";
+      description = ''
+        Run the daemon as a different user.
+      '';
+    };
+
+    setgid = mkOption {
+      type = types.string;
+      check = groupExists;
+      default = "";
+      description = ''
+        Run the daemon as a different group.
+      '';
+    };
+
     extraConfig = mkOption {
       type = types.string;
       default = "";
@@ -368,6 +399,13 @@
     # do status queries.
     services.dbus.packages = [ upstart ];
 
+    system.activationScripts.chownJobLogs = stringAfter ["var"] 
+    (concatMapStrings (job: ''
+      touch /var/log/upstart/${job.name}
+      ${optionalString (job.setuid != "") "chown ${job.setuid} 
/var/log/upstart/${job.name}"}
+      ${optionalString (job.setgid != "") "chown :${job.setgid} 
/var/log/upstart/${job.name}"}
+    '') (attrValues config.jobs));
+
   };
 
 }
_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] SVN commit: nix - r32762 - nixos/trunk/modules/system/upstart

Reply via email to