Branch: refs/heads/master
Home: https://github.com/NixOS/nixpkgs
Commit: a927709a35cee56f878f0f57a932e1a6e2ebe23b
https://github.com/NixOS/nixpkgs/commit/a927709a35cee56f878f0f57a932e1a6e2ebe23b
Author: Rickard Nilsson <[email protected]>
Date: 2016-07-14 (Thu, 14 Jul 2016)
Changed paths:
M pkgs/tools/networking/openssh/default.nix
Log Message:
-----------
openssh: Use the default privilege separation dir (/var/empty)
If running NixOS inside a container where the host's root-owned files
and directories have been mapped to some other uid (like nobody), the
ssh daemon fails to start, producing this error message:
fatal: /nix/store/...-openssh-7.2p2/empty must be owned by root and not group
or world-writable.
The reason for this is that when openssh is built, we explicitly set
`--with-privsep-path=$out/empty`. This commit removes that flag which
causes the default directory /var/empty to be used instead. Since NixOS'
activation script correctly sets up that directory, the ssh daemon now
also works within containers that have a non-root-owned nix store.
Commit: 6149dc36bd776bc6aca9db84c73c65164d6a0918
https://github.com/NixOS/nixpkgs/commit/6149dc36bd776bc6aca9db84c73c65164d6a0918
Author: Eelco Dolstra <[email protected]>
Date: 2016-07-15 (Fri, 15 Jul 2016)
Changed paths:
M pkgs/tools/networking/openssh/default.nix
Log Message:
-----------
Merge pull request #16966 from rickynils/openssh_privsep_dir
openssh: Use the default privilege separation dir (/var/empty)
Compare: https://github.com/NixOS/nixpkgs/compare/bed2a14afaf7...6149dc36bd77_______________________________________________
nix-commits mailing list
[email protected]
http://lists.science.uu.nl/mailman/listinfo/nix-commits
