Hi Jon,
Unless I am terribly mistaken, setuid wrappers are only needed for
executables in the nix store because the nix store fordids to set the
suid bit.
For your executable, just set the suid bit and... VoilĂ :-).
-- Layus.
On 16/03/17 17:41, Jon Parris wrote:
Hi All,
NixOS noob here. I have two questions relating to setuid.
First how do I create a wrapper for program (named buildenv) which is
outside of nixpkgs? Here are the constraits for buildenv.
* This is a internal tool - so I can't add it to the public nixpkgs.
* This tool is written in C, it calls clone and chroot.
Second buildenv is called with the wrong userid.
The buildenv tool stores the uid from getuid, chroots, then restores the userid.
What I see - buildenv is called with uid lroot.
$ whoami
parrisj
$ buildenv 3.3.1
$ whoami
lroot
Expected Behavior
$ buildenv 3.3.1
$ whoami
parrisj
How I kludged setuidwrapper to discover this.
1) Add a entry for buildenv in security.setuidPrograms in
/etc/nixos/configuration.nix
2) nixos-rebuild switch
3) Overwrite /var/setuidwrappers/buildenv.real with the corrrect path.
Thanks, Jon
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
___
nix-dev mailing list
nix-dev@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-dev
