polyunfill: distribute /run/wrappers/bin/unix_chkpwd without suid bit
This commit is contained in:
parent
9ce7dcd57a
commit
9d9211c5fa
|
@ -15,6 +15,11 @@
|
|||
};
|
||||
|
||||
config = {
|
||||
# from: <repo:nixos/nixpkgs:nixos/modules/security/pam.nix>
|
||||
# removing this from /run/wrappers altogether is possible, but would require a full rebuild of pam
|
||||
# (effectively a rebuild of the world) because it hardcodes that path
|
||||
security.wrappers.unix_chkpwd.setuid = lib.mkForce false;
|
||||
|
||||
# disable non-required packages like nano, perl, rsync, strace
|
||||
environment.defaultPackages = [];
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user