polyunfill: distribute /run/wrappers/bin/unix_chkpwd without suid bit
This commit is contained in:
parent
9ce7dcd57a
commit
9d9211c5fa
|
@ -15,6 +15,11 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
# from: <repo:nixos/nixpkgs:nixos/modules/security/pam.nix>
|
||||||
|
# removing this from /run/wrappers altogether is possible, but would require a full rebuild of pam
|
||||||
|
# (effectively a rebuild of the world) because it hardcodes that path
|
||||||
|
security.wrappers.unix_chkpwd.setuid = lib.mkForce false;
|
||||||
|
|
||||||
# disable non-required packages like nano, perl, rsync, strace
|
# disable non-required packages like nano, perl, rsync, strace
|
||||||
environment.defaultPackages = [];
|
environment.defaultPackages = [];
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user