polyunfill: remove fusermount suid wrapper

2024-05-28 04:56:14 +00:00 · 2024-05-28 04:56:14 +00:00 · b571f70988
commit b571f70988
parent e6498ad152
1 changed files with 3 additions and 0 deletions
--- a/hosts/common/polyunfill.nix
+++ b/hosts/common/polyunfill.nix
@ -17,6 +17,9 @@ in
  # remove a few items from /run/wrappers we don't need.
  options.security.wrappers = lib.mkOption {
    apply = lib.filterAttrs (name: _: !(builtins.elem name [
+      # from <repo:nixos/nixpkgs:nixos/modules/security/wrappers/default.nix>
+      "fusermount"  #< only needed if you want to mount entries declared in /etc/fstab or mtab as unprivileged user
+      "fusermount3"
      # from <repo:nixos/nixpkgs:nixos/modules/programs/shadow.nix>
      "newgidmap"
      "newgrp"