colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

programs: gnome-keyring-daemon: remove the SUID wrapper

Browse Source 
it's not actually mandated. just, when enabled, gkd will `mlock` its
secrets into memory. but i don't use swap anyway. plus, i'll enable that
momentarily anyway (though systemd will probably not understand the
capablity)
This commit is contained in:
Colin 2024-02-23 09:28:39 +00:00
parent 84eae20765
commit b8b805765b
1 changed files with 1 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
hosts/common/programs/gnome-keyring/default.nix
View File

@ -35,18 +35,11 @@ in
after = [ "graphical-session.target" ];
wantedBy = [ "graphical-session.target" ];
serviceConfig = {
ExecStart = "/run/wrappers/bin/gnome-keyring-daemon --start --foreground --components=secrets";
ExecStart = "${cfg.package}/bin/gnome-keyring-daemon --start --foreground --components=secrets";
Type = "simple";
Restart = "always";
RestartSec = "20s";
};
};
};
security.wrappers.gnome-keyring-daemon = lib.mkIf cfg.enabled {
owner = "root";
group = "root";
capabilities = "cap_ipc_lock=ep";
source = "${cfg.package}/bin/gnome-keyring-daemon";
};
}