programs: gnome-keyring-daemon: remove the SUID wrapper
it's not actually mandated. just, when enabled, gkd will `mlock` its secrets into memory. but i don't use swap anyway. plus, i'll enable that momentarily anyway (though systemd will probably not understand the capablity)
This commit is contained in:
parent
84eae20765
commit
b8b805765b
|
@ -35,18 +35,11 @@ in
|
|||
after = [ "graphical-session.target" ];
|
||||
wantedBy = [ "graphical-session.target" ];
|
||||
serviceConfig = {
|
||||
ExecStart = "/run/wrappers/bin/gnome-keyring-daemon --start --foreground --components=secrets";
|
||||
ExecStart = "${cfg.package}/bin/gnome-keyring-daemon --start --foreground --components=secrets";
|
||||
Type = "simple";
|
||||
Restart = "always";
|
||||
RestartSec = "20s";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.wrappers.gnome-keyring-daemon = lib.mkIf cfg.enabled {
|
||||
owner = "root";
|
||||
group = "root";
|
||||
capabilities = "cap_ipc_lock=ep";
|
||||
source = "${cfg.package}/bin/gnome-keyring-daemon";
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user