programs: gnome-keyring-daemon: remove the SUID wrapper
it's not actually mandated. just, when enabled, gkd will `mlock` its secrets into memory. but i don't use swap anyway. plus, i'll enable that momentarily anyway (though systemd will probably not understand the capablity)
This commit is contained in:
@@ -35,18 +35,11 @@ in
|
|||||||
after = [ "graphical-session.target" ];
|
after = [ "graphical-session.target" ];
|
||||||
wantedBy = [ "graphical-session.target" ];
|
wantedBy = [ "graphical-session.target" ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
ExecStart = "/run/wrappers/bin/gnome-keyring-daemon --start --foreground --components=secrets";
|
ExecStart = "${cfg.package}/bin/gnome-keyring-daemon --start --foreground --components=secrets";
|
||||||
Type = "simple";
|
Type = "simple";
|
||||||
Restart = "always";
|
Restart = "always";
|
||||||
RestartSec = "20s";
|
RestartSec = "20s";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
security.wrappers.gnome-keyring-daemon = lib.mkIf cfg.enabled {
|
|
||||||
owner = "root";
|
|
||||||
group = "root";
|
|
||||||
capabilities = "cap_ipc_lock=ep";
|
|
||||||
source = "${cfg.package}/bin/gnome-keyring-daemon";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user