colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

nixos: add implict security.wrappers options

Browse Source 
This is to keep the same permissions/setuid/setgid as before the change
in security.wrappers defaults.
This commit is contained in:
rnhmjoj 2021-06-10 01:47:55 +02:00
parent 41a498578e
commit 8f76a6eefc
No known key found for this signature in database
GPG Key ID: BFBAF4C975F76450
9 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
nixos/modules/programs/ccache.nix
View File

@ -28,7 +28,9 @@ in {
# "nix-ccache --show-stats" and "nix-ccache --clear"
security.wrappers.nix-ccache = {
owner = "nobody";
group = "nixbld";
setuid = false;
setgid = true;
source = pkgs.writeScript "nix-ccache.pl" ''
#!${pkgs.perl}/bin/perl

2
nixos/modules/programs/msmtp.nix
View File

@ -78,6 +78,8 @@ in {
source = "${pkgs.msmtp}/bin/sendmail";
setuid = false;
setgid = false;
owner = "root";
group = "root";
};
environment.etc."msmtprc".text = let

2
nixos/modules/programs/ssmtp.nix
View File

@ -181,6 +181,8 @@ in
source = "${pkgs.ssmtp}/bin/sendmail";
setuid = false;
setgid = false;
owner = "root";
group = "root";
};
};

1
nixos/modules/security/pam.nix
View File

@ -871,6 +871,7 @@ in
unix_chkpwd = {
source = "${pkgs.pam}/sbin/unix_chkpwd.orig";
owner = "root";
group = "nogroup";
setuid = true;
};
};

5
nixos/modules/services/mail/opensmtpd.nix
View File

@ -103,12 +103,15 @@ in {
};
security.wrappers.smtpctl = {
owner = "nobody";
group = "smtpq";
setuid = false;
setgid = true;
source = "${cfg.package}/bin/smtpctl";
};
services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail security.wrappers.smtpctl;
services.mail.sendmailSetuidWrapper = mkIf cfg.setSendmail
security.wrappers.smtpctl // { program = "sendmail"; };
systemd.tmpfiles.rules = [
"d /var/spool/smtpd 711 root - - -"

4
nixos/modules/services/mail/postfix.nix
View File

@ -673,6 +673,7 @@ in
services.mail.sendmailSetuidWrapper = mkIf config.services.postfix.setSendmail {
program = "sendmail";
source = "${pkgs.postfix}/bin/sendmail";
owner = "nobody";
group = setgidGroup;
setuid = false;
setgid = true;
@ -681,6 +682,7 @@ in
security.wrappers.mailq = {
program = "mailq";
source = "${pkgs.postfix}/bin/mailq";
owner = "nobody";
group = setgidGroup;
setuid = false;
setgid = true;
@ -689,6 +691,7 @@ in
security.wrappers.postqueue = {
program = "postqueue";
source = "${pkgs.postfix}/bin/postqueue";
owner = "nobody";
group = setgidGroup;
setuid = false;
setgid = true;
@ -697,6 +700,7 @@ in
security.wrappers.postdrop = {
program = "postdrop";
source = "${pkgs.postfix}/bin/postdrop";
owner = "nobody";
group = setgidGroup;
setuid = false;
setgid = true;

2
nixos/modules/services/networking/x2goserver.nix
View File

@ -88,12 +88,14 @@ in {
source = "${pkgs.x2goserver}/lib/x2go/libx2go-server-db-sqlite3-wrapper.pl";
owner = "x2go";
group = "x2go";
setuid = false;
setgid = true;
};
security.wrappers.x2goprintWrapper = {
source = "${pkgs.x2goserver}/bin/x2goprint";
owner = "x2go";
group = "x2go";
setuid = false;
setgid = true;
};

2
nixos/modules/services/scheduling/fcron.nix
View File

@ -136,9 +136,11 @@ in
owner = "fcron";
group = "fcron";
setgid = true;
setuid = false;
};
fcronsighup = {
source = "${pkgs.fcron}/bin/fcronsighup";
owner = "root";
group = "fcron";
};
};

5
nixos/modules/services/x11/desktop-managers/cde.nix
View File

@ -49,9 +49,10 @@ in {
users.groups.mail = {};
security.wrappers = {
dtmail = {
source = "${pkgs.cdesktopenv}/bin/dtmail";
group = "mail";
setgid = true;
owner = "nobody";
group = "mail";
source = "${pkgs.cdesktopenv}/bin/dtmail";
};
};