3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/nixos/modules/security
Domen Kožar 16535d4a71 setuid-wrappers: remove config.system.path from the closure
The motivation is using sudo in chroot nix builds, a somewhat
special edge case I have and pulling system path into chroot
yields to some very nasty bug like
https://github.com/NixOS/nixpkgs/issues/15581

Previously:

$ cat /var/setuid-wrappers/sudo.real
/nix/store/3sm04dzh0994r86xqxy52jjc0lqnkn65-system-path/bin/sudo

After the change:

$ cat /var/setuid-wrappers/sudo.real
/nix/store/4g9sxbzy8maxf1v217ikp69c0c3q12as-sudo-1.8.15/bin/sudo
2016-05-23 13:47:23 +01:00
..
acme.nix acme.nix: Fix unit descriptions 2016-04-18 14:20:49 +02:00
acme.xml nixos/acme: Add module documentation 2015-12-12 16:06:53 +01:00
apparmor-suid.nix apparmor-suid module: fix libcap lib output reference 2016-05-07 21:48:29 +02:00
apparmor.nix nixos: add AppArmor PAM support 2015-07-15 12:40:06 +02:00
audit.nix audit: Disable in containers 2016-01-26 16:25:40 +01:00
ca.nix cacert: fix formatting of example 2016-02-27 22:25:39 +13:00
duosec.nix Fix user-facing typos (mainly in descriptions) 2014-12-30 03:31:03 +01:00
grsecurity.nix grsecurity: add option to disable chroot caps restriction 2016-05-10 16:17:08 +02:00
hidepid.nix nixos: add optional process information hiding 2016-04-10 12:27:06 +02:00
oath.nix config.security.oath: new module 2016-02-25 13:52:45 +00:00
pam.nix nixos/i3lock-color: added to pam 2016-05-15 07:47:31 +02:00
pam_mount.nix pam_mount module: integrate pam_mount into PAM of NixOS 2015-07-04 23:42:31 +02:00
pam_usb.nix Rewrite ‘with pkgs.lib’ -> ‘with lib’ 2014-04-14 16:26:48 +02:00
polkit.nix nixos systemPackages: rework default outputs 2016-01-28 11:24:18 +01:00
prey.nix nixos: fix some types 2015-09-18 18:48:50 +00:00
rngd.nix nixos/rngd: some fixes 2015-01-06 17:27:07 +03:00
rtkit.nix rtkit: Update from 0.10 to 0.11 2014-04-21 23:22:10 +02:00
setuid-wrapper.c setuid-wrapper: Fix broken string comparison 2014-04-19 10:58:30 +02:00
setuid-wrappers.nix setuid-wrappers: remove config.system.path from the closure 2016-05-23 13:47:23 +01:00
sudo.nix sg: add setuid wrapper. (newgrp is a symlink to sg and was already setuid). 2015-03-30 23:50:45 +01:00