3
0
Fork 0
forked from mirrors/nixpkgs
nixpkgs/pkgs/tools/networking/openssh
Rickard Nilsson 4f8f1c30cb openssh: Use the default privilege separation dir (/var/empty)
(This is a rewritten version of the reverted commit
a927709a35, that disables the creation of
/var/empty during build so that sandboxed builds also works. For more
context, see https://github.com/NixOS/nixpkgs/pull/16966)

If running NixOS inside a container where the host's root-owned files
and directories have been mapped to some other uid (like nobody), the
ssh daemon fails to start, producing this error message:

fatal: /nix/store/...-openssh-7.2p2/empty must be owned by root and not group or world-writable.

The reason for this is that when openssh is built, we explicitly set
`--with-privsep-path=$out/empty`. This commit removes that flag which
causes the default directory /var/empty to be used instead. Since NixOS'
activation script correctly sets up that directory, the ssh daemon now
also works within containers that have a non-root-owned nix store.
2016-07-16 10:15:58 +02:00
..
CVE-2015-8325.patch openssh: fix CVE-2015-8325 2016-04-15 23:45:10 -04:00
default.nix openssh: Use the default privilege separation dir (/var/empty) 2016-07-16 10:15:58 +02:00
dont_create_privsep_path.patch openssh: Use the default privilege separation dir (/var/empty) 2016-07-16 10:15:58 +02:00
fix-host-key-algorithms-plus.patch ssh: Fix support for ssh-dss host keys 2016-04-01 15:54:52 +02:00
locale_archive.patch