pyrox.dev
lol
setcapWrapper: add support for setting permissions
+2
-1
nixos/modules/security/wrappers/default.nix
+2
-1
nixos/modules/security/wrappers/default.nix
···
28
28
, source
29
29
, owner ? "nobody"
30
30
, group ? "nogroup"
31
+
, permissions ? "u+rx,g+x,o+x"
31
32
, ...
32
33
}:
33
34
assert (lib.versionAtLeast (lib.getVersion config.boot.kernelPackages.kernel) "4.3");
···
45
46
${pkgs.libcap.out}/bin/setcap "cap_setpcap,${capabilities}" $wrapperDir/${program}
46
47
47
48
# Set the executable bit
48
-
chmod u+rx,g+x,o+x $wrapperDir/${program}
49
+
chmod ${permissions} $wrapperDir/${program}
49
50
'';
50
51
51
52
###### Activation script for the setuid wrappers