setcapWrapper: add support for setting permissions

pyrox.dev / nixpkgs

fork atom

lol

fork atom

Robin Gloster 9 years ago 070825d4 47ded427

+2 -1

1 changed file

expand all

unified split

nixos

modules

security

wrappers

default.nix

+2 -1

nixos/modules/security/wrappers/default.nix

··· 28 , source 29 , owner ? "nobody" 30 , group ? "nogroup" 31 , ... 32 }: 33 assert (lib.versionAtLeast (lib.getVersion config.boot.kernelPackages.kernel) "4.3"); ··· 45 ${pkgs.libcap.out}/bin/setcap "cap_setpcap,${capabilities}" $wrapperDir/${program} 46 47 # Set the executable bit 48 - chmod u+rx,g+x,o+x $wrapperDir/${program} 49 ''; 50 51 ###### Activation script for the setuid wrappers

··· 28 , source 29 , owner ? "nobody" 30 , group ? "nogroup" 31 + , permissions ? "u+rx,g+x,o+x" 32 , ... 33 }: 34 assert (lib.versionAtLeast (lib.getVersion config.boot.kernelPackages.kernel) "4.3"); ··· 46 ${pkgs.libcap.out}/bin/setcap "cap_setpcap,${capabilities}" $wrapperDir/${program} 47 48 # Set the executable bit 49 + chmod ${permissions} $wrapperDir/${program} 50 ''; 51 52 ###### Activation script for the setuid wrappers