pyrox.dev
Merge pull request #133622 from erikarvstedt/fix-recursive-doas
nixos/doas: fix recursive calls to doas
+7
nixos/tests/doas.nix
+7
nixos/tests/doas.nix
···
78
78
'su - test7 -c "SSH_AUTH_SOCK=HOLEY doas env"'
79
79
):
80
80
raise Exception("failed to exclude SSH_AUTH_SOCK")
81
+
82
+
# Test that the doas setuid wrapper precedes the unwrapped version in PATH after
83
+
# calling doas.
84
+
# The PATH set by doas is defined in
85
+
# ../../pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch
86
+
with subtest("recursive calls to doas from subprocesses should succeed"):
87
+
machine.succeed('doas -u test0 sh -c "doas -u test0 true"')
81
88
'';
82
89
}
83
90
)
+1
-1
pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch
+1
-1
pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch
···
15
15
main(int argc, char **argv)
16
16
{
17
17
const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:"
18
-
+ "/run/current-system/sw/bin:/run/current-system/sw/sbin:/run/wrappers/bin:"
18
+
+ "/run/wrappers/bin:/run/current-system/sw/bin:/run/current-system/sw/sbin:"
19
19
"/usr/local/bin:/usr/local/sbin";
20
20
const char *confpath = NULL;
21
21
char *shargv[] = { NULL, NULL };