Merge pull request #133622 from erikarvstedt/fix-recursive-doas

nixos/doas: fix recursive calls to doas

authored by

Artturi and committed by
GitHub
17265bc3 d11ed566

+8 -1
+7
nixos/tests/doas.nix
··· 78 78 'su - test7 -c "SSH_AUTH_SOCK=HOLEY doas env"' 79 79 ): 80 80 raise Exception("failed to exclude SSH_AUTH_SOCK") 81 + 82 + # Test that the doas setuid wrapper precedes the unwrapped version in PATH after 83 + # calling doas. 84 + # The PATH set by doas is defined in 85 + # ../../pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch 86 + with subtest("recursive calls to doas from subprocesses should succeed"): 87 + machine.succeed('doas -u test0 sh -c "doas -u test0 true"') 81 88 ''; 82 89 } 83 90 )
+1 -1
pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch
··· 15 15 main(int argc, char **argv) 16 16 { 17 17 const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:" 18 - + "/run/current-system/sw/bin:/run/current-system/sw/sbin:/run/wrappers/bin:" 18 + + "/run/wrappers/bin:/run/current-system/sw/bin:/run/current-system/sw/sbin:" 19 19 "/usr/local/bin:/usr/local/sbin"; 20 20 const char *confpath = NULL; 21 21 char *shargv[] = { NULL, NULL };