pyrox.dev / nixpkgs
lol
fork atom

Merge pull request #190944 from nh2/ecryptfs-security-wrapper

Add `programs.ecryptfs` for mount wrappers

authored by

Niklas Hambüchen and committed by
GitHub 4a7f8469 b74282e0

+32
unified split
+1
nixos/modules/module-list.nix
··· 163 ./programs/direnv.nix 164 ./programs/dmrconfig.nix 165 ./programs/droidcam.nix 166 ./programs/environment.nix 167 ./programs/evince.nix 168 ./programs/extra-container.nix
··· 163 ./programs/direnv.nix 164 ./programs/dmrconfig.nix 165 ./programs/droidcam.nix 166 + ./programs/ecryptfs.nix 167 ./programs/environment.nix 168 ./programs/evince.nix 169 ./programs/extra-container.nix
+31
nixos/modules/programs/ecryptfs.nix
···
··· 1 + { config, lib, pkgs, ... }: 2 + 3 + with lib; 4 + 5 + let 6 + cfg = config.programs.ecryptfs; 7 + 8 + in { 9 + options.programs.ecryptfs = { 10 + enable = mkEnableOption (lib.mdDoc "ecryptfs setuid mount wrappers"); 11 + }; 12 + 13 + config = mkIf cfg.enable { 14 + security.wrappers = { 15 + 16 + "mount.ecryptfs_private" = { 17 + setuid = true; 18 + owner = "root"; 19 + group = "root"; 20 + source = "${lib.getBin pkgs.ecryptfs}/bin/mount.ecryptfs_private"; 21 + }; 22 + "umount.ecryptfs_private" = { 23 + setuid = true; 24 + owner = "root"; 25 + group = "root"; 26 + source = "${lib.getBin pkgs.ecryptfs}/bin/umount.ecryptfs_private"; 27 + }; 28 + 29 + }; 30 + }; 31 + }