pyrox.dev
setuid-wrappers : Prepare permissions for running wrappers
The new setuid-wrappers in /run cannot be executed by users due to:
1) the temporary directory does not allow access
2) the /run is mounted nosuid
authored by Karn Kallio and committed by Joachim Fasting 8d977ead d3ee483b
+1
nixos/modules/security/setuid-wrappers.nix
+1
nixos/modules/security/setuid-wrappers.nix
+1
-1
nixos/modules/tasks/filesystems.nix
+1
-1
nixos/modules/tasks/filesystems.nix
···
287
boot.specialFileSystems = {
288
"/proc" = { fsType = "proc"; options = [ "nosuid" "noexec" "nodev" ]; };
289
"/sys" = { fsType = "sysfs"; options = [ "nosuid" "noexec" "nodev" ]; };
290
-
"/run" = { fsType = "tmpfs"; options = [ "nosuid" "nodev" "strictatime" "mode=755" "size=${config.boot.runSize}" ]; };
291
"/dev" = { fsType = "devtmpfs"; options = [ "nosuid" "strictatime" "mode=755" "size=${config.boot.devSize}" ]; };
292
"/dev/shm" = { fsType = "tmpfs"; options = [ "nosuid" "nodev" "strictatime" "mode=1777" "size=${config.boot.devShmSize}" ]; };
293
"/dev/pts" = { fsType = "devpts"; options = [ "nosuid" "noexec" "mode=620" "gid=${toString config.ids.gids.tty}" ]; };
···
287
boot.specialFileSystems = {
288
"/proc" = { fsType = "proc"; options = [ "nosuid" "noexec" "nodev" ]; };
289
"/sys" = { fsType = "sysfs"; options = [ "nosuid" "noexec" "nodev" ]; };
290
+
"/run" = { fsType = "tmpfs"; options = [ "nodev" "strictatime" "mode=755" "size=${config.boot.runSize}" ]; };
291
"/dev" = { fsType = "devtmpfs"; options = [ "nosuid" "strictatime" "mode=755" "size=${config.boot.devSize}" ]; };
292
"/dev/shm" = { fsType = "tmpfs"; options = [ "nosuid" "nodev" "strictatime" "mode=1777" "size=${config.boot.devShmSize}" ]; };
293
"/dev/pts" = { fsType = "devpts"; options = [ "nosuid" "noexec" "mode=620" "gid=${toString config.ids.gids.tty}" ]; };