Fixing a bunch of issues

+19 -39
+1 -1
nixos/modules/services/mail/mail.nix
··· 26 26 27 27 config = mkIf (config.services.mail.sendmailSetuidWrapper != null) { 28 28 29 - security.wrappers.setuid = [ config.services.mail.sendmailSetuidWrapper ]; 29 + security.wrappers.sendmail = config.services.mail.sendmailSetuidWrapper; 30 30 31 31 }; 32 32
+1 -1
nixos/modules/services/networking/gale.nix
··· 141 141 setgid = false; 142 142 }; 143 143 144 - security.wrappers.setuid = [ cfg.setuidWrapper ]; 144 + security.wrappers.gksign = cfg.setuidWrapper; 145 145 146 146 systemd.services.gale-galed = { 147 147 description = "Gale messaging daemon";
+1 -3
nixos/modules/services/scheduling/atd.nix
··· 42 42 43 43 config = mkIf cfg.enable { 44 44 45 - security.wrappers.setuid = map (program: { 46 - inherit program; 47 - 45 + security.wrappers.setuid = map (program: "${program}" = { 48 46 source = "${pkgs.atd}/bin/${program}"; 49 47 owner = "atd"; 50 48 group = "atd";
+1 -1
nixos/modules/services/scheduling/cron.nix
··· 61 61 A list of Cron jobs to be appended to the system-wide 62 62 crontab. See the manual page for crontab for the expected 63 63 format. If you want to get the results mailed you must setuid 64 - sendmail. See <option>security.wrappers.setuid</option> 64 + sendmail. See <option>security.wrappers</option> 65 65 66 66 If neither /var/cron/cron.deny nor /var/cron/cron.allow exist only root 67 67 will is allowed to have its own crontab file. The /var/cron/cron.deny file
+8 -9
nixos/modules/services/system/dbus.nix
··· 114 114 115 115 systemd.packages = [ pkgs.dbus.daemon ]; 116 116 117 - security.wrappers.setuid = singleton 118 - { program = "dbus-daemon-launch-helper"; 119 - source = "${pkgs.dbus.daemon}/libexec/dbus-daemon-launch-helper"; 120 - owner = "root"; 121 - group = "messagebus"; 122 - setuid = true; 123 - setgid = false; 124 - permissions = "u+rx,g+rx,o-rx"; 125 - }; 117 + security.wrappers.dbus-daemon-launch-helper = { 118 + source = "${pkgs.dbus.daemon}/libexec/dbus-daemon-launch-helper"; 119 + owner = "root"; 120 + group = "messagebus"; 121 + setuid = true; 122 + setgid = false; 123 + permissions = "u+rx,g+rx,o-rx"; 124 + }; 126 125 127 126 services.dbus.packages = [ 128 127 pkgs.dbus.out
+1 -7
nixos/modules/services/x11/desktop-managers/kde4.nix
··· 131 131 ''; 132 132 }; 133 133 134 - security.wrappers.setuid = singleton 135 - { program = "kcheckpass"; 136 - source = "${kde_workspace}/lib/kde4/libexec/kcheckpass"; 137 - owner = "root"; 138 - group = "root"; 139 - setuid = true; 140 - }; 134 + security.wrappers.kcheckpass.source = "${kde_workspace}/lib/kde4/libexec/kcheckpass"; 141 135 142 136 environment.systemPackages = 143 137 [ pkgs.kde4.kdelibs
+4 -14
nixos/modules/services/x11/desktop-managers/kde5.nix
··· 68 68 ''; 69 69 }; 70 70 71 - security.wrappers.setuid = [ 72 - { 73 - program = "kcheckpass"; 74 - source = "${kde5.plasma-workspace.out}/lib/libexec/kcheckpass"; 75 - owner = "root"; 76 - setuid = true; 77 - } 78 - { 79 - program = "start_kdeinit"; 80 - source = "${kde5.kinit.out}/lib/libexec/kf5/start_kdeinit"; 81 - owner = "root"; 82 - setuid = true; 83 - } 84 - ]; 71 + security.wrappers = { 72 + kcheckpass.source = "${kde5.plasma-workspace.out}/lib/libexec/kcheckpass"; 73 + "start_kdeinit".source = "${kde5.kinit.out}/lib/libexec/kf5/start_kdeinit"; 74 + }; 85 75 86 76 environment.systemPackages = 87 77 [
+2 -3
nixos/modules/virtualisation/virtualbox-host.nix
··· 68 68 boot.extraModulePackages = [ kernelModules ]; 69 69 environment.systemPackages = [ virtualbox ]; 70 70 71 - security.wrappers.setuid = let 72 - mkSuid = program: { 73 - inherit program; 71 + security.wrappers = let 72 + mkSuid = program: "${program}" = { 74 73 source = "${virtualbox}/libexec/virtualbox/${program}"; 75 74 owner = "root"; 76 75 group = "vboxusers";