pyrox.dev / nixpkgs
lol
fork atom

Revert "setuid-wrappers: Update wrapper dir atomically."

This reverts commit ee535056ce01514854cdd1c2d56faad84ae347af.

It doesn't work yet.

Domen Kožar d8d75dde 4499a505

+6 -20
unified split
+6 -20
nixos/modules/security/setuid-wrappers.nix
··· 102 102 source=/nix/var/nix/profiles/default/bin/${program} 103 103 fi 104 104 105 - cp ${setuidWrapper}/bin/setuid-wrapper $wrapperDir/${program} 106 - echo -n "$source" > $wrapperDir/${program}.real 107 - chmod 0000 $wrapperDir/${program} # to prevent races 108 - chown ${owner}.${group} $wrapperDir/${program} 109 - chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" $wrapperDir/${program} 105 + cp ${setuidWrapper}/bin/setuid-wrapper ${wrapperDir}/${program} 106 + echo -n "$source" > ${wrapperDir}/${program}.real 107 + chmod 0000 ${wrapperDir}/${program} # to prevent races 108 + chown ${owner}.${group} ${wrapperDir}/${program} 109 + chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" ${wrapperDir}/${program} 110 110 ''; 111 111 112 112 in stringAfter [ "users" ] ··· 115 115 # programs to be wrapped. 116 116 SETUID_PATH=${config.system.path}/bin:${config.system.path}/sbin 117 117 118 - mkdir -p /run/setuid-wrapper-dirs 119 - wrapperDir=$(mktemp --directory --tmpdir=/run/setuid-wrapper-dirs setuid-wrappers.XXXXXXXXXX) 118 + rm -f ${wrapperDir}/* # */ 120 119 121 120 ${concatMapStrings makeSetuidWrapper setuidPrograms} 122 - 123 - if [ -d ${wrapperDir} ]; then 124 - mv --no-target-directory ${wrapperDir} ${wrapperDir}-old 125 - ln --symbolic $wrapperDir ${wrapperDir} 126 - rm --force --recursive ${wrapperDir}-old 127 - elif [ -L ${wrapperDir} ]; then 128 - ln --symbolic --force --no-dereference $wrapperDir ${wrapperDir}-tmp 129 - old=$(readlink ${wrapperDir}) 130 - mv --no-target-directory ${wrapperDir}-tmp ${wrapperDir} 131 - rm --force --recursive $old 132 - else 133 - ln --symbolic $wrapperDir ${wrapperDir} 134 - fi 135 121 ''; 136 122 137 123 };