diff options
| author | Igor Pashev <pashev.igor@gmail.com> | 2017-07-24 16:05:35 +0300 |
|---|---|---|
| committer | Igor Pashev <pashev.igor@gmail.com> | 2017-07-24 16:05:38 +0300 |
| commit | e5f64c2baece306446c8a7e5f2ca5a40509719dc (patch) | |
| tree | 3f07784a465527f67dc767cb9aeef7115efc573a | |
| parent | 4434aa9bb368f1a9e74ce68b5cd3d431bc478d8d (diff) | |
| download | nixsap-e5f64c2baece306446c8a7e5f2ca5a40509719dc.tar.gz | |
cli: security.setuidOwners -> security.wrappers
Require nixpkgs >= 17.03
| -rw-r--r-- | README.md | 2 | ||||
| -rw-r--r-- | modules/apps/cli.nix | 10 |
2 files changed, 5 insertions, 7 deletions
@@ -147,7 +147,7 @@ _secure_, default value. Requirements ============ -* [nixpkgs](https://nixos.org/nixpkgs/) >= 16.09 +* [nixpkgs](https://nixos.org/nixpkgs/) >= 17.03 License diff --git a/modules/apps/cli.nix b/modules/apps/cli.nix index af60710..6db92e3 100644 --- a/modules/apps/cli.nix +++ b/modules/apps/cli.nix @@ -5,9 +5,8 @@ let inherit (builtins) toString ; inherit (lib) - concatMapStrings filterAttrs mapAttrsToList mkOption - types unique ; - inherit (types) + concatMapStrings filterAttrs mapAttrs mapAttrsToList mkOption unique ; + inherit (lib.types) attrsOf path str submodule ; explicit = filterAttrs (n: v: n != "_module" && v != null); @@ -126,14 +125,13 @@ in { config = { nixsap.system.users.daemons = unique (mapAttrsToList (_: a: a.user) apps); - security.setuidOwners = mapAttrsToList (n: a: - { program = n; + security.wrappers = mapAttrs (n: a: + { source = exec n a; owner = "root"; group = a.user; setuid = true; setgid = false; permissions = "u+rx,g+x,o="; - source = exec n a; }) apps; }; } |