nixos/security.wrappers: improve documentation

* The source attribute is mandatory, not optional * The program attribute is optional * Move the info about the mandatory attribute first (most important, IMHO)
NixOS · Feb 15, 2017 · ce0a52f · ce0a52f · ixmatus · Feb 15, 2017
1 parent aba35a5
commit ce0a52f
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
@@ -116,16 +116,18 @@ in
         default (setuid root, but not setgid root).
 
         <note>
+          <para>The sub-attribute <literal>source</literal> is mandatory,
+          it must be the absolute path to the program to be wrapped.
+          </para>
+
+          <para>The sub-attribute <literal>program</literal> is optional and
+          can give the wrapper program a new name. The default name is the same
+          as the attribute name itself.</para>
+
           <para>Additionally, this option can set capabilities on a
           wrapper program that propagates those capabilities down to the
           wrapped, real program.</para>
 
-          <para>The <literal>program</literal> attribute is the name of
-          the program to be wrapped. If no <literal>source</literal>
-          attribute is provided, specifying the absolute path to the
-          program, then the program will be searched for in the path
-          environment variable.</para>
-
           <para>NOTE: cap_setpcap, which is required for the wrapper
           program to be able to raise caps into the Ambient set is NOT
           raised to the Ambient set so that the real program cannot