Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: f9add54f2813
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: e82baf043e25
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Mar 23, 2017

  1. Revert "security-wrapper: Don't remove the old paths yet as that can … 

    …create migration pain"

This reverts commit 4c751ce.

This does not fix the issue as /run is now mounted with nosuid.
    @globin
    globin committed Mar 23, 2017

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    45f486f View commit details

  2. security-wrapper: link old wrapper dir to new one 

    This makes setuid wrappers not fail after upgrading.

references #23641, #22914, #19862, #16654
    @globin
    globin committed Mar 23, 2017

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    e82baf0 View commit details
Showing with 29 additions and 0 deletions.
  1. +29 −0 nixos/modules/security/wrappers/default.nix
29 changes: 29 additions & 0 deletions nixos/modules/security/wrappers/default.nix
View file
Original file line number Diff line number Diff line change
@@ -177,6 +177,35 @@ in
# programs to be wrapped.
WRAPPER_PATH=${config.system.path}/bin:${config.system.path}/sbin
# Remove the old /var/setuid-wrappers path from the system...
#
# TODO: this is only necessary for upgrades 16.09 => 17.x;
# this conditional removal block needs to be removed after
# the release.
if [ -d /var/setuid-wrappers ]; then
rm -rf /var/setuid-wrappers
ln -s /run/wrappers/bin /var/setuid-wrappers
fi
# Remove the old /run/setuid-wrappers-dir path from the
# system as well...
#
# TODO: this is only necessary for upgrades 16.09 => 17.x;
# this conditional removal block needs to be removed after
# the release.
if [ -d /run/setuid-wrapper-dirs ]; then
rm -rf /run/setuid-wrapper-dirs
ln -s /run/wrappers/bin /run/setuid-wrapper-dirs
fi
# TODO: this is only necessary for upgrades 16.09 => 17.x;
# this conditional removal block needs to be removed after
# the release.
if readlink -f /run/booted-system | grep nixos-17 > /dev/null; then
rm -rf /run/setuid-wrapper-dirs
rm -rf /var/setuid-wrappers
fi
# We want to place the tmpdirs for the wrappers to the parent dir.
wrapperDir=$(mktemp --directory --tmpdir="${parentWrapperDir}" wrappers.XXXXXXXXXX)
chmod a+rx $wrapperDir