Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: b51de57928fd
Choose a base ref
...
head repository: NixOS/nixpkgs
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: 1394a0c0a28f
Choose a head ref
  • 2 commits
  • 1 file changed
  • 1 contributor

Commits on Mar 23, 2017

  1. Revert "security-wrapper: Don't remove the old paths yet as that can … 

    …create migration pain"

This reverts commit 4c751ce.

This does not fix the issue as /run is now mounted with nosuid.

(cherry picked from commit 45f486f)
    @globin
    globin committed Mar 23, 2017

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    3bfeceb View commit details

  2. security-wrapper: link old wrapper dir to new one 

    This makes setuid wrappers not fail after upgrading.

references #23641, #22914, #19862, #16654

(cherry picked from commit e82baf0)
    @globin
    globin committed Mar 23, 2017

    Unverified

    This commit is not signed, but one or more authors requires that any commit attributed to them is signed.
    Learn about vigilant mode
    Copy the full SHA
    1394a0c View commit details
Showing with 29 additions and 0 deletions.
  1. +29 −0 nixos/modules/security/wrappers/default.nix
29 changes: 29 additions & 0 deletions nixos/modules/security/wrappers/default.nix
View file
Original file line number Diff line number Diff line change
@@ -177,6 +177,35 @@ in
# programs to be wrapped.
WRAPPER_PATH=${config.system.path}/bin:${config.system.path}/sbin
# Remove the old /var/setuid-wrappers path from the system...
#
# TODO: this is only necessary for upgrades 16.09 => 17.x;
# this conditional removal block needs to be removed after
# the release.
if [ -d /var/setuid-wrappers ]; then
rm -rf /var/setuid-wrappers
ln -s /run/wrappers/bin /var/setuid-wrappers
fi
# Remove the old /run/setuid-wrappers-dir path from the
# system as well...
#
# TODO: this is only necessary for upgrades 16.09 => 17.x;
# this conditional removal block needs to be removed after
# the release.
if [ -d /run/setuid-wrapper-dirs ]; then
rm -rf /run/setuid-wrapper-dirs
ln -s /run/wrappers/bin /run/setuid-wrapper-dirs
fi
# TODO: this is only necessary for upgrades 16.09 => 17.x;
# this conditional removal block needs to be removed after
# the release.
if readlink -f /run/booted-system | grep nixos-17 > /dev/null; then
rm -rf /run/setuid-wrapper-dirs
rm -rf /var/setuid-wrappers
fi
# We want to place the tmpdirs for the wrappers to the parent dir.
wrapperDir=$(mktemp --directory --tmpdir="${parentWrapperDir}" wrappers.XXXXXXXXXX)
chmod a+rx $wrapperDir