···
source=/nix/var/nix/profiles/default/bin/${program}
105
-
cp ${setuidWrapper}/bin/setuid-wrapper $wrapperDir/${program}
106
-
echo -n "$source" > $wrapperDir/${program}.real
107
-
chmod 0000 $wrapperDir/${program} # to prevent races
108
-
chown ${owner}.${group} $wrapperDir/${program}
109
-
chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" $wrapperDir/${program}
105
+
cp ${setuidWrapper}/bin/setuid-wrapper ${wrapperDir}/${program}
106
+
echo -n "$source" > ${wrapperDir}/${program}.real
107
+
chmod 0000 ${wrapperDir}/${program} # to prevent races
108
+
chown ${owner}.${group} ${wrapperDir}/${program}
109
+
chmod "u${if setuid then "+" else "-"}s,g${if setgid then "+" else "-"}s,${permissions}" ${wrapperDir}/${program}
in stringAfter [ "users" ]
···
# programs to be wrapped.
SETUID_PATH=${config.system.path}/bin:${config.system.path}/sbin
118
-
mkdir -p /run/setuid-wrapper-dirs
119
-
wrapperDir=$(mktemp --directory --tmpdir=/run/setuid-wrapper-dirs setuid-wrappers.XXXXXXXXXX)
118
+
rm -f ${wrapperDir}/* # */
${concatMapStrings makeSetuidWrapper setuidPrograms}
123
-
if [ -d ${wrapperDir} ]; then
124
-
mv --no-target-directory ${wrapperDir} ${wrapperDir}-old
125
-
ln --symbolic $wrapperDir ${wrapperDir}
126
-
rm --force --recursive ${wrapperDir}-old
127
-
elif [ -L ${wrapperDir} ]; then
128
-
ln --symbolic --force --no-dereference $wrapperDir ${wrapperDir}-tmp
129
-
old=$(readlink ${wrapperDir})
130
-
mv --no-target-directory ${wrapperDir}-tmp ${wrapperDir}
131
-
rm --force --recursive $old
133
-
ln --symbolic $wrapperDir ${wrapperDir}
pyrox.dev