pyrox.dev / nixpkgs
lol
fork atom

Addressing feedback and fixing a bug

Parnell Springmeyer fb6d13c0 467bb3f6

options
unified split
Changed files
+4 -6
nixos
doc
manual
release-notes
rl-1703.xml
modules
module-list.nix
security
wrappers
wrapper.c
+2 -4
nixos/doc/manual/release-notes/rl-1703.xml 
···

       
17

       
17

       
 

       
  </listitem>


     

       
18

       
18

       
 

       



     

       
19

       
19

       
 

       
  <listitem>


     

       
20

       

       
-

       
    <para>Setting capabilities on programs is now supported with a


     

       
21

       

       
-

       
    <literal>setcap-wrapper</literal> functionality. This


     

       
22

       

       
-

       
    functionality and the <literal>setuid-wrapper</literal> are merged


     

       
23

       

       
-

       
    into a single "wrappers" module.</para>


     

       

       
20

       
+

       
    <para>The setuid wrapper functionality now supports setting


     

       

       
21

       
+

       
    capabilities.</para>


     

       
24

       
22

       
 

       
  </listitem>


     

       
25

       
23

       
 

       



     

       
26

       
24

       
 

       
  <listitem>
+1 -1
nixos/modules/module-list.nix 
···

       
113

       
113

       
 

       
  ./security/prey.nix


     

       
114

       
114

       
 

       
  ./security/rngd.nix


     

       
115

       
115

       
 

       
  ./security/rtkit.nix


     

       
116

       

       
-

       
  ./security/wrappers


     

       

       
116

       
+

       
  ./security/wrappers/default.nix


     

       
117

       
117

       
 

       
  ./security/sudo.nix


     

       
118

       
118

       
 

       
  ./services/amqp/activemq/default.nix


     

       
119

       
119

       
 

       
  ./services/amqp/rabbitmq.nix
+1 -1
nixos/modules/security/wrappers/wrapper.c 
···

       
165

       
165

       
 

       
    // should safely fit within the PATH_MAX system limit. Though I'm


     

       
166

       
166

       
 

       
    // not positive it's safe...


     

       
167

       
167

       
 

       
    char selfPath[PATH_MAX];


     

       
168

       

       
-

       
    int selfPathSize = readlink("/proc/self/exe", selfPath, sizeof(selfPath) - 1);


     

       

       
168

       
+

       
    int selfPathSize = readlink("/proc/self/exe", selfPath, sizeof(selfPath));


     

       
169

       
169

       
 

       



     

       
170

       
170

       
 

       
    assert(selfPathSize > 0);


     

       
171

       
171