nixos/virtualbox-host: Fix hardening with headless vbox

Fixes #157157.
2025-07-14 06:00:33 +03:00 · 2022-10-08 15:41:17 -06:00 · 2022-10-08 15:41:17 -06:00 · 6ed7e545ec
commit 6ed7e545ec
parent f677051b8d
1 changed files with 11 additions and 9 deletions
--- a/nixos/modules/virtualisation/virtualbox-host.nix
+++ b/nixos/modules/virtualisation/virtualbox-host.nix
@ -104,16 +104,18 @@ in
        group = "vboxusers";
        setuid = true;
      };
-    in mkIf cfg.enableHardening
+      executables = [
      (builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) [
        "VBoxHeadless"
        "VBoxNetAdpCtl"
        "VBoxNetDHCP"
        "VBoxNetNAT"
      "VBoxSDL"
        "VBoxVolInfo"
      ] ++ (lib.optionals (!cfg.headless) [
        "VBoxSDL"
        "VirtualBoxVM"
-    ]));
+      ]);
    in mkIf cfg.enableHardening
      (builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) executables));
    users.groups.vboxusers.gid = config.ids.gids.vboxusers;