movefasta/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-06-11 12:15:34 +03:00
Code Issues Projects Releases Packages Wiki Activity

nixos: explicitely set security.wrappers ownership

Browse source 
This is slightly more verbose and inconvenient, but it forces you
to think about what the wrapper ownership and permissions will be.
This commit is contained in:
rnhmjoj 2021-09-12 18:53:48 +02:00
parent 8f76a6eefc
commit fedd7cd690
No known key found for this signature in database
GPG key ID: BFBAF4C975F76450
39 changed files with 276 additions and 72 deletions
Download patch file Download diff file Expand all files Collapse all files

7
nixos/modules/programs/singularity.nix
View file

@ -16,7 +16,12 @@ in {
config = mkIf cfg.enable {
environment.systemPackages = [ singularity ];
security.wrappers.singularity-suid.source = "${singularity}/libexec/singularity/bin/starter-suid.orig";
security.wrappers.singularity-suid =
{ setuid = true;
owner = "root";
group = "root";
source = "${singularity}/libexec/singularity/bin/starter-suid.orig";
};
systemd.tmpfiles.rules = [
"d /var/singularity/mnt/session 0770 root root -"
"d /var/singularity/mnt/final 0770 root root -"