qbit/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

resolvconf: reliably set group permissions

Browse Source 
If `resolvconf` is invoked by a process not running with the resolvconf
group as primary group, other processes will run into trouble as files
or directories under /run/resolvconf won't have write permissions.

This ACL rule ensure that resolvconf files, include new files created by
any process, are always accessible by users of the resolvconf group.
This commit is contained in:
rnhmjoj 2024-10-25 17:56:51 +02:00
parent 31eafaeb6d
commit 8fafc35158
No known key found for this signature in database
GPG Key ID: BFBAF4C975F76450
1 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/modules/config/resolvconf.nix
View File

@ -161,9 +161,12 @@ in
script = '' script = ''
${lib.getExe cfg.package} -u ${lib.getExe cfg.package} -u
files=(/run/resolvconf ${lib.escapeShellArgs cfg.subscriberFiles}) chgrp resolvconf ${lib.escapeShellArgs cfg.subscriberFiles}
chgrp -R resolvconf "''${files[@]}" chmod g=u ${lib.escapeShellArgs cfg.subscriberFiles}
chmod -R g=u "''${files[@]}" ${lib.getExe' pkgs.acl "setfacl"} -R \
-m group:resolvconf:rwx \
-m default:group:resolvconf:rwx \
/run/resolvconf
''; '';
}; };