qbit/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

dhcpcd: fix more permissions errors (#351225)

Browse Source
This commit is contained in:
Michele Guerini Rocco 2024-10-26 02:00:23 +02:00 committed by GitHub
commit 9a415c28ae
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
nixos/modules/config/resolvconf.nix
View File

@ -161,9 +161,12 @@ in
script = '' script = ''
${lib.getExe cfg.package} -u ${lib.getExe cfg.package} -u
files=(/run/resolvconf ${lib.escapeShellArgs cfg.subscriberFiles}) chgrp resolvconf ${lib.escapeShellArgs cfg.subscriberFiles}
chgrp -R resolvconf "''${files[@]}" chmod g=u ${lib.escapeShellArgs cfg.subscriberFiles}
chmod -R g=u "''${files[@]}" ${lib.getExe' pkgs.acl "setfacl"} -R \
-m group:resolvconf:rwx \
-m default:group:resolvconf:rwx \
/run/resolvconf
''; '';
}; };

2
nixos/modules/services/networking/dhcpcd.nix
View File

@ -249,7 +249,7 @@ in
ExecReload = "${dhcpcd}/sbin/dhcpcd --rebind"; ExecReload = "${dhcpcd}/sbin/dhcpcd --rebind";
Restart = "always"; Restart = "always";
AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_RAW" "CAP_NET_BIND_SERVICE" ]; AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_RAW" "CAP_NET_BIND_SERVICE" ];
ReadWritePaths = [ "/proc/sys/net/ipv6" ] ReadWritePaths = [ "/proc/sys/net/ipv4" "/proc/sys/net/ipv6" ]
++ lib.optionals useResolvConf ([ "/run/resolvconf" ] ++ config.networking.resolvconf.subscriberFiles); ++ lib.optionals useResolvConf ([ "/run/resolvconf" ] ++ config.networking.resolvconf.subscriberFiles);
DeviceAllow = ""; DeviceAllow = "";
LockPersonality = true; LockPersonality = true;