diff options
author | Parnell Springmeyer <parnell@awakenetworks.com> | 2016-07-15 18:15:08 -0500 |
---|---|---|
committer | Parnell Springmeyer <parnell@awakenetworks.com> | 2016-09-01 19:16:36 -0500 |
commit | 81b33eb46645b1bd3ab5029c0ca2012a24902bb0 (patch) | |
tree | adec44051f272b30de06639772b043e4a05acbe5 /nixos/modules/tasks/network-interfaces.nix | |
parent | 79e81aa31bc7a0fa88507c06f21b41fbbd1cb863 (diff) |
security: Updating the machinery for creating the wrapper programs dir in var and updating ping and ping6 for changed config interface.
Diffstat (limited to 'nixos/modules/tasks/network-interfaces.nix')
-rw-r--r-- | nixos/modules/tasks/network-interfaces.nix | 20 |
1 files changed, 17 insertions, 3 deletions
diff --git a/nixos/modules/tasks/network-interfaces.nix b/nixos/modules/tasks/network-interfaces.nix index 12605c245160..1e0b874297a2 100644 --- a/nixos/modules/tasks/network-interfaces.nix +++ b/nixos/modules/tasks/network-interfaces.nix @@ -891,7 +891,7 @@ in # Capabilities won't work unless we have at-least a 4.3 Linux # kernel because we need the ambient capability - security.setcapCapabilities = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") ( + security.permissionsWrappers.setcap = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") ( [ { program = "ping"; source = "${pkgs.iputils.out}/bin/ping"; @@ -908,8 +908,22 @@ in ); # If our linux kernel IS older than 4.3, let's setuid ping and ping6 - security.setuidPrograms = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") ( - [ "ping" "ping6" ] + security.permissionsWrappers.setuid = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") ( + [ + { program = "ping"; + source = "${pkgs.iputils.out}/bin/ping"; + owner = "root"; + group = "root"; + setuid = true; + } + + { program = "ping6"; + source = "${pkgs.iputils.out}/bin/ping6"; + owner = "root"; + group = "root"; + setuid = true; + } + ] ); # Set the host and domain names in the activation script. Don't |