setuid-wrappers: remove config.system.path from the closure

The motivation is using sudo in chroot nix builds, a somewhat special edge case I have and pulling system path into chroot yields to some very nasty bug like https://github.com/NixOS/nixpkgs/issues/15581 Previously: $ cat /var/setuid-wrappers/sudo.real /nix/store/3sm04dzh0994r86xqxy52jjc0lqnkn65-system-path/bin/sudo After the change: $ cat /var/setuid-wrappers/sudo.real /nix/store/4g9sxbzy8maxf1v217ikp69c0c3q12as-sudo-1.8.15/bin/sudo
author: Domen Kožar <domen@dev.si> 2016-05-23 13:09:08 +0100
committer: Domen Kožar <domen@dev.si> 2016-05-23 13:47:23 +0100
commit: 16535d4a71a21fe118adbcccdc97968513911098 (patch)
tree: ed627fd42a2d8325d6a6a3b05c8e216d5282c7b6 /nixos/modules
parent: 03f76c136de2a907923ec66a91b79e058a2aad7d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/modules/security/setuid-wrappers.nix b/nixos/modules/security/setuid-wrappers.nix
index 7d69f9b1183d..99dd514feea3 100644
--- a/nixos/modules/security/setuid-wrappers.nix
+++ b/nixos/modules/security/setuid-wrappers.nix
@@ -96,7 +96,7 @@ in
           }:
 
           ''
-            if ! source=${if source != "" then source else "$(PATH=$SETUID_PATH type -tP ${program})"}; then
+            if ! source=${if source != "" then source else "$(readlink -f $(PATH=$SETUID_PATH type -tP ${program}))"}; then
                 # If we can't find the program, fall back to the
                 # system profile.
                 source=/nix/var/nix/profiles/default/bin/${program}
author	Domen Kožar <domen@dev.si>	2016-05-23 13:09:08 +0100
committer	Domen Kožar <domen@dev.si>	2016-05-23 13:47:23 +0100
commit	16535d4a71a21fe118adbcccdc97968513911098 (patch)
tree	ed627fd42a2d8325d6a6a3b05c8e216d5282c7b6 /nixos/modules
parent	03f76c136de2a907923ec66a91b79e058a2aad7d (diff)