Merge pull request #195141 from zhaofengli/vbox-headless-wrappers

author: Bernardo Meurer <bernardo@meurer.org> 2022-10-10 11:45:40 -0300
committer: GitHub <noreply@github.com> 2022-10-10 11:45:40 -0300
commit: ed22079db4e8ebfcabfa63d1e2c32a8dd96db857 (patch)
tree: 09d5af1798103753f52d5495000ce3f776d115de /nixos
parent: 50c7c4cc34c0eab26e0da9bfef88feecd59f5b20 (diff)
parent: 6ed7e545ecfa1db9c6e5f93571a93e7848c449cf (diff)
1 files changed, 11 insertions, 9 deletions
diff --git a/nixos/modules/virtualisation/virtualbox-host.nix b/nixos/modules/virtualisation/virtualbox-host.nix
index 5a2ec4939d99..b1565a09682a 100644
--- a/nixos/modules/virtualisation/virtualbox-host.nix
+++ b/nixos/modules/virtualisation/virtualbox-host.nix
@@ -104,16 +104,18 @@ in
         group = "vboxusers";
         setuid = true;
       };
+      executables = [
+        "VBoxHeadless"
+        "VBoxNetAdpCtl"
+        "VBoxNetDHCP"
+        "VBoxNetNAT"
+        "VBoxVolInfo"
+      ] ++ (lib.optionals (!cfg.headless) [
+        "VBoxSDL"
+        "VirtualBoxVM"
+      ]);
     in mkIf cfg.enableHardening
-      (builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) [
-      "VBoxHeadless"
-      "VBoxNetAdpCtl"
-      "VBoxNetDHCP"
-      "VBoxNetNAT"
-      "VBoxSDL"
-      "VBoxVolInfo"
-      "VirtualBoxVM"
-    ]));
+      (builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) executables));
 
     users.groups.vboxusers.gid = config.ids.gids.vboxusers;
author	Bernardo Meurer <bernardo@meurer.org>	2022-10-10 11:45:40 -0300
committer	GitHub <noreply@github.com>	2022-10-10 11:45:40 -0300
commit	ed22079db4e8ebfcabfa63d1e2c32a8dd96db857 (patch)
tree	09d5af1798103753f52d5495000ce3f776d115de /nixos
parent	50c7c4cc34c0eab26e0da9bfef88feecd59f5b20 (diff)
parent	6ed7e545ecfa1db9c6e5f93571a93e7848c449cf (diff)