diff options
author | Marius Bakke <marius@gnu.org> | 2021-07-29 22:34:57 +0200 |
---|---|---|
committer | Marius Bakke <marius@gnu.org> | 2021-07-29 22:34:57 +0200 |
commit | b029be2ee0f81cdcbc14240ff426408085ab0a40 (patch) | |
tree | ed6d0e1bfdadfd28e1eb804e43763b793baa0b42 /gnu/services.scm | |
parent | bc55f3091bac4677df0cf020381c554921fea179 (diff) | |
parent | ffb381856d0c6cc1a557b789f6b377cfa17002a0 (diff) | |
download | guix-patches-b029be2ee0f81cdcbc14240ff426408085ab0a40.tar guix-patches-b029be2ee0f81cdcbc14240ff426408085ab0a40.tar.gz |
Merge branch 'master' into core-updates-frozen
Conflicts:
gnu/packages/bioinformatics.scm
gnu/packages/cmake.scm
gnu/packages/curl.scm
gnu/packages/emacs-xyz.scm
gnu/packages/gpodder.scm
gnu/packages/music.scm
gnu/packages/patches/glibc-bootstrap-system.patch
gnu/packages/python-xyz.scm
gnu/packages/shells.scm
gnu/packages/statistics.scm
Diffstat (limited to 'gnu/services.scm')
-rw-r--r-- | gnu/services.scm | 45 |
1 files changed, 41 insertions, 4 deletions
diff --git a/gnu/services.scm b/gnu/services.scm index 8d413e198e..2a8114a219 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -4,6 +4,8 @@ ;;; Copyright © 2020 Jan (janneke) Nieuwenhuizen <janneke@gnu.org> ;;; Copyright © 2020, 2021 Ricardo Wurmus <rekado@elephly.net> ;;; Copyright © 2021 raid5atemyhomework <raid5atemyhomework@protonmail.com> +;;; Copyright © 2020 Christine Lemmer-Webber <cwebber@dustycloud.org> +;;; Copyright © 2020, 2021 Brice Waegeneire <brice@waegenei.re> ;;; ;;; This file is part of GNU Guix. ;;; @@ -40,6 +42,7 @@ #:use-module (gnu packages base) #:use-module (gnu packages bash) #:use-module (gnu packages hurd) + #:use-module (gnu system setuid) #:use-module (srfi srfi-1) #:use-module (srfi srfi-9) #:use-module (srfi srfi-9 gnu) @@ -801,15 +804,49 @@ directory." FILES must be a list of name/file-like object pairs." (service etc-service-type files)) +(define (setuid-program->activation-gexp programs) + "Return an activation gexp for setuid-program from PROGRAMS." + (let ((programs (map (lambda (program) + ;; FIXME This is really ugly, I didn't managed to use + ;; "inherit" + (let ((program-name (setuid-program-program program)) + (setuid? (setuid-program-setuid? program)) + (setgid? (setuid-program-setgid? program)) + (user (setuid-program-user program)) + (group (setuid-program-group program)) ) + #~(setuid-program + (setuid? #$setuid?) + (setgid? #$setgid?) + (user #$user) + (group #$group) + (program #$program-name)))) + programs))) + (with-imported-modules (source-module-closure + '((gnu system setuid))) + #~(begin + (use-modules (gnu system setuid)) + + (activate-setuid-programs (list #$@programs)))))) + +(define (setuid-program-file-like-deprecated file-like) + (match file-like + ((? file-like? program) + (warning + (G_ "representing setuid programs with '~a' is \ +deprecated; use 'setuid-program' instead~%") program) + (setuid-program (program program))) + ((? setuid-program? program) + program))) + (define setuid-program-service-type (service-type (name 'setuid-program) (extensions (list (service-extension activation-service-type - (lambda (programs) - #~(activate-setuid-programs - (list #$@programs)))))) + setuid-program->activation-gexp))) (compose concatenate) - (extend append) + (extend (lambda (config extensions) + (map setuid-program-file-like-deprecated + (append config extensions)))) (description "Populate @file{/run/setuid-programs} with the specified executables, making them setuid-root."))) |