diff options
| author | Brice Waegeneire <brice@waegenei.re> | 2021-07-06 22:03:20 +0200 |
|---|---|---|
| committer | Christopher Lemmer Webber <cwebber@dustycloud.org> | 2021-07-29 11:32:48 -0400 |
| commit | a85ec0bf69df9ec3333a214feff54d4e58b15bec (patch) | |
| tree | 3f5623ae3651936d9106bd139b4b66ffc834277b /gnu/system.scm | |
| parent | a7ac19851baab3fbcc40c4b2cf5b00a6ac9cd2f3 (diff) | |
| download | guix-patches-a85ec0bf69df9ec3333a214feff54d4e58b15bec.tar guix-patches-a85ec0bf69df9ec3333a214feff54d4e58b15bec.tar.gz | |
services: Migrate to <setuid-program>.
* gnu/services/dbus.scm (dbus-setuid-programs, polkit-setuid-programs):
Return setuid-programs.
* gnu/services/desktop.scm (enlightenment-setuid-programs): Return
setuid-programs.
(%desktop-services)[mount-setuid-helpers]: Use setuid-programs.
* gnu/services/docker.scm (singularity-setuid-programs): Return
setuid-programs.
* gnu/services/xorg.scm(screen-locker-setuid-programs): Return
setuid-programs.
* gnu/system.scm (%setuid-programs): Return setuid-programs.
* doc/guix.texi (Setuid Programs, operating-system Reference): Replace
'list of G-expressions' with 'list of <setuid-program>'.
Diffstat (limited to 'gnu/system.scm')
| -rw-r--r-- | gnu/system.scm | 33 |
1 files changed, 17 insertions, 16 deletions
diff --git a/gnu/system.scm b/gnu/system.scm index 11e7152be1..7e11d38c59 100644 --- a/gnu/system.scm +++ b/gnu/system.scm @@ -1074,22 +1074,23 @@ use 'plain-file' instead~%") (define %setuid-programs ;; Default set of setuid-root programs. (let ((shadow (@ (gnu packages admin) shadow))) - (list (file-append shadow "/bin/passwd") - (file-append shadow "/bin/sg") - (file-append shadow "/bin/su") - (file-append shadow "/bin/newgrp") - (file-append shadow "/bin/newuidmap") - (file-append shadow "/bin/newgidmap") - (file-append inetutils "/bin/ping") - (file-append inetutils "/bin/ping6") - (file-append sudo "/bin/sudo") - (file-append sudo "/bin/sudoedit") - (file-append fuse "/bin/fusermount") - - ;; To allow mounts with the "user" option, "mount" and "umount" must - ;; be setuid-root. - (file-append util-linux "/bin/mount") - (file-append util-linux "/bin/umount")))) + (map file-like->setuid-program + (list (file-append shadow "/bin/passwd") + (file-append shadow "/bin/sg") + (file-append shadow "/bin/su") + (file-append shadow "/bin/newgrp") + (file-append shadow "/bin/newuidmap") + (file-append shadow "/bin/newgidmap") + (file-append inetutils "/bin/ping") + (file-append inetutils "/bin/ping6") + (file-append sudo "/bin/sudo") + (file-append sudo "/bin/sudoedit") + (file-append fuse "/bin/fusermount") + + ;; To allow mounts with the "user" option, "mount" and "umount" must + ;; be setuid-root. + (file-append util-linux "/bin/mount") + (file-append util-linux "/bin/umount"))))) (define %sudoers-specification ;; Default /etc/sudoers contents: 'root' and all members of the 'wheel' |