diff options
| author | Tobias Geerinckx-Rice <me@tobias.gr> | 2022-06-05 02:00:00 +0200 |
|---|---|---|
| committer | Tobias Geerinckx-Rice <me@tobias.gr> | 2024-08-11 02:00:00 +0200 |
| commit | 39471f2627bd63df0e9af02a46e5dda60e233ffc (patch) | |
| tree | 0890fa3d313cad97eae7a3aebf93e973a8f44fdf | |
| parent | 902b15b24d6ea2a1e255b88dff7670e8a95cb9a9 (diff) | |
| download | guix-39471f2627bd63df0e9af02a46e5dda60e233ffc.tar.gz guix-39471f2627bd63df0e9af02a46e5dda60e233ffc.zip | |
system: Add (gnu system privilege).
* gnu/system/privilege.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
| -rw-r--r-- | gnu/local.mk | 1 | ||||
| -rw-r--r-- | gnu/system/privilege.scm | 54 |
2 files changed, 55 insertions, 0 deletions
diff --git a/gnu/local.mk b/gnu/local.mk index 91cc679b7d..86ff662efa 100644 --- a/gnu/local.mk +++ b/gnu/local.mk @@ -771,6 +771,7 @@ GNU_SYSTEM_MODULES = \ %D%/system/mapped-devices.scm \ %D%/system/nss.scm \ %D%/system/pam.scm \ + %D%/system/privilege.scm \ %D%/system/setuid.scm \ %D%/system/shadow.scm \ %D%/system/uuid.scm \ diff --git a/gnu/system/privilege.scm b/gnu/system/privilege.scm new file mode 100644 index 0000000000..455a659a12 --- /dev/null +++ b/gnu/system/privilege.scm @@ -0,0 +1,54 @@ +;;; GNU Guix --- Functional package management for GNU +;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re> +;;; Copyright © 2022 Tobias Geerinckx-Rice <me@tobias.gr> +;;; +;;; This file is part of GNU Guix. +;;; +;;; GNU Guix is free software; you can redistribute it and/or modify it +;;; under the terms of the GNU General Public License as published by +;;; the Free Software Foundation; either version 3 of the License, or (at +;;; your option) any later version. +;;; +;;; GNU Guix is distributed in the hope that it will be useful, but +;;; WITHOUT ANY WARRANTY; without even the implied warranty of +;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +;;; GNU General Public License for more details. +;;; +;;; You should have received a copy of the GNU General Public License +;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>. + +(define-module (gnu system privilege) + #:use-module (guix records) + #:export (privileged-program + privileged-program? + privileged-program-program + privileged-program-setuid? + privileged-program-setgid? + privileged-program-user + privileged-program-group)) + +;;; Commentary: +;;; +;;; Data structures representing privileged programs: binaries with additional +;;; permissions such as setuid/setgid. This is meant to be used both on the +;;; host side and at run time--e.g., in activation snippets. +;;; +;;; Code: + +(define-record-type* <privileged-program> + privileged-program make-privileged-program + privileged-program? + ;; File name of the program to assign elevated privileges. + (program privileged-program-program) ;file-like + ;; Whether to set the setuid (‘set user ID’) bit. + (setuid? privileged-program-setuid? ;boolean + (default #f)) + ;; Whether to set the setgid (‘set group ID’) bit. + (setgid? privileged-program-setgid? ;boolean + (default #f)) + ;; The user name or ID this should be set to (defaults to root's). + (user privileged-program-user ;integer or string + (default 0)) + ;; The group name or ID we want to set this to (defaults to root's). + (group privileged-program-group ;integer or string + (default 0))) |