diff options
| author | Reepca Russelstein <reepca@russelstein.xyz> | 2024-10-19 22:43:27 -0500 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2024-11-03 23:05:06 +0100 |
| commit | 6a8a6171a79dd6b9108cf9d25c8f9a86fd9bb8f8 (patch) | |
| tree | 71d6ce0f2670f071be532a6d6fd336a554705b1c /doc | |
| parent | e5d64e87d4759d62c035dad203e9975de3b621a6 (diff) | |
| download | guix-6a8a6171a79dd6b9108cf9d25c8f9a86fd9bb8f8.tar.gz guix-6a8a6171a79dd6b9108cf9d25c8f9a86fd9bb8f8.zip | |
services: guix: Add access control to daemon socket.
* gnu/services/base.scm
(guix-configuration-socket-directory-{permissions,group,user}): New fields.
(guix-shepherd-service): Use them.
* doc/guix.texi (Base Services): Document them.
Change-Id: I8f4c2e20392ced47c09812e62903c87cc0f4a97a
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/guix.texi | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/doc/guix.texi b/doc/guix.texi index 187bae6898..151fcd89ac 100644 --- a/doc/guix.texi +++ b/doc/guix.texi @@ -19822,6 +19822,18 @@ A directory path where the @command{guix-daemon} will perform builds. Environment variables to be set before starting the daemon, as a list of @code{key=value} strings. +@item @code{socket-directory-permissions} (default: @code{#o755}) +Permissions to set for the directory @file{/var/guix/daemon-socket}. +This, together with @code{socket-directory-group} and +@code{socket-directory-user}, determines who can connect to the build +daemon via its Unix socket. TCP socket operation is unaffected by +these. + +@item @code{socket-directory-user} (default: @code{#f}) +@itemx @code{socket-directory-group} (default: @code{#f}) +User and group owning the @file{/var/guix/daemon-socket} directory or +@code{#f} to keep the user or group as root. + @end table @end deftp |