services: Allow specifying user and group for knot resolver. - guix

diff options

author	W. Kosior <koszko@koszko.org>	2024-09-04 20:50:17 +0200
committer	W. Kosior <koszko@koszko.org>	2024-09-04 21:02:12 +0200
commit	4aad2dedac15c2f3c9b427dc8a9ae2992e963a16 (patch)
tree	411805075d209d8e3c21315128b8e9b70908d2eb /tests/cve.scm
parent	da83e21c97b644f823b75ad92e1c51e82452abc9 (diff)
download	guix-4aad2dedac15c2f3c9b427dc8a9ae2992e963a16.tar.gz guix-4aad2dedac15c2f3c9b427dc8a9ae2992e963a16.zip

services: Allow specifying user and group for knot resolver.

Kresd used to start as root and create cache files with root ownership before dropping privileges. This made unprivileged kres-cache-gc (in a separate service) fail when trying to read them. The new default is to start both as `knot-resolver', with configuration fields that allow overriding this default. * gnu/services/dns.scm (<knot-resolver-configuration>)[user]: New field. (<knot-resolver-configuration>)[group]: New field. (knot-resolver-shepherd-services): Pass the user&group from config to forkexec constructors. Change-Id: Id06a8eca140fdca14995a03e910f521d5f4636e5

Diffstat (limited to 'tests/cve.scm')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: