| Age | Commit message (Collapse) | Author |
|---|
|
This reverts commit e74d05db53fdf02956ccee0950896c6ca9f10573.
* gnu/services.scm (cleanup-gexp): Introduce explicit ‘chmod’ calls
after ‘mkdir’ calls.
* gnu/tests/base.scm (run-basic-test)[test]("permissions on /tmp"):
New test.
Reported-by: Hilton Chain <hako@ultrarare.space>
Change-Id: I1e14dbe52eac526d2ed4ec1dd9c6fd9036f96a63
|
|
Fixes <https://issues.guix.gnu.org/64775>.
* gnu/services.scm (cleanup-gexp): Delete /run and recreate it.
Reported-by: Vagrant Cascadian <vagrant@debian.org>
Change-Id: Iae39f1aa734712a3755b24b156802ec0282d3f14
|
|
* gnu/services.scm (cleanup-gexp): Pass mode as second argument to
‘mkdir’; remove ‘chmod’ calls.
Change-Id: I8ac2dde0ca5d9bd6b2ef104d77141d8463d8b3fa
|
|
* gnu/services.scm (privileged-program->activation-gexp): Warn when a
privileged-program appears to lack all possible privilege.
Change-Id: I68ed8cb2cff88b11b090cf99a2cc7d6264b888e0
|
|
* gnu/services.scm (setuid-program-service-type): Define with
‘define-deprecated/alias’.
Change-Id: Ibafe333e7f261185b5a70b38cfb4845abf2f643b
|
|
* gnu/services.scm (privileged-program->activation-gexp): Add
‘let-system’ form to define staged ‘libcap’ variable. Use
‘supported-package?’ only when not cross-compiling.
Change-Id: Ifa9bd97b5dc8c3a162d8427533b41d3c30bac18d
|
|
* gnu/system/privilege.scm (<privileged-program>): Add a field
representing the program's POSIX capabilities.
(privileged-program-capabilities): New public procedure.
* doc/guix.texi (Privileged Programs): Document it.
* gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP
package argument providing setcap(8) to apply said capabilities.
* gnu/services.scm (privileged-program->activation-gexp): Pass said
package argument where supported. Include privileged-program-capabilities
in the compatibility hack.
|
|
* gnu/system.scm (<operating-system>): Add new privileged-programs
field, that defaults to…
(%default-privileged-programs): …this new variable, renamed from…
(%setuid-programs): …this, which is now defined as the empty list.
* doc/guix.texi (Setuid Programs): Rename this…
(Privileged Programs): …to this. Adjust all refs. Update all mentions
of ‘setuid’ (whether in prose, variable names, or code samples) to use
the new ‘privilege[d]’ terminology instead.
(operating-system Reference, X Window, Invoking guix system)
(Service Reference): Adjust likewise.
|
|
* gnu/services.scm (setuid-program->activation-gexp): Rename this…
(privileged-program->activation-gexp): …to this.
Operate on a list of <privileged-program> records.
(privileged-program-service-type): New variable, renamed from
setuid-program-service-type. Rename the service-type accordingly.
(setuid-program-service-type): Redefine as an alias for the above.
|
|
* gnu/build/activation.scm (activate-setuid-programs): Rename this…
(activate-privileged-programs): …to this.
Operate on a list of <privileged-program> records.
* gnu/services.scm (setuid-program->activation-gexp): Adjust caller.
|
|
Create /run/setuid-programs compatibility symlinks so that we can
migrate all users (both package and human) piecemeal at our leisure.
Apart from being symlinks, this should be a user-invisible change.
* gnu/build/activation.scm (%privileged-program-directory): New variable.
[activate-setuid-programs]: Put privileged copies in
%PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in
%SETUID-DIRECTORY.
* gnu/services.scm (setuid-program-service-type): Update docstring.
* doc/guix.texi (Setuid Programs): Update @file{} name accordingly.
|
