;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2021 Brice Waegeneire ;;; Copyright © 2022 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu system privilege) #:use-module (guix records) #:export (privileged-program privileged-program? privileged-program-program privileged-program-setuid? privileged-program-setgid? privileged-program-user privileged-program-group privileged-program-capabilities)) ;;; Commentary: ;;; ;;; Data structures representing privileged programs: binaries with additional ;;; permissions such as setuid/setgid, or POSIX capabilities. This is meant to ;;; be used both on the host side and at run time--e.g., in activation snippets. ;;; ;;; Code: (define-record-type* privileged-program make-privileged-program privileged-program? ;; File name of the program to assign elevated privileges. (program privileged-program-program) ;file-like ;; Whether to set the setuid (‘set user ID’) bit. (setuid? privileged-program-setuid? ;boolean (default #f)) ;; Whether to set the setgid (‘set group ID’) bit. (setgid? privileged-program-setgid? ;boolean (default #f)) ;; The user name or ID this should be set to (defaults to root's). (user privileged-program-user ;integer or string (default 0)) ;; The group name or ID we want to set this to (defaults to root's). (group privileged-program-group ;integer or string (default 0)) ;; POSIX capabilities in cap_from_text(3) form (defaults to #f: none). (capabilities privileged-program-capabilities ;string or #f (default #f))) 8da660a2f775de2656e47f3e9ec75bc&showmsg=1'>Expand)Author 2023-04-21tests: Fix checks for expected failures....Eric Bavier 2023-04-18tests: guix-system: Drop the i686-linux desktop image test....Maxim Cournoyer 2022-12-04tests: Fix guix-system.sh test....Maxim Cournoyer 2022-10-07tests: Attempt to build 'desktop.tmpl' on all major architectures....Ludovic Courtès 2022-09-04guix system: Do not use 'vm-image.tmpl' in tests....Ludovic Courtès 2022-02-18profiles: 'profile-derivation' rejects unsupported packages....Ludovic Courtès 2021-08-29gnu: bootloader: Support multiple targets....Maxim Cournoyer 2021-04-29diagnostics, ui: Adjust to 'read-error' and 'syntax-error' in Guile 3.0.6....Ludovic Courtès 2021-02-17scripts: system: Accept <image> records as input....Mathieu Othacehe 2021-02-17scripts: system: Remove 'vm-image' command....Mathieu Othacehe 2021-01-30guix system: Test 'extension-graph' and 'shepherd-graph'....Ludovic Courtès 2021-01-19system: Rename 'disk-image' command 'image'....Mathieu Othacehe 2021-01-13services: shepherd: 'shepherd-service-type' requires documentation....Ludovic Courtès