;;; GNU Guix --- Functional package management for GNU ;;; Copyright © 2021 Brice Waegeneire ;;; Copyright © 2022 Tobias Geerinckx-Rice ;;; ;;; This file is part of GNU Guix. ;;; ;;; GNU Guix is free software; you can redistribute it and/or modify it ;;; under the terms of the GNU General Public License as published by ;;; the Free Software Foundation; either version 3 of the License, or (at ;;; your option) any later version. ;;; ;;; GNU Guix is distributed in the hope that it will be useful, but ;;; WITHOUT ANY WARRANTY; without even the implied warranty of ;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ;;; GNU General Public License for more details. ;;; ;;; You should have received a copy of the GNU General Public License ;;; along with GNU Guix. If not, see . (define-module (gnu system privilege) #:use-module (guix records) #:export (privileged-program privileged-program? privileged-program-program privileged-program-setuid? privileged-program-setgid? privileged-program-user privileged-program-group privileged-program-capabilities file-like->setuid-program)) ;;; Commentary: ;;; ;;; Data structures representing privileged programs: binaries with additional ;;; permissions such as setuid/setgid, or POSIX capabilities. This is meant to ;;; be used both on the host side and at run time--e.g., in activation snippets. ;;; ;;; Code: (define-record-type* privileged-program make-privileged-program privileged-program? ;; File name of the program to assign elevated privileges. (program privileged-program-program) ;file-like ;; Whether to set the setuid (‘set user ID’) bit. (setuid? privileged-program-setuid? ;boolean (default #f)) ;; Whether to set the setgid (‘set group ID’) bit. (setgid? privileged-program-setgid? ;boolean (default #f)) ;; The user name or ID this should be set to (defaults to root's). (user privileged-program-user ;integer or string (default 0)) ;; The group name or ID we want to set this to (defaults to root's). (group privileged-program-group ;integer or string (default 0)) ;; POSIX capabilities in cap_from_text(3) form (defaults to #f: none). (capabilities privileged-program-capabilities ;string or #f (default #f))) (define (file-like->setuid-program program) "Simple wrapper to facilitate MAPping over a list of file-like objects and make them setuid, a pattern just common enough to justify a special helper." (privileged-program (program program) (setuid? #t))) TE_DIR'....* build-aux/test-env.in: Remove references to 'NIX_LOCALSTATE_DIR'. Ludovic Courtès 2019-10-16daemon: Remove traces of 'NIX_ROOT_FINDER'....This is a followup to 2e3e5d21988fc2cafb2a9eaf4b00976ea425629d. * build-aux/test-env.in: Remove mentions of 'NIX_ROOT_FINDER'. * nix/libstore/gc.cc (LocalStore::collectGarbage): Adjust comment accordingly. Ludovic Courtès 2019-02-04daemon: Rename 'NIX_STATE_DIR' and 'NIX_DB_DIR' environment variables....Fixes <https://bugs.gnu.org/22459>. Reported by Jeff Mickey <j@codemac.net>. * guix/config.scm.in (%state-directory): Change NIX_STATE_DIR to GUIX_STATE_DIRECTORY. (%store-database-directory): Change NIX_DB_DIR to GUIX_DATABASE_DIRECTORY. * nix/libstore/globals.cc (Settings::processEnvironment): Likewise. * guix/self.scm (make-config.scm): Likewise. * build-aux/build-self.scm (make-config.scm): Likewise. * build-aux/test-env.in: Likewise. * tests/derivations.scm ("derivation #:leaked-env-vars"): Likewise. * tests/guix-build.sh (GUIX_DAEMON_SOCKET): Likewise. * tests/guix-daemon.sh (socket): Likewise. Ludovic Courtès