;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
;;; Copyright © 2022 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system privilege)
  #:use-module (guix records)
  #:export (privileged-program
            privileged-program?
            privileged-program-program
            privileged-program-setuid?
            privileged-program-setgid?
            privileged-program-user
            privileged-program-group
            privileged-program-capabilities

            file-like->setuid-program))

;;; Commentary:
;;;
;;; Data structures representing privileged programs: binaries with additional
;;; permissions such as setuid/setgid, or POSIX capabilities.  This is meant to
;;; be used both on the host side and at run time--e.g., in activation snippets.
;;;
;;; Code:

(define-record-type* <privileged-program>
  privileged-program make-privileged-program
  privileged-program?
  ;; File name of the program to assign elevated privileges.
  (program       privileged-program-program) ;file-like
  ;; Whether to set the setuid (‘set user ID’) bit.
  (setuid?       privileged-program-setuid? ;boolean
                 (default #f))
  ;; Whether to set the setgid (‘set group ID’) bit.
  (setgid?       privileged-program-setgid? ;boolean
                 (default #f))
  ;; The user name or ID this should be set to (defaults to root's).
  (user          privileged-program-user ;integer or string
                 (default 0))
  ;; The group name or ID we want to set this to (defaults to root's).
  (group         privileged-program-group ;integer or string
                 (default 0))
  ;; POSIX capabilities in cap_from_text(3) form (defaults to #f: none).
  (capabilities  privileged-program-capabilities ;string or #f
                 (default #f)))

(define (file-like->setuid-program program)
  "Simple wrapper to facilitate MAPping over a list of file-like objects and
make them setuid, a pattern just common enough to justify a special helper."
  (privileged-program (program program)
                      (setuid? #t)))
/packages/openbox.scm?id=3c986a7dc268756c097212de958f046b29b76c1b'>mailmap: Update entries for Nikita.</a><span class='msg-avail'>...<span class='msg-tooltip'>* .mailmap: change email and name for Nikita.
* Makefile.am, doc/guix.texi, etc/completion/fish/guix.fish,
gnu/packages/accessibility.scm, gnu/packages/admin.scm,
gnu/packages/audio.scm, gnu/packages/autotools.scm, gnu/packages/cdrom.scm,
gnu/packages/check.scm, gnu/packages/cinnamon.scm,
gnu/packages/compression.scm, gnu/packages/crypto.scm,
gnu/packages/databases.scm, gnu/packages/django.scm, gnu/packages/dns.scm,
gnu/packages/elixir.scm, gnu/packages/emacs-xyz.scm, gnu/packages/emacs.scm,
gnu/packages/enlightenment.scm, gnu/packages/erlang.scm,
gnu/packages/fonts.scm, gnu/packages/fontutils.scm, gnu/packages/forth.scm,
gnu/packages/fvwm.scm, gnu/packages/games.scm, gnu/packages/gl.scm,
gnu/packages/gnome.scm, gnu/packages/gnunet.scm, gnu/packages/gnupg.scm,
gnu/packages/gtk.scm, gnu/packages/guile-wm.scm, gnu/packages/guile-xyz.scm,
gnu/packages/haskell-apps.scm, gnu/packages/haskell-check.scm,
gnu/packages/haskell-crypto.scm, gnu/packages/haskell-xyz.scm,
gnu/packages/haskell.scm, gnu/packages/image-viewers.scm,
gnu/packages/image.scm, gnu/packages/irc.scm, gnu/packages/language.scm,
gnu/packages/libcanberra.scm, gnu/packages/linux.scm,
gnu/packages/lisp-xyz.scm, gnu/packages/lisp.scm, gnu/packages/lolcode.scm,
gnu/packages/lxde.scm, gnu/packages/lxqt.scm, gnu/packages/mail.scm,
gnu/packages/markup.scm, gnu/packages/mate.scm, gnu/packages/maths.scm,
gnu/packages/mc.scm, gnu/packages/messaging.scm, gnu/packages/music.scm,
gnu/packages/ncurses.scm, gnu/packages/networking.scm,
gnu/packages/nickle.scm, gnu/packages/openbox.scm, gnu/packages/pdf.scm,
gnu/packages/perl-check.scm, gnu/packages/perl.scm,
gnu/packages/python-compression.scm, gnu/packages/python-crypto.scm,
gnu/packages/python-web.scm, gnu/packages/python-xyz.scm,
gnu/packages/python.scm, gnu/packages/qt.scm, gnu/packages/ruby.scm,
gnu/packages/rust.scm, gnu/packages/scheme.scm,
gnu/packages/serialization.scm, gnu/packages/shells.scm,
gnu/packages/ssh.scm, gnu/packages/suckless.scm, gnu/packages/tbb.scm,
gnu/packages/telephony.scm, gnu/packages/text-editors.scm,
gnu/packages/textutils.scm, gnu/packages/time.scm, gnu/packages/tls.scm,
gnu/packages/tor.scm, gnu/packages/version-control.scm,
gnu/packages/video.scm, gnu/packages/vim.scm, gnu/packages/web.scm,
gnu/packages/wm.scm, gnu/packages/xdisorg.scm, gnu/packages/xfce.scm,
gnu/packages/xml.scm, gnu/packages/xorg.scm, gnu/services/certbot.scm,
gnu/services/desktop.scm, gnu/services/version-control.scm,
gnu/services/web.scm, guix/import/hackage.scm, guix/licenses.scm: Likewise.

Signed-off-by: Efraim Flashner &lt;efraim@flashner.co.il&gt;
</span></span></td><td>nikita</td></tr>