aboutsummaryrefslogtreecommitdiff
path: root/gnu/system/privilege.scm
blob: fe6e60ad7c4dd5d80bf46416d8c11656fcd1979f (about) (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66

;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2021 Brice Waegeneire <brice@waegenei.re>
;;; Copyright © 2022 Tobias Geerinckx-Rice <me@tobias.gr>
;;;
;;; This file is part of GNU Guix.
;;;
;;; GNU Guix is free software; you can redistribute it and/or modify it
;;; under the terms of the GNU General Public License as published by
;;; the Free Software Foundation; either version 3 of the License, or (at
;;; your option) any later version.
;;;
;;; GNU Guix is distributed in the hope that it will be useful, but
;;; WITHOUT ANY WARRANTY; without even the implied warranty of
;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
;;; GNU General Public License for more details.
;;;
;;; You should have received a copy of the GNU General Public License
;;; along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.

(define-module (gnu system privilege)
  #:use-module (guix records)
  #:export (privileged-program
            privileged-program?
            privileged-program-program
            privileged-program-setuid?
            privileged-program-setgid?
            privileged-program-user
            privileged-program-group
            privileged-program-capabilities

            file-like->setuid-program))

;;; Commentary:
;;;
;;; Data structures representing privileged programs: binaries with additional
;;; permissions such as setuid/setgid, or POSIX capabilities.  This is meant to
;;; be used both on the host side and at run time--e.g., in activation snippets.
;;;
;;; Code:

(define-record-type* <privileged-program>
  privileged-program make-privileged-program
  privileged-program?
  ;; File name of the program to assign elevated privileges.
  (program       privileged-program-program) ;file-like
  ;; Whether to set the setuid (‘set user ID’) bit.
  (setuid?       privileged-program-setuid? ;boolean
                 (default #f))
  ;; Whether to set the setgid (‘set group ID’) bit.
  (setgid?       privileged-program-setgid? ;boolean
                 (default #f))
  ;; The user name or ID this should be set to (defaults to root's).
  (user          privileged-program-user ;integer or string
                 (default 0))
  ;; The group name or ID we want to set this to (defaults to root's).
  (group         privileged-program-group ;integer or string
                 (default 0))
  ;; POSIX capabilities in cap_from_text(3) form (defaults to #f: none).
  (capabilities  privileged-program-capabilities ;string or #f
                 (default #f)))

(define (file-like->setuid-program program)
  "Simple wrapper to facilitate MAPping over a list of file-like objects and
make them setuid, a pattern just common enough to justify a special helper."
  (privileged-program (program program)
                      (setuid? #t)))
generated by cgit
>bash_completion: Complete options for ‘guix environment’....Note that there are still plenty of bugs that this series didn't fix, e.g.: $ guix time-machine -- system reconf<Tab> * etc/completion/bash/guix (_guix_complete): Call _guix_complete_option if the word at point looks like an option. Tobias Geerinckx-Rice 2021-06-16bash completion: Complete options for the right command....* etc/completion/bash/guix (_guix_complete_option): Receive two arguments and complete the second based on the first, instead of blindly completing the very last word based on the very first (sub)command. (_guix_complete): Adjust both calls. Tobias Geerinckx-Rice 2021-06-16bash completion: Really support subcommands....* etc/completion/bash/guix (_guix_is_option): New function. (_guix_is_command): Remove function to replace it with simple string comparison… (_guix_complete): …here. Complete the ‘innermost’ command at point. Tobias Geerinckx-Rice 2020-12-04bash completion: Complete file names after '-f' and '-l'....* etc/completion/bash/guix (_guix_is_dash_f, _guix_is_dash_l): New functions. (_guix_complete): Complete file names after 'guix package -f', 'guix build -f', and 'guix environment -l'. Ludovic Courtès 2020-09-24bash completion: Adjust to new 'guix help' output....This is a followup to 3794ce93be8216d8378df7b808ce7f53b1e05a53, which broke command completion. Reported by Oleg Pykhalov <go.wigust@gmail.com>. * etc/completion/bash/guix (_guix_complete_command): Update to match output of 'guix help' as introduced in 3794ce93be8216d8378df7b808ce7f53b1e05a53. Ludovic Courtès 2020-09-21bash completion: Complete file names after 'guix package -p'....* etc/completion/bash/guix (_guix_complete): Add _guix_is_dash_p. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Fulbert 2020-09-10bash completion: Restore completion for 'guix system', etc....Commit 538ca8dd65f0075cc65bcca18ed87f66a789290a introduced a second '_guix_complete_subcommand' function, shadowing the existing one, which broke sub-command completion for 'guix system', 'guix import', etc. * etc/completion/bash/guix: Distinguish between '_guix_complete_command' and '_guix_complete_subcommand'. Adjust users to call the right one. Ludovic Courtès 2020-06-27bash completion: Complete 'guix environment' properly....* etc/completion/bash/guix (_guix_complete): Add case for "guix environment". Ludovic Courtès 2020-06-04bash completion: Complete sub-commands after 'guix time-machine'....* etc/completion/bash/guix (_guix_complete_subcommand): New function. (_guix_complete): Use it. For "time-machine", call '_guix_complete_subcommand' by default. Ludovic Courtès 2020-06-04bash completion: Complete file names after '-p' and '-C'....* etc/completion/bash/guix (_guix_is_dash_C, _guix_is_dash_p): New functions. (_guix_complete): Honor them for "install", "remove", "upgrade", "pull", and "time-machine". Ludovic Courtès 2020-02-14guix build: Add '--manifest' option....* guix/scripts/build.scm (show-help): Document --manifest argument. (options->things-to-build): When given a manifest, evaluate all the entries. * tests/guix-build.sh: Add test for --manifest. * doc/guix.texi (Additional Build Options): Mention --manifest. * etc/completion/bash/guix: Complete file name if 'guix build' argument is -m. Marius Bakke 2019-04-29guix package: Add 'install', 'remove', and 'upgrade' aliases....* guix/scripts/install.scm, guix/scripts/remove.scm, guix/scripts/upgrade.scm, tests/guix-package-aliases.sh: New files. * Makefile.am (MODULES, SH_TESTS): Add them. * po/guix/POTFILES.in: Add them. * guix/scripts/package.scm (guix-package): Split with... (guix-package*): ... this. New procedure. * doc/guix.texi (Invoking guix package): Document them. (Binary Installation, Application Setup, Package Management) (Packages with Multiple Outputs, Package Modules) (X.509 Certificates, Installing Debugging Files): Use 'guix install' in simple examples. * etc/completion/bash/guix (_guix_complete): Handle "install", "remove", and "upgrade". Ludovic Courtès