[Nix-dev] What about introducing security.packages?
Yury G. Kudryashov
urkud.urkud at gmail.com
Sat Aug 20 16:18:27 CEST 2011
Hi!
We have quite a few *.packages variables in NixOS: udev.packages,
hal.packages, dbus.packages etc.
I see only one reason for separating these packages from system.packages:
programs/config files/... supplied by these packages are likely to be
executed/readed by a daemon running under root priveledges.
I propose to merge these variables into one variable (say,
security.packages). If nobody objects, I'll start working on this.
Also I'd like to change the way /var/setuid-wrappers list is generated.
I propose the following way: packages in nixpkgs advertise that they need
given binary to be wrapped as setuid. For each package in security.packages,
we create all wrappers requested by these packages. This will solve the
problem of setuid-wrappers that point to a non-existent binary in "default"
profile.
--
Yury G. Kudryashov,
mailto: urkud at mccme.ru
More information about the nix-dev
mailing list