[Nix-dev] linux capabilities (was: setuid wrappers (fuse/sshfs))

Mathijs Kwik mathijs at bluescreen303.nl
Wed Jan 4 01:23:26 CET 2012


that makes sense.

as of linux 2.6.26 however,
setcap cap_sys_nice=+ep
can be used for that instead

most/all reasons why you would want to run as root can be handled
through capabilities. Are there any nixos modules to set these?

Also, the boundary between nixos and nixpkgs is not fully clear to me
considering permissions (setuid/capabilities). For something "drastic"
as setuid, it's clear that the sysadmin should be in control when
deciding which binaries get it (the way it is now). However, for
relatively harmless capabilities (raw packets for "ping"), I would
like packages to be able to set these themselves. You can't expect the
sysadmin to know about all these cases.
Of course we don't want malicious users to write their own derviations
to abuse that power, so it would be nice if packages just contain the
capabilities they can use, and have a nixos "capTrustedPackages"
setting to effectuate them.

what do you (and others) think of this?
And about using capabilities in general?

Thanks
Mathijs


On Tue, Jan 3, 2012 at 11:54 PM, Eelco Dolstra <e.dolstra at tudelft.nl> wrote:
> Hi,
>
> On 03/01/12 23:53, Mathijs Kwik wrote:
>
>> I noticed setuid-wrappers.nix contained cdrdao, wodim and growisofs,
>> all cd/dvd burning tools.
>> Is there a reason for this? on Arch they aren't.
>> it seems udev + consolekit take care of setting an RW acl on /dev/sr0
>> for the user that's logged in/active on the console. Furthermore,
>> group "cdrom" has write access to that device.
>
> If I remember correctly, it's to allow them to get realtime priority.
>
> --
> Eelco Dolstra | http://www.st.ewi.tudelft.nl/~dolstra/


More information about the nix-dev mailing list