[Nix-dev] atd broken by hard-link security features
Peter Simons
simons at cryp.to
Fri Apr 26 23:42:58 CEST 2013
Hi guys,
the 'atd' daemon in NixOS doesn't work any more. The problem is that
'at' creates job files in /var/spool/atjobs that are owned by the user
who submitted the job, but the daemon -- running as user 'atd' -- tries
to lock that job by creating a hardlink to it, which the kernel won't
allow:
kernel: type=1702 audit(1367012178.547:30): op=linkat action=denied \
pid=1069 comm="ln" path="/var/spool/atjobs/a00002015ba626" dev="dm-0" \
ino=11024344
Does anyone have an idea how to work around this issue?
Take care,
Peter
More information about the nix-dev
mailing list