diff options
author | Tobias Geerinckx-Rice <me@tobias.gr> | 2022-05-29 02:00:00 +0200 |
---|---|---|
committer | Tobias Geerinckx-Rice <me@tobias.gr> | 2024-08-11 02:00:00 +0200 |
commit | d6c9754c568588929c3350da8f7b17ae92d2b801 (patch) | |
tree | 191b0fd226fc3dacf125c7105e5ca0cc902189c8 /gnu/services.scm | |
parent | 0dffb851e0feced94742ad024f245b925c503fa2 (diff) |
services: setuid-program: Populate /run/privileged/bin.
Create /run/setuid-programs compatibility symlinks so that we can
migrate all users (both package and human) piecemeal at our leisure.
Apart from being symlinks, this should be a user-invisible change.
* gnu/build/activation.scm (%privileged-program-directory): New variable.
[activate-setuid-programs]: Put privileged copies in
%PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in
%SETUID-DIRECTORY.
* gnu/services.scm (setuid-program-service-type): Update docstring.
* doc/guix.texi (Setuid Programs): Update @file{} name accordingly.
Diffstat (limited to 'gnu/services.scm')
-rw-r--r-- | gnu/services.scm | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/gnu/services.scm b/gnu/services.scm index 88593e8091..98355c20f5 100644 --- a/gnu/services.scm +++ b/gnu/services.scm @@ -6,6 +6,7 @@ ;;; Copyright © 2021 raid5atemyhomework <raid5atemyhomework@protonmail.com> ;;; Copyright © 2020 Christine Lemmer-Webber <cwebber@dustycloud.org> ;;; Copyright © 2020, 2021 Brice Waegeneire <brice@waegenei.re> +;;; Copyright © 2022 Tobias Geerinckx-Rice <me@tobias.gr> ;;; Copyright © 2023 Brian Cully <bjc@spork.org> ;;; Copyright © 2024 Nicolas Graves <ngraves@ngraves.fr> ;;; @@ -921,8 +922,12 @@ FILES must be a list of name/file-like object pairs." (extend (lambda (config extensions) (append config extensions))) (description - "Populate @file{/run/setuid-programs} with the specified -executables, making them setuid and/or setgid."))) + "Copy the specified executables to @file{/run/privileged/bin} +and apply special privileges like setuid and/or setgid. + +The deprecated @file{/run/setuid-programs} directory is also populated with +symbolic links to their @file{/run/privileged/bin} counterpart. It will be +removed in a future Guix release."))) (define (packages->profile-entry packages) "Return a system entry for the profile containing PACKAGES." |