| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a Guix System service to handle allocation of subuid
and subgid requests. Users that don't care can just add themselves as a
subid-range and don't need to specify anything but their user name.
Users that care about specific ranges, such as possibly LXD, can specify
a start and a count.
* doc/guix.texi (Miscellaneous Services): Document it.
* gnu/build/activation.scm (activate-subuids+subgids): New variable.
* gnu/local.mk: Add gnu/tests/shadow.scm.
* gnu/system/accounts.scm (sexp->subid-range): New variable.
* gnu/system/shadow.scm (%root-subid): New variable;
(subids-configuration): new record;
(subid-range->gexp): new variable;
(assert-valid-subids): new variable;
(delete-duplicate-ranges): new variable;
(subids-activation): new variable;
(subids-extension): new record;
(append-subid-ranges): new variable;
(subids-extension-merge): new variable;
(subids-service-type): new variable.
* gnu/tests/shadow.scm (subids): New system test.
Change-Id: I3755e1c75771220c74fe8ae5de1a7d90f2376635
Signed-off-by: Giacomo Leidi <goodoldpaul@autistici.org>
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is currently a window of time between when the desired directory is
created and when its permissions are changed. During this time, its
permissions are restricted only by the umask.
Of course, in the "directory already exists" case, this doesn't matter, but if
the directory has been specifically deleted ahead of time so that it is
created afresh, this is an unnecessary window.
We can avoid this by passing the caller-provided BITS to 'mkdirat' when
attempting to create the last directory.
* gnu/build/activation.scm (mkdir-p/perms): Create target directory with BITS
permissions.
Change-Id: I03d2c620872e86b6f591abe0f1c8317aa1245383
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes <https://issues.guix.gnu.org/47584>.
I removed the 'Based upon mkdir-p from (guix build utils)'
comment because it's quite a bit different now.
* gnu/build/activation.scm (verify-not-symbolic): Delete.
(mkdir-p/perms): Rewrite in terms of 'openat'.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
Change-Id: Id2f5bcbb903283afd45f6109190210d02eb383c7
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* gnu/system/privilege.scm (<privileged-program>): Add a field
representing the program's POSIX capabilities.
(privileged-program-capabilities): New public procedure.
* doc/guix.texi (Privileged Programs): Document it.
* gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP
package argument providing setcap(8) to apply said capabilities.
* gnu/services.scm (privileged-program->activation-gexp): Pass said
package argument where supported. Include privileged-program-capabilities
in the compatibility hack.
|
| |
|
|
|
|
|
| |
* gnu/build/activation.scm (activate-setuid-programs): Rename this…
(activate-privileged-programs): …to this.
Operate on a list of <privileged-program> records.
* gnu/services.scm (setuid-program->activation-gexp): Adjust caller.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Create /run/setuid-programs compatibility symlinks so that we can
migrate all users (both package and human) piecemeal at our leisure.
Apart from being symlinks, this should be a user-invisible change.
* gnu/build/activation.scm (%privileged-program-directory): New variable.
[activate-setuid-programs]: Put privileged copies in
%PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in
%SETUID-DIRECTORY.
* gnu/services.scm (setuid-program-service-type): Update docstring.
* doc/guix.texi (Setuid Programs): Update @file{} name accordingly.
|
| |
|
|
|
|
|
|
|
| |
* gnu/build/activation.scm (activation-script): Ensure /var/run existence.
* gnu/build/install.scm (evaluate-populate-directive)
[directives]: Remove directory /run.
Change-Id: I19ca8e7605c0cff598ab89077a94e20390ba27b0
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit e9a5eebc785cb843034b38c5c5a6dd10904bdf2a, which
as far as I can tell breaks system roll-backs thusly:
[...]
In gnu/build/accounts.scm:
239:27 3 (_ #<<password-entry> name: "root" password: "x" uid: 0 gid: 0 real-name: "System >)
In unknown file:
2 (string-join ("root" "x" "0" "0" "System administrator" "/root" #t) ":" #<undefined>)
In ice-9/boot-9.scm:
1685:16 1 (raise-exception _ #:continuable? _)
1685:16 0 (raise-exception _ #:continuable? _)
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure string-append: Wrong type (expecting string): #t
|
| |
|
|
|
|
|
|
|
|
|
| |
* gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New
field.
(user-account-home-directory-permissions): New accessor.
* gnu/build/activation.scm (activate-users+groups): Use home directory
permission bits from the user account object.
* doc/guix.texi (User Accounts): Document new field.
Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
|
| |
|
|
|
| |
* gnu/build/activation.scm (activate-firmware): Check if firmware loading is
enabled before attempting to use it.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is to make it less surprising, given the common convention sets forth by
the kernel Linux command-line parameters.
* gnu/build/linux-boot.scm (boot-system): Rename '--load', '--repl', '--root'
and '--system' to 'gnu.load', 'gnu.repl', 'root' and 'gnu.system',
respectively. Adjust doc.
(find-long-option): Adjust doc.
* gnu/installer/parted.scm (installer-root-partition-path): Adjust accordingly.
* gnu/system.scm (bootable-kernel-arguments): Add a VERSION argument and
update doc. Use VERSION to conditionally return old style vs new style initrd
arguments.
(%boot-parameters-version): Increment to 1.
(operating-system-boot-parameters): Adjust doc.
(operating-system-boot-parameters-file): Likewise.
* gnu/system/linux-initrd.scm (raw-initrd, base-initrd): Likewise.
* doc/guix.texi: Adjust doc.
* gnu/build/activation.scm (boot-time-system): Adjust accordingly.
* gnu/build/hurd-boot.scm (boot-hurd-system): Likewise.
* gnu/packages/commencement.scm (%final-inputs-riscv64): Adjust comment.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
New record <setuid-program> with fields for setting the specific user
and group, as well as specifically selecting the setuid and setgid bits,
for a program within the setuid-program-service.
* gnu/services.scm (setuid-program-file-like-deprecated): New function.
(setuid-program-service-type): Make use of
setuid-program->activation-gexp. Adjust the extend property to handle
<setuid-program>.
* gnu/build/activation.scm (activate-setuid-programs): Update to expect a
<setuid-record> list for each program entry.
* gnu/system.scm: (operating-system-setuid-programs): Renamed to
%operating-system-setuid-programs and replace it with new procedure.
(operating-system-default-essential-services,
hurd-default-essential-services): Replace
operating-system-setuid-programs with
%operating-system-setuid-programs.
* gnu/system/setuid.scm: New file.
* doc/guix.texi (Setuid Programs): Document <setuid-program>.
Co-authored-by: Brice Waegeneire <brice@waegenei.re>
|
| |
|
|
|
|
|
|
|
|
|
| |
Fixes <https://bugs.gnu.org/47584>.
* gnu/build/activation.scm (copy-account-skeletons): Do not chown the
home directory; leave this to 'activate-user-home'.
(activate-user-home): Only chown the home directory after the account
skeletons have been copied.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
|
|
|
|
| |
Fixes <https://bugs.gnu.org/46395>.
Reported by Duncan Overbruck <mail@duncano.de>.
* gnu/build/activation.scm (activate-setuid-programs): Change TARGET
mode to not be setgid.
|
| |
|
|
|
|
|
| |
* gnu/build/activation.scm (boot-time-system):
Evaluate the linux-command-line thunk for linux systems to boot
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
|
|
|
| |
* gnu/build/activation.scm (boot-time-system): Use "command-line" for the
Hurd.
* gnu/system.scm (hurd-default-essential-services): Add %boot-service and
%activation-service.
|
| |
|
|
|
|
|
| |
* gnu/build/activation.scm (activate-modprobe): Check whether
/proc/sys/kernel/modprobe exists before writing to it.
Co-authored-by: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
|
|
|
|
| |
Fixes <https://bugs.gnu.org/38800>.
Reported by Jakub Kądziołka <kuba@kadziolka.net>.
* gnu/build/activation.scm (activate-setuid-programs): Catch
'system-error' around 'make-setuid-program' calls.
|
| |
|
|
|
|
|
|
|
| |
Suggested by Florian Pelz <pelzflorian@pelzflorian.de>
in <http://bugs.gnu.org/35996>.
* gnu/build/accounts.scm (%password-lock-file): New variable.
* gnu/build/activation.scm (activate-users+groups): Wrap calls to
'user+group-databases', 'write-group', etc. into 'with-file-lock'.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes <https://bugs.gnu.org/34788>.
Reported by Jack Hill <jackhill@jackhill.us>.
Regression introduced by the combination of
8bb76f3d44c1f5ffec8011819494db306a51d801 and
0ae735bcc8ff7fdc89d67b492bdee9091ee19e86: /var/empty would be 700 and
owned by one of the system accounts (thus inaccessible to others), and
/var/run/dbus would be 700 as well, thereby preventing D-Bus clients
from connecting to the daemon.
* gnu/build/activation.scm (duplicates): New procedure.
(activate-users+groups)[system-accounts]: New variable.
Use it. Make shared system account home directories #o555 and
root-owned.
* gnu/services/dbus.scm (dbus-activation): Make /var/run/dbus #o755.
* gnu/tests/base.scm (run-basic-test): Test the ownership and
permissions of /var/empty.
|
| |
|
|
|
|
|
|
|
|
|
| |
* gnu/build/activation.scm (enumerate, current-users, current-groups)
(add-group, add-user, modify-user, ensure-user): Remove.
(activate-users+groups)[touch, activate-user]: Remove.
[make-home-directory]: New procedure.
Rewrite in terms of 'user+group-databases', 'write-group', etc.
* gnu/build/install.scm (directives): Remove "/root".
* gnu/system/shadow.scm (account-activation): Remove (setenv "PATH" ...)
expression, which is now unneeded.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* gnu/system/accounts.scm (sexp->user-group, sexp->user-account): New
procedures.
* gnu/system/shadow.scm (account-activation): Call them in the arguments
to 'activate-users+groups'.
(account-shepherd-service): Likewise.
* gnu/build/activation.scm (activate-users+groups): Expect a list of
<user-account> and a list of <user-group>. Replace uses of 'match' on
tuples with calls to record accessors.
(activate-user-home): Likewise.
|
| |
|
|
|
|
|
|
| |
Until now they'd be #o755, except for /root, which is treated specially
in (gnu build install).
* gnu/build/activation.scm (activate-user-home): Chmod HOME to #o700.
Remove redundant 'unless system?'.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes <https://bugs.gnu.org/33422>.
Reported by fps.
* gnu/build/activation.scm (add-user): Always pass "-d HOME" when HOME
is true. Pass "--create-home" only when HOME, CREATE-HOME?, and SYSTEM?
are true.
(activate-users+groups): Pass #:create-home? create-home? to
'ensure-user'.
* gnu/tests/base.scm (run-basic-test)["accounts"]: Test 'passwd:dir' as
well.
|
| |
|
|
|
|
|
|
|
| |
Fixes a bug whereby changes to user home directories in the OS config
would never be effective.
Reported by Pierre Neidhardt <ambrevar@gmail.com>.
* gnu/build/activation.scm (modify-user): Pass '-d HOME'.
|
| |
|
|
|
|
|
| |
Fixes <https://bugs.gnu.org/28751>.
* gnu/build/activation.scm (activate-setuid-programs)[link-or-copy]: Remove.
Use 'copy-file' instead.
|
| |
|
|
|
|
|
| |
Fixes <http://bugs.gnu.org/27146>.
Reported by ng0 <ng0@pragmatique.xyz>.
* gnu/build/activation.scm (activate-etc): Add call to 'mkdir-p'.
|
| |
|
|
|
|
|
|
|
| |
Reported by Alex Griffin <a@ajgrf.com>.
Fixes <http://bugs.gnu.org/27135>.
* gnu/build/activation.scm (add-user): When UID is zero, add 'chmod'
call.
* gnu/tests/base.scm (run-basic-test)["permissions on /root"]: New test.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes a bug whereby GuixSD would create the /nonexistent directory, from
user 'nobody', even though it has 'create-home-directory?' set to #f.
* gnu/build/activation.scm (activate-users+groups): Add comment for
\#:create-home?.
(activate-user-home)[ensure-user-home]: Skip when CREATE-HOME? is #f or
SYSTEM? is #t.
* gnu/tests/base.scm (run-basic-test)["no extra home directories"]: New
tests.
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* gnu/build/activation.scm (activate-/bin/sh): Remove.
(activate-special-files): New procedure.
* gnu/services.scm (activation-script): Remove call to
'activate-/bin/sh'.
(special-files-service-type): New variable.
(extra-special-file): New procedure.
* gnu/services/base.scm (%base-services): Add SPECIAL-FILES-SERVICE-TYPE
instance.
* gnu/tests/base.scm (run-basic-test)[special-files]: New variables.
["special files"]: New test.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This fixes a regression introduced in
ae763b5b0b7d5e7316a3d0efe991fe8ab2261031 whereby home directories and
skeletons would be root-owned.
* gnu/build/activation.scm (copy-account-skeletons): Make 'directory' a
keyword parameter. Add #:uid and #:gid and honor them.
[set-owner]: New procedure.
(activate-user-home): Add call to 'getpw' and 'chown'. Pass UID and GID
to 'copy-account-skeletons'.
* gnu/tests/base.scm (run-basic-test)["skeletons in home directories"]:
Test file ownership under HOME.
|
| |\| |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes <http://bugs.gnu.org/21108>.
Reported by Andy Patterson <ajpatter@uwaterloo.ca>
and Leo Famulari <leo@famulari.name>.
* gnu/build/activation.scm (activate-users+groups)[activate-user]: Pass
#:create-home? #t iff CREATE-HOME? and SYSTEM?.
(activate-user-home): New procedure.
* gnu/system/shadow.scm (account-shepherd-service): New procedure.
(account-service-type)[extensions]: Add SHEPHERD-ROOT-SERVICE-TYPE
extension.
* gnu/tests/base.scm (run-basic-test)["home"]
["skeletons in home directories"]: New tests.
* gnu/tests/install.scm (%separate-home-os, %separate-home-os-source)
(%test-separate-home-os): New variables.
|
| |/
|
|
|
|
| |
* gnu/build/activation.scm (make-file-writable): Move this to ...
* guix/build/utils.scm (make-file-writable): ... here. Export it.
* guix/build/gnu-build-system.scm (strip): Use it.
|
| |
|
|
|
|
|
| |
This is a followup to commit 6526d43ea4fb0cd151a0d5e9a072c651c1c963d1.
* gnu/build/activation.scm (activate-user+groups): Use mkdir-p to create
/var/lib.
|
| |
|
|
|
| |
* gnu/build/activation.scm (activate-user+groups): Make sure /var/lib
exists.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
* gnu/system/shadow.scm (<user-account>)[create-home-directory?]: New
field.
(user-account->gexp): Serialize it.
* gnu/build/activation.scm (activate-users+groups)[activate-user]:
Update 'match-lambda' pattern accordingly. Pass #:create-home? to
'ensure-user'.
(add-user, modify-user, ensure-user): Add #:create-home? parameter and
honor it.
* doc/guix.texi (User Accounts): Document it.
|
| |
|
|
|
| |
* gnu/build/activation.scm (copy-account-skeletons): Pass #:log to
'copy-recursively'.
|
| |
|
|
|
|
| |
* gnu/system/shadow.scm (skeleton-directory): Use 'copy-recursively'
instead of 'copy-file'.
* gnu/build/activation.scm (copy-account-skeletons): Likewise.
|
| |
|
|
|
| |
* gnu/build/activation.scm (activate-ptrace-attach): Check for the existence
of /proc/sys/kernel/yama/ptrace_scope before trying to write to it.
|
| |
|
|
|
|
|
| |
* gnu/build/activation.scm (make-file-writable,
make-skeletons-writable): New procedures.
(copy-account-skeletons): Call 'make-file-writable' after 'copy-file'.
(add-user): Add call to 'make-skeletons-writable'.
|
| |
|
|
|
| |
* gnu/build/activation.scm (activate-ptrace-attach): New procedure.
* gnu/system.scm (operating-system-activation-script): Use it.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes <http://bugs.gnu.org/19795>.
Reported by David Thompson <dthompson2@worcester.edu>.
* gnu/build/activation.scm (enumerate, current-users, current-groups,
delete-user, delete-group): New procedures.
(activate-users+groups): Add calls to 'delete-user' and
'delete-group'.
* doc/guix.texi (User Accounts): Add a paragraph about statelessness.
Explain that passwords are preserved.
|
| |
|
|
|
|
|
|
| |
* gnu/build/activation.scm (activate-etc): Create /etc/ssl symlink.
* gnu/system.scm (etc-directory): Set SSL_CERT_DIR, SSL_CERT_FILE,
and GIT_SSL_CAINFO in /etc/profile.
Co-Authored-By: Ludovic Courtès <ludo@gnu.org>
|
| |
|
|
|
|
|
| |
* gnu/build/activation.scm (%skeleton-directory): New variable.
(dot-or-dot-dot?, copy-account-skeletons): New procedure.
(add-user): Use 'copy-account-skeletons'.
(activate-etc): Use 'dot-or-dot-dot?'.
|
| |
|
|
|
| |
* gnu/build/activation.scm (activate-etc): Don't create
"/var/guix/gcroots/etc-directory".
|
| |
|
|
|
|
|
|
|
|
| |
* gnu/build/activation.scm (activate-firmware): New procedure.
* gnu/system.scm (<operating-system>)[firmware]: New field.
(directory-union): New procedure.
(%base-firmware): New variable.
(operating-system-activation-script): Use 'directory-union', and call
'activate-firmware'.
* doc/guix.texi (operating-system Reference): Document 'firmware'.
|
| |
|
|
|
|
|
|
|
| |
Fixes <http://bugs.gnu.org/18525>.
Reported by Mark H Weaver <mhw@netris.org>.
* gnu/build/activation.scm (activate-modprobe): New procedure.
* gnu/system.scm (modprobe-wrapper): New procedure.
(operating-system-activation-script): Use both.
|
