setcapWrapper: add support for setting permissions

2017-02-17 15:41:31 +01:00 · 2017-02-17 15:41:31 +01:00 · 070825d443
parent 47ded42788
commit 070825d443
1 changed files with 2 additions and 1 deletions
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@ -28,6 +28,7 @@ let
    , source
    , owner  ? "nobody"
    , group  ? "nogroup"
+    , permissions ? "u+rx,g+x,o+x"
    , ...
    }:
    assert (lib.versionAtLeast (lib.getVersion config.boot.kernelPackages.kernel) "4.3");
@ -45,7 +46,7 @@ let
      ${pkgs.libcap.out}/bin/setcap "cap_setpcap,${capabilities}" $wrapperDir/${program}

      # Set the executable bit
-      chmod u+rx,g+x,o+x $wrapperDir/${program}
+      chmod ${permissions} $wrapperDir/${program}
    '';

  ###### Activation script for the setuid wrappers