b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Beebooboop

Browse source
This commit is contained in:
Parnell Springmeyer 2017-01-29 05:39:18 -06:00
parent a3e9d77640
commit 3215bcf445
No known key found for this signature in database
GPG key ID: DCCF89258EAD874A
1 changed files with 10 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
nixos/modules/tasks/network-interfaces.nix
View file

@ -898,27 +898,19 @@ in
# Capabilities won't work unless we have at-least a 4.3 Linux
# kernel because we need the ambient capability
security = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") {
wrappers = {
ping = {
source = "${pkgs.iputils.out}/bin/ping";
capabilities = "cap_net_raw+p";
};
ping6 = {
source = "${pkgs.iputils.out}/bin/ping6";
capabilities = "cap_net_raw+p";
};
security.wrappers = if (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") then {
ping = {
source = "${pkgs.iputils.out}/bin/ping";
capabilities = "cap_net_raw+p";
};
};
# If the linux kernel IS older than 4.3, create setuid wrappers
# for ping and ping6
security = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") {
wrappers = {
ping.source = "${pkgs.iputils.out}/bin/ping";
"ping6".source = "${pkgs.iputils.out}/bin/ping6";
ping6 = {
source = "${pkgs.iputils.out}/bin/ping6";
capabilities = "cap_net_raw+p";
};
} else {
ping.source = "${pkgs.iputils.out}/bin/ping";
"ping6".source = "${pkgs.iputils.out}/bin/ping6";
};
# Set the host and domain names in the activation script. Don't