nixos/security.wrappers: improve documentation

* The source attribute is mandatory, not optional * The program attribute is optional * Move the info about the mandatory attribute first (most important, IMHO)
2017-02-15 19:51:12 +01:00 · 2017-02-15 19:51:12 +01:00 · ce0a52f9bf
parent aba35a5c2d
commit ce0a52f9bf
1 changed files with 8 additions and 6 deletions
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@ -116,16 +116,18 @@ in
        default (setuid root, but not setgid root).

        <note>
+          <para>The sub-attribute <literal>source</literal> is mandatory,
+          it must be the absolute path to the program to be wrapped.
+          </para>
+
+          <para>The sub-attribute <literal>program</literal> is optional and
+          can give the wrapper program a new name. The default name is the same
+          as the attribute name itself.</para>
+
          <para>Additionally, this option can set capabilities on a
          wrapper program that propagates those capabilities down to the
          wrapped, real program.</para>

-          <para>The <literal>program</literal> attribute is the name of
-          the program to be wrapped. If no <literal>source</literal>
-          attribute is provided, specifying the absolute path to the
-          program, then the program will be searched for in the path
-          environment variable.</para>
-
          <para>NOTE: cap_setpcap, which is required for the wrapper
          program to be able to raise caps into the Ambient set is NOT
          raised to the Ambient set so that the real program cannot