From ce0a52f9bfd5bdc5e2e0ed09ee1abaa9b088638e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bj=C3=B8rn=20Forsman?= <bjorn.forsman@gmail.com>
Date: Wed, 15 Feb 2017 19:51:12 +0100
Subject: [PATCH] nixos/security.wrappers: improve documentation

* The source attribute is mandatory, not optional
* The program attribute is optional
* Move the info about the mandatory attribute first (most important,
  IMHO)
---
 nixos/modules/security/wrappers/default.nix | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix
index 98913a974fc..861ce225257 100644
--- a/nixos/modules/security/wrappers/default.nix
+++ b/nixos/modules/security/wrappers/default.nix
@@ -116,16 +116,18 @@ in
         default (setuid root, but not setgid root).
 
         <note>
+          <para>The sub-attribute <literal>source</literal> is mandatory,
+          it must be the absolute path to the program to be wrapped.
+          </para>
+
+          <para>The sub-attribute <literal>program</literal> is optional and
+          can give the wrapper program a new name. The default name is the same
+          as the attribute name itself.</para>
+
           <para>Additionally, this option can set capabilities on a
           wrapper program that propagates those capabilities down to the
           wrapped, real program.</para>
 
-          <para>The <literal>program</literal> attribute is the name of
-          the program to be wrapped. If no <literal>source</literal>
-          attribute is provided, specifying the absolute path to the
-          program, then the program will be searched for in the path
-          environment variable.</para>
-
           <para>NOTE: cap_setpcap, which is required for the wrapper
           program to be able to raise caps into the Ambient set is NOT
           raised to the Ambient set so that the real program cannot