b12f/nixpkgs
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

nixos/security.wrappers: improve documentation

Browse source 
* The source attribute is mandatory, not optional
* The program attribute is optional
* Move the info about the mandatory attribute first (most important,
  IMHO)
This commit is contained in:
Bjørn Forsman 2017-02-15 19:51:12 +01:00
parent aba35a5c2d
commit ce0a52f9bf
1 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
nixos/modules/security/wrappers/default.nix
View file

@ -116,16 +116,18 @@ in
default (setuid root, but not setgid root). default (setuid root, but not setgid root).
<note> <note>
<para>The sub-attribute <literal>source</literal> is mandatory,
it must be the absolute path to the program to be wrapped.
</para>
<para>The sub-attribute <literal>program</literal> is optional and
can give the wrapper program a new name. The default name is the same
as the attribute name itself.</para>
<para>Additionally, this option can set capabilities on a <para>Additionally, this option can set capabilities on a
wrapper program that propagates those capabilities down to the wrapper program that propagates those capabilities down to the
wrapped, real program.</para> wrapped, real program.</para>
<para>The <literal>program</literal> attribute is the name of
the program to be wrapped. If no <literal>source</literal>
attribute is provided, specifying the absolute path to the
program, then the program will be searched for in the path
environment variable.</para>
<para>NOTE: cap_setpcap, which is required for the wrapper <para>NOTE: cap_setpcap, which is required for the wrapper
program to be able to raise caps into the Ambient set is NOT program to be able to raise caps into the Ambient set is NOT
raised to the Ambient set so that the real program cannot raised to the Ambient set so that the real program cannot