nixpkgs

b12f/nixpkgs

Fork 0

Commit graph

Author	SHA1	Message	Date
Jörg Thalheim	dbd05a5289	Update nixos/modules/security/wrappers/wrapper.nix Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>	2021-01-14 09:00:34 +00:00
Jörg Thalheim	eadffd9154	nixos/wrappers: fix applying capabilities With libcap 2.41 the output of cap_to_text changed, also the original author of code hoped that this would never happen. To counter this now the security-wrapper only relies on the syscall ABI, which is more stable and robust than string parsing. If new breakages occur this will be more obvious because version numbers will be incremented. Furthermore all errors no make execution explicitly fail instead of hiding errors behind debug environment variables and the code style was more consistent with no goto fail; goto fail; vulnerabilities (https://gotofail.com/)	2021-01-14 08:46:57 +01:00

Author

SHA1

Message

Date

Jörg Thalheim

dbd05a5289

Update nixos/modules/security/wrappers/wrapper.nix

Co-authored-by: Cole Helbling <cole.e.helbling@outlook.com>

2021-01-14 09:00:34 +00:00

Jörg Thalheim

eadffd9154

nixos/wrappers: fix applying capabilities

With libcap 2.41 the output of cap_to_text changed, also the original
author of code hoped that this would never happen.
To counter this now the security-wrapper only relies on the syscall
ABI, which is more stable and robust than string parsing. If new
breakages occur this will be more obvious because version numbers will
be incremented.
Furthermore all errors no make execution explicitly fail instead of
hiding errors behind debug environment variables and the code style was
more consistent with no goto fail; goto fail; vulnerabilities (https://gotofail.com/)

2021-01-14 08:46:57 +01:00

2 commits