Unverified Commit 0a538867 authored by Will Fancher's avatar Will Fancher Committed by GitHub
Browse files

nixos/{tmpfiles, wrappers}: explicitly set RestrictSUIDSGID false (#426882)

parents 832f5d97 248c463f

nixos/modules/security/wrappers/default.nix

+1 −0
Original line number Diff line number Diff line
@@ -318,6 +318,7 @@ in 
        "/nix/store"

        "/run/wrappers"

      ];

      serviceConfig.RestrictSUIDSGID = false;

      serviceConfig.Type = "oneshot";

      script = ''

        chmod 755 "${parentWrapperDir}"

nixos/modules/system/boot/systemd/tmpfiles.nix

+1 −0
Original line number Diff line number Diff line
@@ -280,6 +280,7 @@ in 
          "network.hosts"

          "ssh.authorized_keys.root"

        ];

        RestrictSUIDSGID = false;

      };

    };