Add `programs.ecryptfs` for mount wrappers. (5d778d1f) · Commits · nix / nixpkgs

nixos/modules/module-list.nix

+1 −0

Original line number	Diff line number	Diff line
		@@ -163,6 +163,7 @@
		./programs/direnv.nix
		./programs/dmrconfig.nix
		./programs/droidcam.nix
		./programs/ecryptfs.nix
		./programs/environment.nix
		./programs/evince.nix
		./programs/extra-container.nix

0 → 100644

+31 −0

Original line number	Diff line number	Diff line
		{ config, lib, pkgs, ... }:

		with lib;

		let
		cfg = config.programs.ecryptfs;

		in {
		options.programs.ecryptfs = {
		enable = mkEnableOption (lib.mdDoc "ecryptfs setuid mount wrappers");
		};

		config = mkIf cfg.enable {
		security.wrappers = {

		"mount.ecryptfs_private" = {
		setuid = true;
		owner = "root";
		group = "root";
		source = "${lib.getBin pkgs.ecryptfs}/bin/mount.ecryptfs_private";
		};
		"umount.ecryptfs_private" = {
		setuid = true;
		owner = "root";
		group = "root";
		source = "${lib.getBin pkgs.ecryptfs}/bin/umount.ecryptfs_private";
		};

		};
		};
		}