Commit 7fad2c2e authored by nikstur's avatar nikstur
Browse files

nixos/wrappers: add enable switch 

Add enable switch to make it possible to disable all wrappers but then
also re-enable all at once by forcing the option to be true.

By default the wrappers are enabled and thus the default behaviour
doesn't change.
parent 120baf41

nixos/modules/security/wrappers/default.nix

+5 −1
Original line number Diff line number Diff line
@@ -165,6 +165,10 @@ in 
  ###### interface



  options = {

    security.enableWrappers = lib.mkEnableOption "SUID/SGID wrappers" // {

      default = true;

    };



    security.wrappers = lib.mkOption {

      type = lib.types.attrsOf wrapperType;

      default = {};
@@ -227,7 +231,7 @@ in 
  };



  ###### implementation

  config = {

  config = lib.mkIf config.security.enableWrappers {



    assertions = lib.mapAttrsToList

      (name: opts: