Unverified Commit 9a415c28 authored by Michele Guerini Rocco's avatar Michele Guerini Rocco Committed by GitHub
Browse files

dhcpcd: fix more permissions errors (#351225)

parents 67bef9e8 483e4468

nixos/modules/config/resolvconf.nix

+6 −3
Original line number Diff line number Diff line
@@ -161,9 +161,12 @@ in 


        script = ''

          ${lib.getExe cfg.package} -u

          files=(/run/resolvconf ${lib.escapeShellArgs cfg.subscriberFiles})

          chgrp -R resolvconf "''${files[@]}"

          chmod -R g=u "''${files[@]}"

          chgrp resolvconf ${lib.escapeShellArgs cfg.subscriberFiles}

          chmod g=u ${lib.escapeShellArgs cfg.subscriberFiles}

          ${lib.getExe' pkgs.acl "setfacl"} -R \

            -m group:resolvconf:rwx \

            -m default:group:resolvconf:rwx \

            /run/resolvconf

        '';

      };

nixos/modules/services/networking/dhcpcd.nix

+1 −1
Original line number Diff line number Diff line
@@ -249,7 +249,7 @@ in 
            ExecReload = "${dhcpcd}/sbin/dhcpcd --rebind";

            Restart = "always";

            AmbientCapabilities = [ "CAP_NET_ADMIN" "CAP_NET_RAW" "CAP_NET_BIND_SERVICE" ];

            ReadWritePaths = [ "/proc/sys/net/ipv6" ]

            ReadWritePaths = [ "/proc/sys/net/ipv4" "/proc/sys/net/ipv6" ]

              ++ lib.optionals useResolvConf ([ "/run/resolvconf" ] ++ config.networking.resolvconf.subscriberFiles);

            DeviceAllow = "";

            LockPersonality = true;