diff options
author | tv <tv@krebsco.de> | 2022-01-26 12:48:24 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2022-01-26 12:58:26 +0100 |
commit | f4e35a731286d9ce733e3b18ba7d284ada58f76e (patch) | |
tree | 9061b9736d14508d38747293f915110893b92855 | |
parent | c5c0caa4c12ca366f2afd00521d4d392a4b0d181 (diff) |
krebs.setuid: add support for capabilities
-rw-r--r-- | krebs/3modules/setuid.nix | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/krebs/3modules/setuid.nix b/krebs/3modules/setuid.nix index 64fedb911..6ad2f1264 100644 --- a/krebs/3modules/setuid.nix +++ b/krebs/3modules/setuid.nix @@ -30,6 +30,10 @@ with import <stockholm/lib>; }; apply = toString; }; + capabilities = mkOption { + default = []; + type = types.listOf types.str; + }; owner = mkOption { default = "root"; type = types.enum (attrNames users); @@ -67,6 +71,9 @@ with import <stockholm/lib>; cp ${src} ${dst} chown ${cfg.owner}.${cfg.group} ${dst} chmod ${cfg.mode} ${dst} + ${optionalString (cfg.capabilities != []) /* sh */ '' + ${pkgs.libcap.out}/bin/setcap ${concatMapStringsSep "," shell.escape cfg.capabilities} ${dst} + ''} ''; })); }; |