blob: b1d2c579a61a2cc688b10a54156cc2093aca30c0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
|
{ pkgs, ... }:
# TODO use krebs.setuid
# This requires that we can create setuid executables that can only be accessed
# by a single user. [per-user-setuid]
# using bash for %q
pkgs.writeBashBin "ff" ''
exec /var/setuid-wrappers/sudo -u ff -i <<EOF
exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
EOF
''
|
