X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 20:46:01 +0000
Resent-Message-ID: <handler.61462.B.167623471817324 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: report 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 61462 <at> debbugs.gnu.org
X-Debbugs-Original-To: guix-patches@HIDDEN
Received: via spool by submit <at> debbugs.gnu.org id=B.167623471817324
(code B ref -1); Sun, 12 Feb 2023 20:46:01 +0000
Received: (at submit) by debbugs.gnu.org; 12 Feb 2023 20:45:18 +0000
Received: from localhost ([127.0.0.1]:46957 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJDq-0004VL-Ak
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:45:18 -0500
Received: from lists.gnu.org ([209.51.188.17]:54442)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJDo-0004VD-J1
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:45:16 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <me@HIDDEN>) id 1pRJDn-0002WH-Vy
for guix-patches@HIDDEN; Sun, 12 Feb 2023 15:45:16 -0500
Received: from tobias.gr ([2a02:c205:2020:6054::1])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <me@HIDDEN>) id 1pRJDk-0000tl-TH
for guix-patches@HIDDEN; Sun, 12 Feb 2023 15:45:15 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=48mqN4ozzI93N
As3Xg8tnAUTIE+Gv+HIjmMu4HdIqG8=; h=date:subject:to:from;
d=tobias.gr;
b=ics9WN2xNmUAeM1QmgZA0UdxFCbGY5xRjMsSiKiOItDVR7VSHUPkTVlMdFMMn+7tOj5V
l2F+Bj6lyheQnWMVVCsShldzzAQCxD9JTd86+iPquWAaDbEdz2NfjjsPfNgHwV7/4p2K43
mMyzKTTTt6U43NrtdWuKqFbJs3ON8xhXUir+SSKbY9kI7z0eRHHZMEyS6w85eizcyPzfGm
n/3fwRXfyhDEWmtrABwSAj1WQorLQEY/37ABn0h58RjwjpHOGM01ChJi4J+MB59ARBRJSi
o87HkdhQgN6VkDcHv4cTeVrEwbnvOJAPOF5boT6er2x/Zaw1fkJX6g0FDogRIGmw==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 552c9a40
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <guix-patches@HIDDEN>;
Sun, 12 Feb 2023 20:45:06 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 12 Feb 2023 21:37:54 +0100
BIMI-Selector: v=BIMI1; s=default;
Message-ID: <87r0uuehlr.fsf@nckx>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@HIDDEN;
helo=tobias.gr
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_PASS=-0.001,
SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -1.6 (-)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -2.6 (--)
--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Hi Guix,
I need to offload some of my eternally rebased local patches.=20
Here's one that makes it easy to assign capabilities(7) =E2=80=94=20
currently through setcap(8) =E2=80=94 to programmes like we can=20
set{u,g}id.
There are many packages that benefit from this. Mine are:
(privileged-programs
(cons* (privileged-program
(file-append mtr "/sbin/mtr")
(capabilities "cap_net_raw+ep"))
(privileged-program
(file-append nethogs "/sbin/nethogs")
(capabilities "cap_net_admin,cap_new_raw+ep"))
(privileged-program
(file-append light "/bin/light")
(setuid? #t))
%default-privileged-programs))
The set's over a year old and needs a bit of love. Some details=20
might have bitrot, I probably forgot a to-do or two in that year,=20
and there's something unguixy about calling setcap(8) instead of=20
writing a completely new Guile binding/module :-)
I'm quite opinionated about the setuid-programs unification: there=20
should not be multiple confusing and masking layers of privilege,=20
and it should be possible to setgid a capable executable.
Kind regards,
T G-R
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY+lQYA0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15h3kBAOtjELUR1tSfAWbx7f7qjNB0pyTrg2RiycYVSiWu
cBUuAQC0JQh8dHFZx3vQLwN8HH5iZt2nmiHI49u7qlNWdWiECQ==
=RXHi
-----END PGP SIGNATURE-----
--=-=-=--
Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.505 (Entity 5.505) Content-Type: text/plain; charset=utf-8 X-Loop: help-debbugs@HIDDEN From: help-debbugs@HIDDEN (GNU bug Tracking System) To: Tobias Geerinckx-Rice <me@HIDDEN> Subject: bug#61462: Acknowledgement (Add support for file capabilities(7)) Message-ID: <handler.61462.B.167623471817324.ack <at> debbugs.gnu.org> References: <87r0uuehlr.fsf@nckx> X-Gnu-PR-Message: ack 61462 X-Gnu-PR-Package: guix-patches Reply-To: 61462 <at> debbugs.gnu.org Date: Sun, 12 Feb 2023 20:46:02 +0000 Thank you for filing a new bug report with debbugs.gnu.org. This is an automatically generated reply to let you know your message has been received. Your message is being forwarded to the package maintainers and other interested parties for their attention; they will reply in due course. Your message has been sent to the package maintainer(s): guix-patches@HIDDEN If you wish to submit further information on this problem, please send it to 61462 <at> debbugs.gnu.org. Please do not send mail to help-debbugs@HIDDEN unless you wish to report a problem with the Bug-tracking system. --=20 61462: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=3D61462 GNU Bug Tracking System Contact help-debbugs@HIDDEN with problems
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH 01/10] system: Disallow file-like setuid-programs.
References: <87r0uuehlr.fsf@nckx>
In-Reply-To: <87r0uuehlr.fsf@nckx>
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 20:49:02 +0000
Resent-Message-ID: <handler.61462.B61462.167623492217924 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167623492217924
(code B ref 61462); Sun, 12 Feb 2023 20:49:02 +0000
Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:42 +0000
Received: from localhost ([127.0.0.1]:46965 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJH7-0004f0-Tz
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:42 -0500
Received: from tobias.gr ([80.241.217.52]:55494)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJH6-0004er-Kl
for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:41 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=nF/hgv2p6t9O6
lO+N6CZRtIf9bo+/k1f6ne11MF0Llk=; h=date:subject:to:from;
d=tobias.gr;
b=Bsz/HHCy1TT4VpnuoTFD4qN5S6yazi1zKhqT/04b674+6Nwkn/19Ezh6iXSXJb7LNUIQ
PwlPT6go/XkD77z8kfm5q3kyhHY2sUMhb/zjIFlUGDQK5SJ3viEURiKbo5NiTxzo3uwhsZ
4pxiW+dMnPC2l23bgyb+8UMwSZmTvym8/NGZiGLfIZK0XeqlnC7Qx6RE93AapUxn47Kf1o
6qMfKvACRt44LRbwb0pfdoEh+KELn9gs2egV1HSTuLG572AhSdYC3dM+3ECqka1RRTyCBD
eSeZinPsuckN67T75egImLIZ784/YDI876sCWM5EspmrAm5FVEP8O/OA/ewf8eKQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 75cd3a89
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Sun, 12 Feb 2023 20:48:37 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 5 Feb 2023 01:00:10 +0100
Message-Id: <20230205000019.6259-1-me@HIDDEN>
X-Mailer: git-send-email 2.39.1
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: It has been a warning for well over a year now. Now, with
privileged-programs coming, don't let's support nested deprecation hacks.
* gnu/system.scm (<operating-system>): Don't =?UTF-8?Q?=E2=80=98sanitize=E2=80=99?= the setuid-programs
field. (ensure-setuid-program-list): Delete syntax. (%ensure-setuid-program-list):
Delete variable. --- gnu/system.scm | [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: It has been a warning for well over a year now. Now, with
privileged-programs coming, don't let's support nested deprecation hacks.
* gnu/system.scm (<operating-system>): Don't =?UTF-8?Q?=E2=80=98sanitize=E2=80=99?= the setuid-programs
field. (ensure-setuid-program-list): Delete syntax. (%ensure-setuid-program-list):
Delete variable. --- gnu/system.scm | [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
It has been a warning for well over a year now. Now, with
privileged-programs coming, don't let's support nested deprecation
hacks.
* gnu/system.scm (<operating-system>):
Don't ‘sanitize’ the setuid-programs field.
(ensure-setuid-program-list): Delete syntax.
(%ensure-setuid-program-list): Delete variable.
---
gnu/system.scm | 28 +---------------------------
1 file changed, 1 insertion(+), 27 deletions(-)
diff --git a/gnu/system.scm b/gnu/system.scm
index df60fda53b..85380136e2 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -297,8 +297,7 @@ (define-record-type* <operating-system> operating-system
(pam-services operating-system-pam-services ; list of PAM services
(default (base-pam-services)))
(setuid-programs operating-system-setuid-programs
- (default %setuid-programs) ; list of <setuid-program>
- (sanitize ensure-setuid-program-list))
+ (default %setuid-programs)) ; list of <setuid-program>
(sudoers-file operating-system-sudoers-file ; file-like
(default %sudoers-specification))
@@ -1214,31 +1213,6 @@ (define (operating-system-environment-variables os)
;; TODO: Remove when glibc@HIDDEN is long gone.
("GUIX_LOCPATH" . "/run/current-system/locale")))
-;; Ensure LST is a list of <setuid-program> records and warn otherwise.
-(define-with-syntax-properties (ensure-setuid-program-list (lst properties))
- (%ensure-setuid-program-list lst properties))
-
-;; We want to be able to use defines, so define a procedure.
-(define (%ensure-setuid-program-list lst properties)
- (define warned? #f)
-
- (define (warn-once)
- (unless warned?
- (warning (source-properties->location properties)
- (G_ "representing setuid programs with file-like objects is \
-deprecated; use 'setuid-program' instead~%"))
- (set! warned? #t)))
-
- (map (match-lambda
- ((? setuid-program? program)
- program)
- (program
- ;; PROGRAM is a file-like or a gexp like #~(string-append #$foo
- ;; "/bin/bar").
- (warn-once)
- (setuid-program (program program))))
- lst))
-
(define %setuid-programs
;; Default set of setuid-root programs.
(let ((shadow (@ (gnu packages admin) shadow)))
base-commit: 2b1383c0a2f79117103b142440c64f6a751d545d
prerequisite-patch-id: 886fb4af654b597857d992a7c1e9c4bcc8bf5ab6
prerequisite-patch-id: 159d9e2558e5fb2dfc1d7442440e154dba14e500
prerequisite-patch-id: 2a1dffe5206b8a67cc544267d4ce4ddd23f3f290
prerequisite-patch-id: 992a4004d5fc0c427696da0b142942008c987083
prerequisite-patch-id: ee47c54ab1f9c72ee6974eca16aa311c80601048
prerequisite-patch-id: b50c71d9cc8fb39d18f448d9db6d61eca9f0f25b
prerequisite-patch-id: 15aab9bfe126cf392055f82d0831ad2bd8622ad4
prerequisite-patch-id: 83928f7dc391bf556c5d4405ca966c60bfdfff4b
prerequisite-patch-id: 4370270b5f1db400fe91d922da17390ef76d7962
prerequisite-patch-id: 1bf3ab2da9cb51156f6b28aac26b1c9e46f58f3c
prerequisite-patch-id: e082433b46efa579b4026c24466af3bb375c66a9
prerequisite-patch-id: 37587dd99ea94d6fd06e5a85600364a9b9e30257
prerequisite-patch-id: 48b2c23df7636eb66789649d5465c5aba5551c6d
prerequisite-patch-id: ee83168a69856ce6aacac6399af1e0f6b6126001
prerequisite-patch-id: 313f790e410773ccec61a27665d372b1f45b7236
prerequisite-patch-id: e82c8b9f3dd1b945f7cb937cf34f308b74759ca8
prerequisite-patch-id: ebd98ed22463fdb02fcfc5108a39bda89020cddd
prerequisite-patch-id: aa023f744b32055ca87a6131b0791d7524f03749
prerequisite-patch-id: 780a9840ba83b219743a5d4847dcec3e6bd4eb4c
prerequisite-patch-id: d337437b304428933fd187c3d38669f1ab6810f5
prerequisite-patch-id: 088d2163c05a955c2dc69c32cfd07a2c9bbb38fe
prerequisite-patch-id: f49f51dfc2e47144c8c9b27534f4d041d4c0abce
--
2.39.1
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH 02/10] services: setuid-program: Populate /run/privileged/bin.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 20:49:02 +0000
Resent-Message-ID: <handler.61462.B61462.167623492717971 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167623492717971
(code B ref 61462); Sun, 12 Feb 2023 20:49:02 +0000
Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:47 +0000
Received: from localhost ([127.0.0.1]:46975 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJHC-0004ff-BF
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:47 -0500
Received: from tobias.gr ([80.241.217.52]:55494)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJH7-0004er-Fr
for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:42 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=5tFfkKxpMd3bB
bpVZiikglYPcukrEKCFJmRToqyzCmk=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=l5VUS6v/IYrPOtpvmBUkXmp7Z97RkH02Dra6eU
dIrkQKehdliLfTGLrAyok0JX9bVxd63KZFEd5ri8fgs65FLPTtXP9NYVq40G630/rta8uJ
4wOuv7yzkkE8Au99he1ezQl6p7VOLTk45k+OkfBvRXMQs9ZMqVUWTUIhVxkaTzb4fyBxe0
Bd5w4pgqUK+jGiYcY9gL3S0B2E5sg27hzaVA/jZ0A4LmEtKaiV73yNlfdg+OBlNdjeFRZX
u/uUwVLrGQyspZ0TvTP857uowe45czH5cq0yqmnnPC+SU+yPNh1XpL0GLOzMsXNaGiL6f1
W2S4P8hGY0IKg9PvndjsqtOA==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id ab3c4ee2
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Sun, 12 Feb 2023 20:48:37 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 5 Feb 2023 01:00:11 +0100
Message-Id: <20230205000019.6259-2-me@HIDDEN>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230205000019.6259-1-me@HIDDEN>
References: <20230205000019.6259-1-me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Create /run/setuid-programs compatibility symlinks so that
we can migrate all users (both package and human) piecemeal at our leisure.
Apart from being symlinks, this should be a user-invisible change.
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Create /run/setuid-programs compatibility symlinks so that
we can migrate all users (both package and human) piecemeal at our leisure.
Apart from being symlinks, this should be a user-invisible change.
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
Create /run/setuid-programs compatibility symlinks so that we can
migrate all users (both package and human) piecemeal at our leisure.
Apart from being symlinks, this should be a user-invisible change.
* gnu/build/activation.scm (%privileged-program-directory): New variable.
[activate-setuid-programs]: Put privileged copies in
%PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in
%SETUID-DIRECTORY.
* gnu/services.scm (setuid-program-service-type): Update docstring.
* doc/guix.texi (Setuid Programs): Update @file{} name accordingly.
---
doc/guix.texi | 2 +-
gnu/build/activation.scm | 54 ++++++++++++++++++++++++++--------------
gnu/services.scm | 9 +++++--
3 files changed, 44 insertions(+), 21 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 44e2165a82..009bcf5d40 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -38219,7 +38219,7 @@ The list includes commands such as @command{passwd}, @command{ping},
@end defvar
Under the hood, the actual setuid programs are created in the
-@file{/run/setuid-programs} directory at system activation time. The
+@file{/run/privileged/bin} directory at system activation time. The
files in this directory refer to the ``real'' binaries, which are in the
store.
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index eea2233563..af947a39fa 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -8,6 +8,7 @@
;;; Copyright © 2021 Maxime Devos <maximedevos@HIDDEN>
;;; Copyright © 2020 Christine Lemmer-Webber <cwebber@HIDDEN>
;;; Copyright © 2021 Brice Waegeneire <brice@HIDDEN>
+;;; Copyright © 2022 Tobias Geerinckx-Rice <me@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -278,14 +279,29 @@ (define (rm-f file)
string<?)))
(define %setuid-directory
- ;; Place where setuid programs are stored.
+ ;; Place where setuid programs used to be stored. It exists for backwards
+ ;; compatibility & will be removed. Use %PRIVILEGED-PROGRAM-DIRECTORY instead.
"/run/setuid-programs")
+(define %privileged-program-directory
+ ;; Place where privileged copies of programs are stored.
+ "/run/privileged/bin")
+
(define (activate-setuid-programs programs)
- "Turn PROGRAMS, a list of file setuid-programs record, into setuid programs
-stored under %SETUID-DIRECTORY."
- (define (make-setuid-program program setuid? setgid? uid gid)
- (let ((target (string-append %setuid-directory
+ "Turn PROGRAMS, a list of file setuid-programs records, into privileged
+copies stored under %PRIVILEGED-PROGRAM-DIRECTORY."
+ (define (ensure-empty-directory directory)
+ (if (file-exists? directory)
+ (for-each (compose delete-file
+ (cut string-append directory "/" <>))
+ (scandir directory
+ (lambda (file)
+ (not (member file '("." ".."))))
+ string<?))
+ (mkdir-p directory)) )
+
+ (define (make-privileged-program program setuid? setgid? uid gid)
+ (let ((target (string-append %privileged-program-directory
"/" (basename program)))
(mode (+ #o0555 ; base permissions
(if setuid? #o4000 0) ; setuid bit
@@ -294,16 +310,17 @@ (define (make-setuid-program program setuid? setgid? uid gid)
(chown target uid gid)
(chmod target mode)))
- (format #t "setting up setuid programs in '~a'...~%"
- %setuid-directory)
- (if (file-exists? %setuid-directory)
- (for-each (compose delete-file
- (cut string-append %setuid-directory "/" <>))
- (scandir %setuid-directory
- (lambda (file)
- (not (member file '("." ".."))))
- string<?))
- (mkdir-p %setuid-directory))
+ (define (make-deprecated-wrapper program)
+ ;; This will eventually become a script that warns on usage, then vanish.
+ (symlink (string-append %privileged-program-directory
+ "/" (basename program))
+ (string-append %setuid-directory
+ "/" (basename program))))
+
+ (format #t "setting up privileged program in '~a'...~%"
+ %privileged-program-directory)
+ (ensure-empty-directory %privileged-program-directory)
+ (ensure-empty-directory %setuid-directory)
(for-each (lambda (program)
(catch 'system-error
@@ -319,11 +336,12 @@ (define (make-setuid-program program setuid? setgid? uid gid)
(gid (match group
((? string?) (group:gid (getgrnam group)))
((? integer?) group))))
- (make-setuid-program program-name setuid? setgid? uid gid)))
+ (make-privileged-program program-name setuid? setgid? uid gid)
+ (make-deprecated-wrapper program-name)))
(lambda args
;; If we fail to create a setuid program, better keep going
- ;; so that we don't leave %SETUID-DIRECTORY empty or
- ;; half-populated. This can happen if PROGRAMS contains
+ ;; so that we don't leave %PRIVILEGED-PROGRAM-DIRECTORY empty
+ ;; or half-populated. This can happen if PROGRAMS contains
;; incorrect file names: <https://bugs.gnu.org/38800>.
(format (current-error-port)
"warning: failed to make ~s setuid/setgid: ~a~%"
diff --git a/gnu/services.scm b/gnu/services.scm
index 2abef557d4..26546e1369 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -6,6 +6,7 @@
;;; Copyright © 2021 raid5atemyhomework <raid5atemyhomework@HIDDEN>
;;; Copyright © 2020 Christine Lemmer-Webber <cwebber@HIDDEN>
;;; Copyright © 2020, 2021 Brice Waegeneire <brice@HIDDEN>
+;;; Copyright © 2022 Tobias Geerinckx-Rice <me@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -842,8 +843,12 @@ (define setuid-program-service-type
(extend (lambda (config extensions)
(append config extensions)))
(description
- "Populate @file{/run/setuid-programs} with the specified
-executables, making them setuid and/or setgid.")))
+ "Copy the specified executables to @file{/run/privileged/bin}
+and apply special privileges like setuid and/or setgid.
+
+The deprecated @file{/run/setuid-programs} directory is also populated with
+symbolic links to their @file{/run/privileged/bin} counterpart. It will be
+removed in a future Guix release.")))
(define (packages->profile-entry packages)
"Return a system entry for the profile containing PACKAGES."
--
2.39.1
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH 03/10] system: Use /run/privileged/bin in search paths.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 20:49:03 +0000
Resent-Message-ID: <handler.61462.B61462.167623492817990 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167623492817990
(code B ref 61462); Sun, 12 Feb 2023 20:49:03 +0000
Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:48 +0000
Received: from localhost ([127.0.0.1]:46981 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJHD-0004fo-DC
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:48 -0500
Received: from tobias.gr ([80.241.217.52]:55494)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJH8-0004er-Nv
for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:43 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=/ZvZmy/pvEiAm
9YO/43GCSLV5M9Er831E37Xv1M/Sdk=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=GEFf1Q6WdmBPh3QQdYXLCKBQZf+pbjYPbPmVHs
Ix5wNVC8HKAOUTjA/nzZPGpsAY84NlBAE5B/x62MScib21pXqYj2JtYpDvSBYNjOp7ntNK
amxujQZJaGvYcx4P2n31B0NTBUs16C1xAd5n4F/lkdjE3HS00zYxCjHvKjb4edkQU+UojQ
YoMfQ9hTb0wQyscr6XH5SBd4Ny653GqdvxXPEeSZV7rlhlBBbDGJr4F7jkenpvhP3uYlBf
R/M3MuHQ2I6MD8R2k+lhjknvw6xZA8OlKHY/B4O/b2qmztwMo7bdfE1CngmdpUus77bopk
zX6VWn6OezmbxgAEaEBG85xg==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id c669f1a1
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Sun, 12 Feb 2023 20:48:38 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 5 Feb 2023 01:00:12 +0100
Message-Id: <20230205000019.6259-3-me@HIDDEN>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230205000019.6259-1-me@HIDDEN>
References: <20230205000019.6259-1-me@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system.scm (operating-system-etc-service): Substitute
/run/privileged/bin for deprecated /run/setuid-programs. --- gnu/system.scm
| 8 ++++---- 1 file changed, 4 insertions(+),
4 deletions(-) diff --git a/gnu/system.scm
b/gnu/system.scm index 85380136e2..446439bcac 100644 --- a/gnu/system.scm
+++ b/gnu/system.scm @@ -987, 10 +987,
10 @@ (define* (operating-system-etc-service
os) (plain-file [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system.scm (operating-system-etc-service): Substitute
/run/privileged/bin for deprecated /run/setuid-programs. --- gnu/system.scm
| 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gnu/system.scm
b/gnu/system.scm index 85380136e2..446439bcac 100644 --- a/gnu/system.scm
+++ b/gnu/system.scm @@ -987,10 +987,10 @@ (define* (operating-system-etc-service
os) (plain-file [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/system.scm (operating-system-etc-service):
Substitute /run/privileged/bin for deprecated /run/setuid-programs.
---
gnu/system.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/system.scm b/gnu/system.scm
index 85380136e2..446439bcac 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -987,10 +987,10 @@ (define* (operating-system-etc-service os)
(plain-file "login.defs"
(string-append
"# Default paths for non-login shells started by su(1).\n"
- "ENV_PATH /run/setuid-programs:"
+ "ENV_PATH /run/privileged/bin:"
"/run/current-system/profile/bin:"
"/run/current-system/profile/sbin\n"
- "ENV_SUPATH /run/setuid-programs:"
+ "ENV_SUPATH /run/privileged/bin:"
"/run/current-system/profile/bin:"
"/run/current-system/profile/sbin\n"
@@ -1054,8 +1054,8 @@ (define* (operating-system-etc-service os)
fi
done
-# Prepend setuid programs.
-export PATH=/run/setuid-programs:$PATH
+# Prepend privileged programs.
+export PATH=/run/privileged/bin:$PATH
# Arrange so that ~/.config/guix/current/share/info comes first.
export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"
--
2.39.1
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH 04/10] gnu: Replace (almost) all uses of /run/setuid-programs.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 20:49:03 +0000
Resent-Message-ID: <handler.61462.B61462.167623492917997 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167623492917997
(code B ref 61462); Sun, 12 Feb 2023 20:49:03 +0000
Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:49 +0000
Received: from localhost ([127.0.0.1]:46985 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJHE-0004g7-7V
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:49 -0500
Received: from tobias.gr ([80.241.217.52]:55494)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJH9-0004er-FU
for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:44 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=MdIrDXRD3KeLA
sJNr0MbX4dUrdxz/LxqjopPmyFijds=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=mbTSi8QkOnUTskudabx2V7ht73fNdEFaRh3tvh
6WCvUY0r4rzPLXi0obaDfAsXtmerJ9Ph+8cy9OEhPb1EmN0CMqEBaq/F1J1iji7k1zp36G
DmYr72/Qx89zciFt8eCgYkMw2IcEYjWYqTnjgGmg86mr/2tBvoLFjfQcUFWVLWTVvwkO/W
EHN/pAxZ2oBXxVS/HuWcHTu2cp4cfy8ye/MZz3XXvduiA3BUkf1OozQd7EZGWS6/rdLDRa
4lb/6sXSf81oqPh0mF2IvBXOsqexZ/ZWcmbAj7vA47E5B7GZgJBe7joYgJXkJAv1Kq+Kz9
T9WHOh8PV0t1a0TH4YID45wA==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 956a4c16
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Sun, 12 Feb 2023 20:48:38 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 5 Feb 2023 01:00:13 +0100
Message-Id: <20230205000019.6259-4-me@HIDDEN>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230205000019.6259-1-me@HIDDEN>
References: <20230205000019.6259-1-me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: =?UTF-8?Q?=E2=80=A6those?= good for master, anyway. * gnu/packages/admin.scm
(ktsuss, opendoas, hosts) [arguments]: Replace /run/setuid-programs with
/run/privileged/bin. * gnu/packages/containers.scm (slirp4netns)[arguments]:
Likewise. * gnu/packages/ [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: =?UTF-8?Q?=E2=80=A6those?= good for master, anyway. * gnu/packages/admin.scm
(ktsuss, opendoas, hosts) [arguments]: Replace /run/setuid-programs with
/run/privileged/bin. * gnu/packages/containers.scm (slirp4netns)[arguments]:
Likewise. * gnu/packages/ [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
…those good for master, anyway.
* gnu/packages/admin.scm (ktsuss, opendoas, hosts)
[arguments]: Replace /run/setuid-programs with /run/privileged/bin.
* gnu/packages/containers.scm (slirp4netns)[arguments]: Likewise.
* gnu/packages/debian.scm (pbuilder)[arguments]: Likewise.
* gnu/packages/disk.scm (udevil)[arguments]: Likewise.
* gnu/packages/enlightenment.scm (efl, enlightenment)
[arguments]: Likewise.
* gnu/packages/gnome.scm (gdm, gnome-control-center)
[arguments]: Likewise.
* gnu/packages/linux.scm (singularity)[arguments]: Likewise.
* gnu/packages/lxde.scm (spacefm)[arguments]: Likewise.
* gnu/packages/monitoring.scm (zabbix-agentd)[arguments]: Likewise.
* gnu/packages/virtualization.scm (ganeti)[arguments]: Likewise.
* gnu/packages/xdisorg.scm (xsecurelock)[arguments]: Likewise.
* gnu/services/dbus.scm (dbus-configuration-directory): Likewise.
* gnu/services/ganeti.scm (%default-ganeti-environment-variables):
Likewise.
* gnu/services/monitoring.scm (zabbix-agent-shepherd-service): Likewise.
* gnu/tests/ldap.scm (marionette): Likewise.
* gnu/tests/monitoring.scm (os): Likewise.
---
gnu/machine/ssh.scm | 2 ++
gnu/packages/admin.scm | 6 +++---
gnu/packages/containers.scm | 2 +-
gnu/packages/debian.scm | 4 ++--
gnu/packages/disk.scm | 14 +++++++-------
gnu/packages/enlightenment.scm | 10 +++++-----
gnu/packages/gnome.scm | 4 ++--
gnu/packages/linux.scm | 2 +-
gnu/packages/lxde.scm | 19 ++++++++-----------
gnu/packages/monitoring.scm | 2 +-
gnu/packages/virtualization.scm | 2 +-
gnu/packages/xdisorg.scm | 2 +-
gnu/services/dbus.scm | 2 +-
gnu/services/ganeti.scm | 2 +-
gnu/services/monitoring.scm | 2 +-
gnu/tests/ldap.scm | 2 +-
gnu/tests/monitoring.scm | 4 ++--
17 files changed, 40 insertions(+), 41 deletions(-)
diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm
index 343cf74748..26ea787e29 100644
--- a/gnu/machine/ssh.scm
+++ b/gnu/machine/ssh.scm
@@ -177,6 +177,8 @@ (define (machine-become-command machine)
(if (string= "root" (machine-ssh-configuration-user
(machine-configuration machine)))
'()
+ ;; Use the old setuid-programs location until the remote is likely to
+ ;; have the new /run/privileged one in place.
'("/run/setuid-programs/sudo" "-n" "--")))
(define (managed-host-remote-eval machine exp)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index 3d0886aba8..c022e9224c 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -199,7 +199,7 @@ (define-public ktsuss
(lambda _
(substitute* "configure.ac"
(("supath=`which su 2>/dev/null`")
- "supath=/run/setuid-programs/su"))
+ "supath=/run/privileged/bin/su"))
#t)))))
(native-inputs
(list autoconf automake libtool pkg-config))
@@ -2086,7 +2086,7 @@ (define-public opendoas
(substitute* "doas.c"
(("safepath =" match)
(string-append match " \""
- "/run/setuid-programs:"
+ "/run/privileged/bin:"
"/run/current-system/profile/bin:"
"/run/current-system/profile/sbin:"
"\" ")))))
@@ -4863,7 +4863,7 @@ (define-public hosts
":" (assoc-ref %build-inputs "grep") "/bin"
":" (assoc-ref %build-inputs "ncurses") "/bin"
":" (assoc-ref %build-inputs "sed") "/bin"
- ":" "/run/setuid-programs"
+ ":" "/run/privileged/bin"
":" (getenv "PATH")))
(substitute* "hosts"
(("#!/usr/bin/env bash")
diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm
index 3982f4f059..8976ca3b20 100644
--- a/gnu/packages/containers.scm
+++ b/gnu/packages/containers.scm
@@ -236,7 +236,7 @@ (define-public slirp4netns
(add-after 'unpack 'fix-hardcoded-paths
(lambda _
(substitute* (find-files "tests" "\\.sh")
- (("ping") "/run/setuid-programs/ping")))))))
+ (("ping") "/run/privileged/bin/ping")))))))
(inputs
(list glib
libcap
diff --git a/gnu/packages/debian.scm b/gnu/packages/debian.scm
index 4319d3a518..308f2bc286 100644
--- a/gnu/packages/debian.scm
+++ b/gnu/packages/debian.scm
@@ -493,8 +493,8 @@ (define-public pbuilder
(lambda ()
(format #t "# A couple of presets to make this work more smoothly.~@
MIRRORSITE=\"http://deb.debian.org/debian\"~@
- if [ -r /run/setuid-programs/sudo ]; then~@
- PBUILDERROOTCMD=\"/run/setuid-programs/sudo -E\"~@
+ if [ -r /run/privileged/bin/sudo ]; then~@
+ PBUILDERROOTCMD=\"/run/privileged/bin/sudo -E\"~@
fi~@
PBUILDERSATISFYDEPENDSCMD=\"~a/lib/pbuilder/pbuilder-satisfydepends-apt\"~%"
#$output)))))
diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm
index f9fe9c5989..4f78a3aa9e 100644
--- a/gnu/packages/disk.scm
+++ b/gnu/packages/disk.scm
@@ -198,10 +198,10 @@ (define-public udevil
;; udevil expects these programs to be run with uid set as root.
;; user has to manually add these programs to setuid-programs.
;; mount and umount are default setuid-programs in guix system.
- "--with-mount-prog=/run/setuid-programs/mount"
- "--with-umount-prog=/run/setuid-programs/umount"
- "--with-losetup-prog=/run/setuid-programs/losetup"
- "--with-setfacl-prog=/run/setuid-programs/setfacl")
+ "--with-mount-prog=/run/privileged/bin/mount"
+ "--with-umount-prog=/run/privileged/bin/umount"
+ "--with-losetup-prog=/run/privileged/bin/losetup"
+ "--with-setfacl-prog=/run/privileged/bin/setfacl")
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'remove-root-reference
@@ -212,12 +212,12 @@ (define-public udevil
(add-after 'unpack 'patch-udevil-reference
;; udevil expects itself to be run with uid set as root.
;; devmon also expects udevil to be run with uid set as root.
- ;; user has to manually add udevil to setuid-programs.
+ ;; user has to manually add udevil to privileged-programs.
(lambda _
(substitute* "src/udevil.c"
- (("/usr/bin/udevil") "/run/setuid-programs/udevil"))
+ (("/usr/bin/udevil") "/run/privileged/bin/udevil"))
(substitute* "src/devmon"
- (("`which udevil 2>/dev/null`") "/run/setuid-programs/udevil"))
+ (("`which udevil 2>/dev/null`") "/run/privileged/bin/udevil"))
#t)))))
(native-inputs
(list intltool pkg-config))
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index a08ad05143..0bb6bf3bcc 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -150,8 +150,8 @@ (define-public efl
"-Dbuild-examples=false"
"-Decore-imf-loaders-disabler=scim"
"-Dglib=true"
- "-Dmount-path=/run/setuid-programs/mount"
- "-Dunmount-path=/run/setuid-programs/umount"
+ "-Dmount-path=/run/privileged/bin/mount"
+ "-Dunmount-path=/run/privileged/bin/umount"
"-Dnetwork-backend=connman"
,,@(if (member (%current-system)
(package-transitive-supported-systems luajit))
@@ -339,7 +339,7 @@ (define-public enlightenment
(substitute* '("src/bin/e_sys_main.c"
"src/bin/e_util_suid.h")
(("PATH=/bin:/usr/bin:/sbin:/usr/sbin")
- (string-append "PATH=/run/setuid-programs:"
+ (string-append "PATH=/run/privileged/bin:"
"/run/current-system/profile/bin:"
"/run/current-system/profile/sbin")))
(substitute* "src/modules/everything/evry_plug_calc.c"
@@ -348,8 +348,8 @@ (define-public enlightenment
(("libddcutil\\.so\\.?" libddcutil)
(string-append ddcutil "/lib/" libddcutil)))
(substitute* "data/etc/meson.build"
- (("/bin/mount") "/run/setuid-programs/mount")
- (("/bin/umount") "/run/setuid-programs/umount")
+ (("/bin/mount") "/run/privileged/bin/mount")
+ (("/bin/umount") "/run/privileged/bin/umount")
(("/usr/bin/eject") "/run/current-system/profile/bin/eject"))
(substitute* "src/bin/system/e_system_power.c"
(("systemctl") "loginctl"))))))))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 19a96ef9f4..1891e9bf11 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -9013,7 +9013,7 @@ (define-public gdm
"--localstatedir=/var"
(string-append "-Ddefault-path="
- (string-join '("/run/setuid-programs"
+ (string-join '("/run/privileged/bin"
"/run/current-system/profile/bin"
"/run/current-system/profile/sbin")
":"))
@@ -9290,7 +9290,7 @@ (define-public gnome-control-center
inputs "bin/nm-connection-editor"))))
(substitute* "panels/user-accounts/run-passwd.c"
(("/usr/bin/passwd")
- "/run/setuid-programs/passwd"))
+ "/run/privileged/bin/passwd"))
(substitute* "panels/info-overview/cc-info-overview-panel.c"
(("DATADIR \"/gnome/gnome-version.xml\"")
(format #f "~s" (search-input-file
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 13e2ca9493..19c68cc429 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -5027,7 +5027,7 @@ (define-public singularity
(substitute* (find-files "libexec/cli" "\\.exec$")
(("\\$SINGULARITY_libexecdir/singularity/bin/([a-z]+)-suid"
_ program)
- (string-append "/run/setuid-programs/singularity-"
+ (string-append "/run/privileged/bin/singularity-"
program "-helper")))
;; These squashfs mount options are apparently no longer
diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm
index 0657db6eb8..9b380ede0e 100644
--- a/gnu/packages/lxde.scm
+++ b/gnu/packages/lxde.scm
@@ -372,26 +372,23 @@ (define-public spacefm
(substitute* '("mime-type/mime-type.c" "ptk/ptk-file-menu.c")
(("/usr(/local)?/share/mime") mime)))
#t)))
- (add-after 'patch-mime-dirs 'patch-setuid-progs
+ (add-after 'patch-mime-dirs 'patch-privileged-programs
(lambda _
- (let* ((su "/run/setuid-programs/su")
- (mount "/run/setuid-programs/mount")
- (umount "/run/setuid-programs/umount")
- (udevil "/run/setuid-programs/udevil"))
+ (let ((privileged (lambda (command)
+ (string-append "/run/privileged/bin/"
+ command))))
(with-directory-excursion "src"
(substitute* '("settings.c" "settings.h" "vfs/vfs-file-task.c"
"vfs/vfs-volume-hal.c" "../data/ui/prefdlg.ui"
"../data/ui/prefdlg2.ui")
- (("(/usr)?/bin/su") su)
- (("/(bin|sbin)/mount") mount)
- (("/(bin|sbin)/umount") umount)
- (("/usr/bin/udevil") udevil)))
+ (("(/usr)?/s?bin/(mount|umount|su|udevil)" _ _ command)
+ (privileged command))))
#t)))
- (add-after 'patch-setuid-progs 'patch-spacefm-conf
+ (add-after 'patch-privileged-programs 'patch-spacefm.conf
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "etc/spacefm.conf"
(("#terminal_su=/bin/su")
- "terminal_su=/run/setuid-programs/su")
+ "terminal_su=/run/privileged/bin/su")
(("#graphical_su=/usr/bin/gksu")
(string-append "graphical_su="
(search-input-file inputs "/bin/ktsuss")))))))
diff --git a/gnu/packages/monitoring.scm b/gnu/packages/monitoring.scm
index 74ec7b6cdf..2571994624 100644
--- a/gnu/packages/monitoring.scm
+++ b/gnu/packages/monitoring.scm
@@ -187,7 +187,7 @@ (define-public zabbix-agentd
"src/zabbix_server/server.c")
;; 'fping' must be setuid, so look for it in the usual location.
(("/usr/sbin/fping6?")
- "/run/setuid-programs/fping")))))
+ "/run/privileged/bin/fping")))))
(build-system gnu-build-system)
(arguments
(list #:configure-flags
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 64a26edb02..ac1d0f3cd3 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -761,7 +761,7 @@ (define-public ganeti
;; hard coded PATH. Patch so it works on Guix System.
(substitute* "src/Ganeti/Constants.hs"
(("/sbin:/bin:/usr/sbin:/usr/bin")
- "/run/setuid-programs:/run/current-system/profile/sbin:\
+ "/run/privileged/bin:/run/current-system/profile/sbin:\
/run/current-system/profile/bin"))))
(add-after 'bootstrap 'patch-sphinx-version-detection
(lambda _
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index 2ebeb4e013..d53329b243 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -2434,7 +2434,7 @@ (define-public xsecurelock
'(#:configure-flags
'("--with-pam-service-name=login"
"--with-xkb"
- "--with-default-authproto-module=/run/setuid-programs/authproto_pam")))
+ "--with-default-authproto-module=/run/privileged/bin/authproto_pam")))
(native-inputs
(list pandoc pkg-config))
(inputs
diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm
index 5efd6bdadf..cb1c94a607 100644
--- a/gnu/services/dbus.scm
+++ b/gnu/services/dbus.scm
@@ -114,7 +114,7 @@ (define (services->sxml services)
;; failures such as <https://issues.guix.gnu.org/52051> on slow
;; computers with slow I/O.
(limit (@ (name "auth_timeout")) "300000")
- (servicehelper "/run/setuid-programs/dbus-daemon-launch-helper")
+ (servicehelper "/run/privileged/bin/dbus-daemon-launch-helper")
;; First, the '.service' files of services subject to activation.
;; We use a fixed location under /etc because the setuid helper
diff --git a/gnu/services/ganeti.scm b/gnu/services/ganeti.scm
index f4fec3833e..ee72946c88 100644
--- a/gnu/services/ganeti.scm
+++ b/gnu/services/ganeti.scm
@@ -182,7 +182,7 @@ (define-module (gnu services ganeti)
;; Ceph, Gluster, etc, without having to add absolute references to everything.
(define %default-ganeti-environment-variables
(list (string-append "PATH="
- (string-join '("/run/setuid-programs"
+ (string-join '("/run/privileged/bin"
"/run/current-system/profile/sbin"
"/run/current-system/profile/bin")
":"))))
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm
index 44e2e8886c..b86b0ab87d 100644
--- a/gnu/services/monitoring.scm
+++ b/gnu/services/monitoring.scm
@@ -544,7 +544,7 @@ (define (zabbix-agent-shepherd-service config)
/etc/ssl/certs"
"SSL_CERT_FILE=/run/current-system/profile\
/etc/ssl/certs/ca-certificates.crt"
- "PATH=/run/setuid-programs:\
+ "PATH=/run/privileged/bin:\
/run/current-system/profile/bin:/run/current-system/profile/sbin")))
(stop #~(make-kill-destructor)))))
diff --git a/gnu/tests/ldap.scm b/gnu/tests/ldap.scm
index 47e77c0c53..d5ab6899cf 100644
--- a/gnu/tests/ldap.scm
+++ b/gnu/tests/ldap.scm
@@ -144,7 +144,7 @@ (define marionette
(test-assert "Can become LDAP user"
(marionette-eval
- '(zero? (system* "/run/setuid-programs/su" "eva" "-c"
+ '(zero? (system* "/run/privileged/bin/su" "eva" "-c"
#$(file-append coreutils "/bin/true")))
marionette))
diff --git a/gnu/tests/monitoring.scm b/gnu/tests/monitoring.scm
index ae0a8e0845..f5e3f591a7 100644
--- a/gnu/tests/monitoring.scm
+++ b/gnu/tests/monitoring.scm
@@ -189,11 +189,11 @@ (define marionette
(start-service 'postgres))
marionette))
- ;; Add /run/setuid-programs to $PATH so that the scripts passed to
+ ;; Add privileged programs to $PATH so that the scripts passed to
;; 'system' can find 'sudo'.
(marionette-eval
'(setenv "PATH"
- "/run/setuid-programs:/run/current-system/profile/bin")
+ "/run/privileged/bin:/run/current-system/profile/bin")
marionette)
(test-eq "postgres create zabbix user"
--
2.39.1
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH 06/10] system: (gnu system setuid) wraps (gnu system privilege).
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 20:49:04 +0000
Resent-Message-ID: <handler.61462.B61462.167623493818023 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167623493818023
(code B ref 61462); Sun, 12 Feb 2023 20:49:04 +0000
Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:58 +0000
Received: from localhost ([127.0.0.1]:46989 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJHN-0004gb-HY
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:57 -0500
Received: from tobias.gr ([80.241.217.52]:56712)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJHB-0004fL-3Z
for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:45 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=Gimrxke5k7zXk
9AqjKCbfsMiVv2jvCsoa8oU48wIIl8=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=XdXqCqz0o/i4fyfYCAhhs+26uoID9qlK8OCNfM
wX6p5JhT+Zj0hsaqmbEUBDBCzUJwXA4RaWQz1khxKMyX3HO+GETp5DE2Ag2emEg4lHsAII
o2oaT2iFowoMfM5wUBlZmlMSv8BciG83aUEvUtWGPhZ6FKVu5swTZEMuxddj+RRaB20ALC
7ABnW44ReLhi0OAPp8jVSSzDqUIPUHkV0giTSVrvZ3qmK8jzNSYK72nyrsC+cp9deOtqZH
pOj6nKrdrbRIQxaITBMdam0TnAKqpeLd9WBX1DjacNzZ9XDhG89Geiwqt7XDHUvkvn+U3L
+PkRqXpF/D/pD7+Mf7z934Wg==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 897b2e73
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Sun, 12 Feb 2023 20:48:38 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 5 Feb 2023 01:00:15 +0100
Message-Id: <20230205000019.6259-6-me@HIDDEN>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230205000019.6259-1-me@HIDDEN>
References: <20230205000019.6259-1-me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system/setuid.scm (setuid-program): Rewrite as syntax
to create a <privileged-program> record that is setuid by default.
(setuid-program?,
setuid-program-program, setuid-program-setuid?) (setuid [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system/setuid.scm (setuid-program): Rewrite as syntax
to create a <privileged-program> record that is setuid by default. (setuid-program?,
setuid-program-program, setuid-program-setuid?) (setuid [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/system/setuid.scm (setuid-program): Rewrite as syntax to create a
<privileged-program> record that is setuid by default.
(setuid-program?, setuid-program-program, setuid-program-setuid?)
(setuid-program-setgid?, setuid-program-user, setuid-program-group):
Alias their privileged-program equivalent.
---
gnu/system/setuid.scm | 44 +++++++++++++++++++++++--------------------
1 file changed, 24 insertions(+), 20 deletions(-)
diff --git a/gnu/system/setuid.scm b/gnu/system/setuid.scm
index 83111d932c..4dd0cc8962 100644
--- a/gnu/system/setuid.scm
+++ b/gnu/system/setuid.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2021 Brice Waegeneire <brice@HIDDEN>
+;;; Copyright © 2022 Tobias Geerinckx-Rice <me@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -17,7 +18,9 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu system setuid)
- #:use-module (guix records)
+ #:use-module (gnu system privilege)
+ #:use-module (ice-9 match)
+ #:use-module (srfi srfi-1)
#:export (setuid-program
setuid-program?
setuid-program-program
@@ -30,28 +33,29 @@ (define-module (gnu system setuid)
;;; Commentary:
;;;
-;;; Data structures representing setuid/setgid programs. This is meant to be
-;;; used both on the host side and at run time--e.g., in activation snippets.
+;;; Do not use this module in new code. It used to define data structures
+;;; representing setuid/setgid programs, but is now a mere compatibility shim
+;;; wrapping a subset of (gnu system privilege).
;;;
;;; Code:
-(define-record-type* <setuid-program>
- setuid-program make-setuid-program
- setuid-program?
- ;; Path to program to link with setuid permissions
- (program setuid-program-program) ;file-like
- ;; Whether to set user setuid bit
- (setuid? setuid-program-setuid? ;boolean
- (default #t))
- ;; Whether to set group setgid bit
- (setgid? setuid-program-setgid? ;boolean
- (default #f))
- ;; The user this should be set to (defaults to root)
- (user setuid-program-user ;integer or string
- (default 0))
- ;; Group we want to set this to (defaults to root)
- (group setuid-program-group ;integer or string
- (default 0)))
+(define-syntax setuid-program
+ (lambda (fields)
+ (syntax-case fields ()
+ ((_ (field value) ...)
+ #`(privileged-program
+ (setuid? (match (assoc-ref '((field value) ...) 'setuid?)
+ ((#f) #f)
+ (_ #t)))
+ #,@(remove (match-lambda ((f _) (eq? (syntax->datum f) 'setuid?)))
+ #'((field value) ...)))))))
+
+(define setuid-program? privileged-program?)
+(define setuid-program-program privileged-program-program)
+(define setuid-program-setuid? privileged-program-setuid?)
+(define setuid-program-setgid? privileged-program-setgid?)
+(define setuid-program-user privileged-program-user)
+(define setuid-program-group privileged-program-group)
(define (file-like->setuid-program program)
(setuid-program (program program)))
--
2.39.1
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH 05/10] system: Add (gnu system privilege).
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 20:49:04 +0000
Resent-Message-ID: <handler.61462.B61462.167623493818030 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167623493818030
(code B ref 61462); Sun, 12 Feb 2023 20:49:04 +0000
Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:58 +0000
Received: from localhost ([127.0.0.1]:46991 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJHN-0004ge-U9
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:58 -0500
Received: from tobias.gr ([80.241.217.52]:55494)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJHA-0004er-VA
for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:46 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=psf3+9hskKmc4
gmp9MlQ/eYR0LxMPKCwbeVkoVKCs28=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=GSyODlzIf7R9yYAqQNpMr5guInvFdMZWDB60et
xIycDe+SDDhJaar3RJFrBY/EZmv4zWrQXhICoHtIA2MUfdluKZNSd90tLtPqClmisUoERZ
3r85v7oeWfuuVCdNnQWTZBCK5ev+5ynAatM0HAEXi4f+RmsIsgNV+x3ZqvNZBjldErGqg7
Z7Midh3/dj5arJF1knMjtAgoQx6y+Ix2/UIaSvO8RihCPfD9kWoywQ2vWuL/AvOIB4qjVu
lT+o30g7RInAtV+UMegSo7ni+0uMbbqWJqCxJOSpFivI04/ue7XW/IvIfHaFZWRT1DSnHe
O2Kh7PfFxkNAZQXd9rySrfYg==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 74b6d0c1
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Sun, 12 Feb 2023 20:48:38 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 5 Feb 2023 01:00:14 +0100
Message-Id: <20230205000019.6259-5-me@HIDDEN>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230205000019.6259-1-me@HIDDEN>
References: <20230205000019.6259-1-me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system/privilege.scm: New file. * gnu/local.mk
(GNU_SYSTEM_MODULES):
Add it. --- gnu/local.mk | 1 + gnu/system/privilege.scm | 58
++++++++++++++++++++++++++++++++++++++++
2 files changed, 59 ins [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system/privilege.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES):
Add it. --- gnu/local.mk | 1 + gnu/system/privilege.scm | 58 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 59 ins [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/system/privilege.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
---
gnu/local.mk | 1 +
gnu/system/privilege.scm | 58 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 59 insertions(+)
create mode 100644 gnu/system/privilege.scm
diff --git a/gnu/local.mk b/gnu/local.mk
index cdb99813d0..acf74cd9ae 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -723,6 +723,7 @@ GNU_SYSTEM_MODULES = \
%D%/system/mapped-devices.scm \
%D%/system/nss.scm \
%D%/system/pam.scm \
+ %D%/system/privilege.scm \
%D%/system/setuid.scm \
%D%/system/shadow.scm \
%D%/system/uuid.scm \
diff --git a/gnu/system/privilege.scm b/gnu/system/privilege.scm
new file mode 100644
index 0000000000..d89d5d5d1c
--- /dev/null
+++ b/gnu/system/privilege.scm
@@ -0,0 +1,58 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2021 Brice Waegeneire <brice@HIDDEN>
+;;; Copyright © 2022 Tobias Geerinckx-Rice <me@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu system privilege)
+ #:use-module (guix records)
+ #:export (privileged-program
+ privileged-program?
+ privileged-program-program
+ privileged-program-setuid?
+ privileged-program-setgid?
+ privileged-program-user
+ privileged-program-group
+ privileged-program-capabilities))
+
+;;; Commentary:
+;;;
+;;; Data structures representing privileged programs: binaries with additional
+;;; permissions such as setuid/setgid, or POSIX capabilities. This is meant to
+;;; be used both on the host side and at run time--e.g., in activation snippets.
+;;;
+;;; Code:
+
+(define-record-type* <privileged-program>
+ privileged-program make-privileged-program
+ privileged-program?
+ ;; File name of the program to assign elevated privileges.
+ (program privileged-program-program) ;file-like
+ ;; Whether to set the setuid (‘set user ID’) bit.
+ (setuid? privileged-program-setuid? ;boolean
+ (default #f))
+ ;; Whether to set the setgid (‘set group ID’) bit.
+ (setgid? privileged-program-setgid? ;boolean
+ (default #f))
+ ;; The user name or ID this should be set to (defaults to root's).
+ (user privileged-program-user ;integer or string
+ (default 0))
+ ;; The group name or ID we want to set this to (defaults to root's).
+ (group privileged-program-group ;integer or string
+ (default 0))
+ ;; POSIX capabilities in cap_from_text(3) form (defaults to #f: none).
+ (capabilities privileged-program-capabilities ;string or #f
+ (default #f)))
--
2.39.1
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH 07/10] build: Rename activate-setuid-programs.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 20:49:05 +0000
Resent-Message-ID: <handler.61462.B61462.167623493918038 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167623493918038
(code B ref 61462); Sun, 12 Feb 2023 20:49:05 +0000
Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:59 +0000
Received: from localhost ([127.0.0.1]:46993 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJHO-0004gl-D7
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:58 -0500
Received: from tobias.gr ([80.241.217.52]:56712)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJHC-0004fL-50
for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:46 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=CP4R0uizaioVl
NgWaY78ttb7yEcrqQ3c62NXaROIVCU=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=hnx8m1+D35zItVtdMXAShhhs5G/F2AQP6onVMv
lbmrZCtcZmcNKGaIS/16gIAKsfcZsQUIDw+PuNB7VhuXAwM50+vvG/8bMoMHwZ9lu3vISu
YRcMoICOFDjgMIZeMGQ5kUFM3XA8DfqnDonfX8OcFfyqjx+/dX83l2ikqXDFkbKoCF6R1Y
+DIpNAsY1rswLtt0MpxnyDdQyapkDyV2FkxCOwA9WNXI9iZ065gI8WhQRrz7K2CXhhmc7A
EZhbShviOfF9lnj9umXpCeJAPGFe1jcHoJJT4p0ht30OLvYBydzzT2JAgBjLmimA8ow/h6
aGdTBxdmzMvP8jKJnh8iYXyQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 3798ac59
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Sun, 12 Feb 2023 20:48:38 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 5 Feb 2023 01:00:16 +0100
Message-Id: <20230205000019.6259-7-me@HIDDEN>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230205000019.6259-1-me@HIDDEN>
References: <20230205000019.6259-1-me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/build/activation.scm (activate-setuid-programs): Rename
=?UTF-8?Q?this=E2=80=A6?= (activate-privileged-programs): =?UTF-8?Q?=E2=80=A6to?= this. Operate on a list of
<privileged-program> records. * gnu/services.scm (setuid-program- [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/build/activation.scm (activate-setuid-programs): Rename
=?UTF-8?Q?this=E2=80=A6?= (activate-privileged-programs): =?UTF-8?Q?=E2=80=A6to?= this. Operate on a list of
<privileged-program> records. * gnu/services.scm (setuid-program- [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/build/activation.scm (activate-setuid-programs): Rename this…
(activate-privileged-programs): …to this.
Operate on a list of <privileged-program> records.
* gnu/services.scm (setuid-program->activation-gexp): Adjust caller.
---
gnu/build/activation.scm | 24 ++++++++++++------------
gnu/services.scm | 2 +-
2 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index af947a39fa..b5004a292c 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -27,7 +27,7 @@
(define-module (gnu build activation)
#:use-module (gnu system accounts)
- #:use-module (gnu system setuid)
+ #:use-module (gnu system privilege)
#:use-module (gnu build accounts)
#:use-module (gnu build linux-boot)
#:use-module (guix build utils)
@@ -41,7 +41,7 @@ (define-module (gnu build activation)
#:export (activate-users+groups
activate-user-home
activate-etc
- activate-setuid-programs
+ activate-privileged-programs
activate-special-files
activate-modprobe
activate-firmware
@@ -287,8 +287,8 @@ (define %privileged-program-directory
;; Place where privileged copies of programs are stored.
"/run/privileged/bin")
-(define (activate-setuid-programs programs)
- "Turn PROGRAMS, a list of file setuid-programs records, into privileged
+(define (activate-privileged-programs programs)
+ "Turn PROGRAMS, a list of file privileged-programs records, into privileged
copies stored under %PRIVILEGED-PROGRAM-DIRECTORY."
(define (ensure-empty-directory directory)
(if (file-exists? directory)
@@ -325,11 +325,11 @@ (define (make-deprecated-wrapper program)
(for-each (lambda (program)
(catch 'system-error
(lambda ()
- (let* ((program-name (setuid-program-program program))
- (setuid? (setuid-program-setuid? program))
- (setgid? (setuid-program-setgid? program))
- (user (setuid-program-user program))
- (group (setuid-program-group program))
+ (let* ((program-name (privileged-program-program program))
+ (setuid? (privileged-program-setuid? program))
+ (setgid? (privileged-program-setgid? program))
+ (user (privileged-program-user program))
+ (group (privileged-program-group program))
(uid (match user
((? string?) (passwd:uid (getpwnam user)))
((? integer?) user)))
@@ -339,13 +339,13 @@ (define (make-deprecated-wrapper program)
(make-privileged-program program-name setuid? setgid? uid gid)
(make-deprecated-wrapper program-name)))
(lambda args
- ;; If we fail to create a setuid program, better keep going
+ ;; If we fail to create a privileged program, better keep going
;; so that we don't leave %PRIVILEGED-PROGRAM-DIRECTORY empty
;; or half-populated. This can happen if PROGRAMS contains
;; incorrect file names: <https://bugs.gnu.org/38800>.
(format (current-error-port)
- "warning: failed to make ~s setuid/setgid: ~a~%"
- (setuid-program-program program)
+ "warning: failed to privilege ~s: ~a~%"
+ (privileged-program-program program)
(strerror (system-error-errno args))))))
programs))
diff --git a/gnu/services.scm b/gnu/services.scm
index 26546e1369..af9f4e1db6 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -832,7 +832,7 @@ (define (setuid-program->activation-gexp programs)
#~(begin
(use-modules (gnu system setuid))
- (activate-setuid-programs (list #$@programs))))))
+ (activate-privileged-programs (list #$@programs))))))
(define setuid-program-service-type
(service-type (name 'setuid-program)
--
2.39.1
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH 08/10] services: Rename setuid-program-service-type.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 20:49:05 +0000
Resent-Message-ID: <handler.61462.B61462.167623493918045 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167623493918045
(code B ref 61462); Sun, 12 Feb 2023 20:49:05 +0000
Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:59 +0000
Received: from localhost ([127.0.0.1]:46995 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJHO-0004gu-TO
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:59 -0500
Received: from tobias.gr ([80.241.217.52]:55494)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJHC-0004er-9w
for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:47 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=UiCh72+qtEtjD
cG567MZrChL3N6G3FPpI9BMMitY9AU=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=PZDKOxWdgoHSP/H2e7IuK2NhWUcziE9qaBKn1j
WlDe+C+nU4VG5QVyjOu16XowZjMqM7w0hZCHS59ZlLFviypTsXLZxLaJuXDJGDGKWmmZls
M8AFnpVMRDVNX0C+rKu0Gt60L6IPw+ssckMxPEXLpg9A45NjHHMvxvZpTDZgbukhidu5hG
Ifg8Bqj0QQE+1vPw2kF2aAZUDe6WpCXVGnKWqzR+gyU1rp0BI2JBmSjANrNzPPwYaujhAB
cPwukYsN7kvsXrNt0I0e59lpGueQZYKotFz5PzqpSzVL0GVQ0gWI0T7u71JHCPamLswW9/
58socsOy1kuN5YirzIV8QkwQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 7ca668bf
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Sun, 12 Feb 2023 20:48:38 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 5 Feb 2023 01:00:17 +0100
Message-Id: <20230205000019.6259-8-me@HIDDEN>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230205000019.6259-1-me@HIDDEN>
References: <20230205000019.6259-1-me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/services.scm (setuid-program->activation-gexp): Rename
=?UTF-8?Q?this=E2=80=A6?= (privileged-program->activation-gexp): =?UTF-8?Q?=E2=80=A6to?= this. Operate on a list
of <privileged-program> records. (privileged-program-service-t [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/services.scm (setuid-program->activation-gexp): Rename
=?UTF-8?Q?this=E2=80=A6?= (privileged-program->activation-gexp): =?UTF-8?Q?=E2=80=A6to?= this. Operate on a list
of <privileged-program> records. (privileged-program-service-t [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/services.scm (setuid-program->activation-gexp): Rename this…
(privileged-program->activation-gexp): …to this.
Operate on a list of <privileged-program> records.
(privileged-program-service-type): New variable, renamed from
setuid-program-service-type. Rename the service-type accordingly.
(setuid-program-service-type): Redefine as an alias for the above.
---
gnu/services.scm | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/gnu/services.scm b/gnu/services.scm
index af9f4e1db6..09ff58dcd1 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -43,6 +43,7 @@ (define-module (gnu services)
#:use-module (gnu packages base)
#:use-module (gnu packages bash)
#:use-module (gnu packages hurd)
+ #:use-module (gnu system privilege)
#:use-module (gnu system setuid)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
@@ -110,7 +111,8 @@ (define-module (gnu services)
extra-special-file
etc-service-type
etc-directory
- setuid-program-service-type
+ privileged-program-service-type
+ setuid-program-service-type ; deprecated
profile-service-type
firmware-service-type
gc-root-service-type
@@ -810,17 +812,17 @@ (define (etc-service files)
FILES must be a list of name/file-like object pairs."
(service etc-service-type files))
-(define (setuid-program->activation-gexp programs)
- "Return an activation gexp for setuid-program from PROGRAMS."
+(define (privileged-program->activation-gexp programs)
+ "Return an activation gexp for privileged-program from PROGRAMS."
(let ((programs (map (lambda (program)
;; FIXME This is really ugly, I didn't managed to use
;; "inherit"
- (let ((program-name (setuid-program-program program))
- (setuid? (setuid-program-setuid? program))
- (setgid? (setuid-program-setgid? program))
- (user (setuid-program-user program))
- (group (setuid-program-group program)) )
- #~(setuid-program
+ (let ((program-name (privileged-program-program program))
+ (setuid? (privileged-program-setuid? program))
+ (setgid? (privileged-program-setgid? program))
+ (user (privileged-program-user program))
+ (group (privileged-program-group program)) )
+ #~(privileged-program
(setuid? #$setuid?)
(setgid? #$setgid?)
(user #$user)
@@ -828,17 +830,17 @@ (define (setuid-program->activation-gexp programs)
(program #$program-name))))
programs)))
(with-imported-modules (source-module-closure
- '((gnu system setuid)))
+ '((gnu system privilege)))
#~(begin
- (use-modules (gnu system setuid))
+ (use-modules (gnu system privilege))
(activate-privileged-programs (list #$@programs))))))
-(define setuid-program-service-type
- (service-type (name 'setuid-program)
+(define privileged-program-service-type
+ (service-type (name 'privileged-program)
(extensions
(list (service-extension activation-service-type
- setuid-program->activation-gexp)))
+ privileged-program->activation-gexp)))
(compose concatenate)
(extend (lambda (config extensions)
(append config extensions)))
@@ -850,6 +852,10 @@ (define setuid-program-service-type
symbolic links to their @file{/run/privileged/bin} counterpart. It will be
removed in a future Guix release.")))
+(define setuid-program-service-type
+ ;; Deprecated alias to ease transition. Will be removed!
+ privileged-program-service-type)
+
(define (packages->profile-entry packages)
"Return a system entry for the profile containing PACKAGES."
;; XXX: 'mlet' is needed here for one reason: to get the proper
--
2.39.1
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH 09/10] system: Use privileged-program-service-type by default.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 20:49:05 +0000
Resent-Message-ID: <handler.61462.B61462.167623493918053 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167623493918053
(code B ref 61462); Sun, 12 Feb 2023 20:49:05 +0000
Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:48:59 +0000
Received: from localhost ([127.0.0.1]:46997 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJHP-0004h5-E0
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:59 -0500
Received: from tobias.gr ([80.241.217.52]:56712)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJHD-0004fL-7W
for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:48 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=ij+3/JnSHHOBw
dGs7xen+JspaCjAGqkeM0WL74Dq5Xg=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=Ps85EIroMVBLwmlJwBiuOwj/qaLm7CNeuPb0t9
ESqV++4D4Xbq4AnWSscudRJmO6WvE2vowE2e7RiReupi4oPPBw2FuZlsx8OvfSgq0X+wOH
bSKkJ0hZGJFPv8MVBntchobmq83Hh4dSNgV2boOvlH/y+oCPJL6lnyKywwo+rZsZMvl3la
ei09TOfARoxRVwdYy2L5GRsCd/xO+btgoYPoCpdmkAorRKx1c6Ve1xI25rmmcSraSsBbhq
2lPCmppDrzxvF7s2Ur9c9egbqSuc9atSEsQVzXt9Au2/dyUs9usQ4U23g8ckC+K+bgNymH
EnJJBviOpNoeu5bKNWXdTWAg==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 0bd179a6
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Sun, 12 Feb 2023 20:48:39 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 5 Feb 2023 01:00:18 +0100
Message-Id: <20230205000019.6259-9-me@HIDDEN>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230205000019.6259-1-me@HIDDEN>
References: <20230205000019.6259-1-me@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system.scm
(operating-system-default-essential-services)
(hurd-default-essential-services): Substitute privileged-program-service-type
for setuid-program-service-type. --- gnu/system.scm | 4 ++- [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date -0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system.scm (operating-system-default-essential-services)
(hurd-default-essential-services): Substitute privileged-program-service-type
for setuid-program-service-type. --- gnu/system.scm | 4 ++- [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/system.scm (operating-system-default-essential-services)
(hurd-default-essential-services): Substitute
privileged-program-service-type for setuid-program-service-type.
---
gnu/system.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/system.scm b/gnu/system.scm
index 446439bcac..3b66847b4f 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -784,7 +784,7 @@ (define known-fs
(operating-system-environment-variables os))
(host-name-service host-name)
procs root-fs
- (service setuid-program-service-type
+ (service privileged-program-service-type
(operating-system-setuid-programs os))
(service profile-service-type
(operating-system-packages os))
@@ -825,7 +825,7 @@ (define (hurd-default-essential-services os)
(list `("hosts" ,hosts-file)))
(service hosts-service-type
(local-host-entries host-name)))
- (service setuid-program-service-type
+ (service privileged-program-service-type
(operating-system-setuid-programs os))
(service profile-service-type (operating-system-packages os)))))
--
2.39.1
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH 10/10] system: Add privileged-programs to <operating-system>.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 20:49:06 +0000
Resent-Message-ID: <handler.61462.B61462.167623494018061 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167623494018061
(code B ref 61462); Sun, 12 Feb 2023 20:49:06 +0000
Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 20:49:00 +0000
Received: from localhost ([127.0.0.1]:46999 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJHP-0004h8-Oy
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:49:00 -0500
Received: from tobias.gr ([80.241.217.52]:55494)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJHE-0004er-51
for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 15:48:49 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=wV433SZDeFgI9
l18IAAEDfYna/0K/bt/arEBFHI/NDU=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=G2IZ/j+z/viCWoWywsjqMP6UwPeBqfuQK6xgfm
KWA5ufh0yhp2muuIBxsJuysPEJb4Mialy+C3E8xywSyobpZ2E/dzkxi3DqjQUsT4Z7woh6
rk/6/5IZHeutlPWs1HXnwxepgKtEGa8ltQJRTIkVjD6vdOmSR5OfgyhFf2wZjiEMonkwKW
K7n5nBNf6ElXjgn3/fAggmm+7ZJPGXci/jGLVxgATvzkMMg0f4gPflF3Mn1weD2SKstpYc
kGTpWS+gEOsET2hGNGl/9VpePkAwAkGcmyqxbYA7OcAhWxeHPKUJGF08vb1zYaybjwjtJ2
C2bI53EidIKC3vST6L95p5YQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 112266e7
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Sun, 12 Feb 2023 20:48:39 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 5 Feb 2023 01:00:19 +0100
Message-Id: <20230205000019.6259-10-me@HIDDEN>
X-Mailer: git-send-email 2.39.1
In-Reply-To: <20230205000019.6259-1-me@HIDDEN>
References: <20230205000019.6259-1-me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system.scm (<operating-system>): Add new privileged-programs
field, that defaults =?UTF-8?Q?to=E2=80=A6?= (%default-privileged-programs): =?UTF-8?Q?=E2=80=A6this?= new variable,
renamed =?UTF-8?Q?from=E2=80=A6?= (%setuid-programs): =?UTF-8?Q?=E2=80=A6this,?= which i [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system.scm (<operating-system>): Add new privileged-programs
field, that defaults =?UTF-8?Q?to=E2=80=A6?= (%default-privileged-programs): =?UTF-8?Q?=E2=80=A6this?= new variable,
renamed =?UTF-8?Q?from=E2=80=A6?= (%setuid-programs): =?UTF-8?Q?=E2=80=A6this,?= which i [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/system.scm (<operating-system>): Add new privileged-programs
field, that defaults to…
(%default-privileged-programs): …this new variable, renamed from…
(%setuid-programs): …this, which is now defined as the empty list.
* doc/guix.texi (Setuid Programs): Rename this…
(Privileged Programs): …to this. Adjust all refs. Update all mentions
of ‘setuid’ (whether in prose, variable names, or code samples) to use
the new ‘privilege[d]’ terminology instead.
(operating-system Reference, X Window, Desktop Services,
Invoking guix system, Service Reference): Adjust likewise.
---
doc/guix.texi | 89 ++++++++++++++++++++++-------------------
gnu/packages/crypto.scm | 2 +-
gnu/services.scm | 1 -
gnu/system.scm | 21 ++++++++--
4 files changed, 65 insertions(+), 48 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 009bcf5d40..7e54abcffb 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -358,7 +358,7 @@ System Configuration
* Keyboard Layout:: How the system interprets key strokes.
* Locales:: Language and cultural convention settings.
* Services:: Specifying system services.
-* Setuid Programs:: Programs running with elevated privileges.
+* Privileged Programs:: Programs running with elevated privileges.
* X.509 Certificates:: Authenticating HTTPS servers.
* Name Service Switch:: Configuring libc's name service switch.
* Initial RAM Disk:: Linux-Libre bootstrapping.
@@ -16146,7 +16146,7 @@ instance to support new system services.
* Keyboard Layout:: How the system interprets key strokes.
* Locales:: Language and cultural convention settings.
* Services:: Specifying system services.
-* Setuid Programs:: Programs running with elevated privileges.
+* Privileged Programs:: Programs running with elevated privileges.
* X.509 Certificates:: Authenticating HTTPS servers.
* Name Service Switch:: Configuring libc's name service switch.
* Initial RAM Disk:: Linux-Libre bootstrapping.
@@ -16591,9 +16591,9 @@ As a user you should @emph{never} need to touch this field.
Linux @dfn{pluggable authentication module} (PAM) services.
@c FIXME: Add xref to PAM services section.
-@item @code{setuid-programs} (default: @code{%setuid-programs})
-List of @code{<setuid-program>}. @xref{Setuid Programs}, for more
-information.
+@item @code{privileged-programs} (default: @code{%default-privileged-programs})
+List of @code{<privileged-program>}. @xref{Privileged Programs}, for
+more information.
@item @code{sudoers-file} (default: @code{%sudoers-specification})
@cindex sudoers file
@@ -22047,8 +22047,8 @@ Usually the X server is started by a login manager.
@deffn {Scheme Procedure} screen-locker-service @var{package} [@var{program}]
Add @var{package}, a package for a screen locker or screen saver whose
-command is @var{program}, to the set of setuid programs and add a PAM entry
-for it. For example:
+command is @var{program}, to the set of privileged programs and add a PAM
+entry for it. For example:
@lisp
(screen-locker-service xlockmore "xlock")
@@ -22965,9 +22965,9 @@ to operate with elevated privileges on a limited number of special-purpose
system interfaces. Additionally, adding a service of type
@code{mate-desktop-service-type} adds the MATE metapackage to the system
profile. ``Adding Enlightenment'' means that @code{dbus} is extended
-appropriately, and several of Enlightenment's binaries are set as setuid,
-allowing Enlightenment's screen locker and other functionality to work as
-expected.
+appropriately, and several of Enlightenment's binaries are set as privileged
+programs, allowing Enlightenment's screen locker and other functionality to
+work as expected.
The desktop environments in Guix use the Xorg display server by
default. If you'd like to use the newer display server protocol
@@ -25905,7 +25905,7 @@ remote servers. Run @command{man smtpd.conf} for more information.
Make the following commands setgid to @code{smtpq} so they can be
executed: @command{smtpctl}, @command{sendmail}, @command{send-mail},
@command{makemap}, @command{mailq}, and @command{newaliases}.
-@xref{Setuid Programs}, for more information on setgid programs.
+@xref{Privileged Programs}, for more information on setgid programs.
@end table
@end deftp
@@ -37704,8 +37704,8 @@ create and run application bundles (aka. ``containers''). The value for this
service is the Singularity package to use.
The service does not install a daemon; instead, it installs helper programs as
-setuid-root (@pxref{Setuid Programs}) such that unprivileged users can invoke
-@command{singularity run} and similar commands.
+setuid-root (@pxref{Privileged Programs}) such that unprivileged users can
+invoke @command{singularity run} and similar commands.
@end defvar
@cindex Audit
@@ -38136,11 +38136,14 @@ Mode for filter.
@c End of auto-generated fail2ban documentation.
-@node Setuid Programs
-@section Setuid Programs
+@node Privileged Programs
+@section Privileged Programs
+@cindex privileged programs
@cindex setuid programs
@cindex setgid programs
+@cindex capabilities, POSIX
+@cindex setcap
Some programs need to run with elevated privileges, even when they are
launched by unprivileged users. A notorious example is the
@command{passwd} program, which users can run to change their
@@ -38151,46 +38154,48 @@ obvious security reasons. To address that, @command{passwd} should be
(@pxref{How Change Persona,,, libc, The GNU C Library Reference Manual},
for more info about the setuid mechanism).
-The store itself @emph{cannot} contain setuid programs: that would be a
-security issue since any user on the system can write derivations that
+The store itself @emph{cannot} contain privileged programs: that would be
+a security issue since any user on the system can write derivations that
populate the store (@pxref{The Store}). Thus, a different mechanism is
-used: instead of changing the setuid or setgid bits directly on files that
-are in the store, we let the system administrator @emph{declare} which
+used: instead of directly granting permissions to files that are in
+the store, we let the system administrator @emph{declare} which
programs should be entrusted with these additional privileges.
-The @code{setuid-programs} field of an @code{operating-system}
-declaration contains a list of @code{<setuid-program>} denoting the
+The @code{privileged-programs} field of an @code{operating-system}
+declaration contains a list of @code{<privileged-program>} denoting the
names of programs to have a setuid or setgid bit set (@pxref{Using the
Configuration System}). For instance, the @command{mount.nfs} program,
which is part of the nfs-utils package, with a setuid root can be
designated like this:
@lisp
-(setuid-program
- (program (file-append nfs-utils "/sbin/mount.nfs")))
+(privileged-program
+ (program (file-append nfs-utils "/sbin/mount.nfs"))
+ (setuid? #t))
@end lisp
And then, to make @command{mount.nfs} setuid on your system, add the
previous example to your operating system declaration by appending it to
-@code{%setuid-programs} like this:
+@code{%default-privileged-programs} like this:
@lisp
(operating-system
;; Some fields omitted...
- (setuid-programs
- (append (list (setuid-program
- (program (file-append nfs-utils "/sbin/mount.nfs"))))
- %setuid-programs)))
+ (privileged-programs
+ (append (list (privileged-program
+ (program (file-append nfs-utils "/sbin/mount.nfs"))
+ (setuid? #t))
+ %default-privileged-programs)))
@end lisp
-@deftp {Data Type} setuid-program
-This data type represents a program with a setuid or setgid bit set.
+@deftp {Data Type} privileged-program
+This data type represents a program with special privileges, such as setuid
@table @asis
@item @code{program}
-A file-like object having its setuid and/or setgid bit set.
+A file-like object to which all given privileges should apply.
-@item @code{setuid?} (default: @code{#t})
+@item @code{setuid?} (default: @code{#f})
Whether to set user setuid bit.
@item @code{setgid?} (default: @code{#f})
@@ -38207,18 +38212,18 @@ defaults to root.
@end table
@end deftp
-A default set of setuid programs is defined by the
-@code{%setuid-programs} variable of the @code{(gnu system)} module.
+A default set of privileged programs is defined by the
+@code{%default-privileged-programs} variable of the @code{(gnu system)} module.
-@defvar %setuid-programs
-A list of @code{<setuid-program>} denoting common programs that are
-setuid-root.
+@defvar {Scheme Variable} %default-privileged-programs
+A list of @code{<privileged-program>} denoting common programs with
+elevated privileges.
The list includes commands such as @command{passwd}, @command{ping},
@command{su}, and @command{sudo}.
@end defvar
-Under the hood, the actual setuid programs are created in the
+Under the hood, the actual privileged programs are created in the
@file{/run/privileged/bin} directory at system activation time. The
files in this directory refer to the ``real'' binaries, which are in the
store.
@@ -39089,7 +39094,7 @@ once @command{reconfigure} has completed.
@end quotation
This effects all the configuration specified in @var{file}: user
-accounts, system services, global package list, setuid programs, etc.
+accounts, system services, global package list, privileged programs, etc.
The command starts system services specified in @var{file} that are not
currently running; if a service is currently running this command will
arrange for it to be upgraded the next time it is stopped (e.g.@: by
@@ -40535,10 +40540,10 @@ tiresome to create multiple records with it so in practice the procedure
@end quotation
@end defvar
-@defvar setuid-program-service-type
-Type for the ``setuid-program service''. This service collects lists of
+@defvar privileged-program-service-type
+Type for the ``privileged-program service''. This service collects lists of
executable file names, passed as gexps, and adds them to the set of
-setuid and setgid programs on the system (@pxref{Setuid Programs}).
+privileged programs on the system (@pxref{Privileged Programs}).
@end defvar
@defvar profile-service-type
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 57a42a6a84..87c26f10ad 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -499,7 +499,7 @@ (define-public tomb
`(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
;; The "sudo" input is needed only to satisfy dependency checks in the
;; 'check' phase. The "sudo" used at runtime should come from the
- ;; system's setuid-programs, so ensure no reference is kept.
+ ;; system's privileged-programs, so ensure no reference is kept.
#:disallowed-references (,sudo)
;; TODO: Build and install gtk and qt trays
#:phases
diff --git a/gnu/services.scm b/gnu/services.scm
index 09ff58dcd1..9825f4a4a5 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -44,7 +44,6 @@ (define-module (gnu services)
#:use-module (gnu packages bash)
#:use-module (gnu packages hurd)
#:use-module (gnu system privilege)
- #:use-module (gnu system setuid)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
#:use-module (srfi srfi-9 gnu)
diff --git a/gnu/system.scm b/gnu/system.scm
index 3b66847b4f..1a22dc65f5 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -75,6 +75,7 @@ (define-module (gnu system)
#:use-module (gnu system locale)
#:use-module (gnu system pam)
#:use-module (gnu system linux-initrd)
+ #:use-module (gnu system privilege)
#:use-module (gnu system setuid)
#:use-module (gnu system uuid)
#:use-module (gnu system file-systems)
@@ -128,6 +129,7 @@ (define-module (gnu system)
operating-system-keyboard-layout
operating-system-name-service-switch
operating-system-pam-services
+ operating-system-privileged-programs
operating-system-setuid-programs
operating-system-skeletons
operating-system-sudoers-file
@@ -173,6 +175,7 @@ (define-module (gnu system)
local-host-aliases ;deprecated
local-host-entries
%root-account
+ %default-privileged-programs
%setuid-programs
%sudoers-specification
%base-packages
@@ -296,7 +299,10 @@ (define-record-type* <operating-system> operating-system
(pam-services operating-system-pam-services ; list of PAM services
(default (base-pam-services)))
+ (privileged-programs operating-system-privileged-programs ; list of <privileged-program>
+ (default %default-privileged-programs))
(setuid-programs operating-system-setuid-programs
+ ;; For backwards compatibility; will be removed.
(default %setuid-programs)) ; list of <setuid-program>
(sudoers-file operating-system-sudoers-file ; file-like
@@ -785,7 +791,8 @@ (define known-fs
(host-name-service host-name)
procs root-fs
(service privileged-program-service-type
- (operating-system-setuid-programs os))
+ (append (operating-system-privileged-programs os)
+ (operating-system-setuid-programs os)))
(service profile-service-type
(operating-system-packages os))
boot-fs non-boot-fs
@@ -826,7 +833,8 @@ (define (hurd-default-essential-services os)
(service hosts-service-type
(local-host-entries host-name)))
(service privileged-program-service-type
- (operating-system-setuid-programs os))
+ (append (operating-system-privileged-programs os)
+ (operating-system-setuid-programs os)))
(service profile-service-type (operating-system-packages os)))))
(define* (operating-system-services os)
@@ -1213,8 +1221,7 @@ (define (operating-system-environment-variables os)
;; TODO: Remove when glibc@HIDDEN is long gone.
("GUIX_LOCPATH" . "/run/current-system/locale")))
-(define %setuid-programs
- ;; Default set of setuid-root programs.
+(define %default-privileged-programs
(let ((shadow (@ (gnu packages admin) shadow)))
(map file-like->setuid-program
(list (file-append shadow "/bin/passwd")
@@ -1236,6 +1243,12 @@ (define %setuid-programs
(file-append util-linux "/bin/mount")
(file-append util-linux "/bin/umount")))))
+(define %setuid-programs
+ ;; Do not add to this list or use it in new code! It's defined only to ease
+ ;; transition to %default-privileged-programs and will be removed. Some rare
+ ;; use cases already break, such as the obvious (remove … %setuid-programs).
+ '())
+
(define %sudoers-specification
;; Default /etc/sudoers contents: 'root' and all members of the 'wheel'
;; group can do anything. See
--
2.39.1
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 21:05:01 +0000
Resent-Message-ID: <handler.61462.B.167623585119868 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
Cc: 61462 <at> debbugs.gnu.org
X-Debbugs-Original-Cc: guix-patches@HIDDEN, 61462 <at> debbugs.gnu.org
Received: via spool by submit <at> debbugs.gnu.org id=B.167623585119868
(code B ref -1); Sun, 12 Feb 2023 21:05:01 +0000
Received: (at submit) by debbugs.gnu.org; 12 Feb 2023 21:04:11 +0000
Received: from localhost ([127.0.0.1]:47057 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJW7-0005AO-Gd
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 16:04:11 -0500
Received: from lists.gnu.org ([209.51.188.17]:42676)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJW5-0005AD-Iz
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 16:04:09 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10])
by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <me@HIDDEN>) id 1pRJW5-0003Cv-7u
for guix-patches@HIDDEN; Sun, 12 Feb 2023 16:04:09 -0500
Received: from tobias.gr ([2a02:c205:2020:6054::1])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <me@HIDDEN>) id 1pRJW3-0004xW-IW
for guix-patches@HIDDEN; Sun, 12 Feb 2023 16:04:08 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=ects59M+Qyqeq
th68sc8KHdBOoT05vvqROOUjfUtjtg=;
h=in-reply-to:date:subject:cc:from:
references; d=tobias.gr; b=Euzr3nuW/boyNOE2P4Jt8c5enYbOfTq90Erm5kt2R2z
iVTZ7RPXr74QGiLKNlHw67E9WmE0oKYNCf+l+tVhZ8SeTla8AK6/WyF30P8ulVSaa/xRpp
8j0ZSs6E71gM1w/cw9D+4eitZW8ShYp/gVsXsXIAF6A2WIYErc3zYh/ANEF4QgX68Z+upv
iNZhe6byLAZB5pFuYTGVQhlqZmk+Qhzv0W1mKTUv/Khp/D/vlH79ZcI5+vyph/pogUqRFO
BHZ2sobDmNuiMbklkSpjmAkbeDJKH3g/MKBFMFS8rpKxPEkBd17Irwnk8qDObQrO9kbUAj
CjYIxfOFqupw/SU1Ctg==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 5648d6f2
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Sun, 12 Feb 2023 21:04:02 +0000 (UTC)
References: <87r0uuehlr.fsf@nckx>
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 12 Feb 2023 22:05:34 +0100
In-reply-to: <87r0uuehlr.fsf@nckx>
BIMI-Selector: v=BIMI1; s=default;
Message-ID: <87ilg6egq6.fsf@nckx>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
Received-SPF: pass client-ip=2a02:c205:2020:6054::1; envelope-from=me@HIDDEN;
helo=tobias.gr
X-Spam_score_int: -10
X-Spam_score: -1.1
X-Spam_bar: -
X-Spam_report: (-1.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, MISSING_HEADERS=1.021,
SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=no autolearn_force=no
X-Spam_action: no action
X-Spam-Score: -0.4 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.4 (-)
--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Tobias Geerinckx-Rice via Guix-patches via =E5=86=99=E9=81=93=EF=BC=9A
> The set's over a year old and needs a bit of love.
I noticed some merge conflicts after sending this cover letter,=20
and, as I'm too tired for love right now, will fix them and send=20
the rest tomorrow.
Kind regards,
T G-R
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY+lU0Q0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15FF8A/A/hnwF5IYhs13H9ooT7WaKcP7tUWTZCgddptq19
l0mJAQClDDaRMVdKZ2d4d0JdUG4IATHaok/BQCWdoLsS/7/AAA==
=/4BU
-----END PGP SIGNATURE-----
--=-=-=--
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 12 Feb 2023 21:05:02 +0000
Resent-Message-ID: <handler.61462.B61462.167623584919851 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
Cc: 61462 <at> debbugs.gnu.org
X-Debbugs-Original-Cc: guix-patches@HIDDEN, 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167623584919851
(code B ref 61462); Sun, 12 Feb 2023 21:05:02 +0000
Received: (at 61462) by debbugs.gnu.org; 12 Feb 2023 21:04:09 +0000
Received: from localhost ([127.0.0.1]:47053 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pRJW5-0005A6-9y
for submit <at> debbugs.gnu.org; Sun, 12 Feb 2023 16:04:09 -0500
Received: from tobias.gr ([80.241.217.52]:37414)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1pRJW2-00059x-Kh
for 61462 <at> debbugs.gnu.org; Sun, 12 Feb 2023 16:04:07 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=ects59M+Qyqeq
th68sc8KHdBOoT05vvqROOUjfUtjtg=;
h=in-reply-to:date:subject:cc:from:
references; d=tobias.gr; b=Euzr3nuW/boyNOE2P4Jt8c5enYbOfTq90Erm5kt2R2z
iVTZ7RPXr74QGiLKNlHw67E9WmE0oKYNCf+l+tVhZ8SeTla8AK6/WyF30P8ulVSaa/xRpp
8j0ZSs6E71gM1w/cw9D+4eitZW8ShYp/gVsXsXIAF6A2WIYErc3zYh/ANEF4QgX68Z+upv
iNZhe6byLAZB5pFuYTGVQhlqZmk+Qhzv0W1mKTUv/Khp/D/vlH79ZcI5+vyph/pogUqRFO
BHZ2sobDmNuiMbklkSpjmAkbeDJKH3g/MKBFMFS8rpKxPEkBd17Irwnk8qDObQrO9kbUAj
CjYIxfOFqupw/SU1Ctg==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 5648d6f2
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO);
Sun, 12 Feb 2023 21:04:02 +0000 (UTC)
References: <87r0uuehlr.fsf@nckx>
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 12 Feb 2023 22:05:34 +0100
In-reply-to: <87r0uuehlr.fsf@nckx>
BIMI-Selector: v=BIMI1; s=default;
Message-ID: <87ilg6egq6.fsf@nckx>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: 1.2 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Tobias Geerinckx-Rice via Guix-patches via =?UTF-8?Q?=E5=86=99=E9=81=93=EF=BC=9A?= > The
set's over a year old and needs a bit of love. I noticed some merge conflicts
after sending this cover letter, and, as I'm too tired for love right now,
will fix them and send the rest tomorrow.
Content analysis details: (1.2 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1.2 MISSING_HEADERS Missing To: header
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 SPF_PASS SPF: sender matches SPF record
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 0.2 (/)
--=-=-=
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
Tobias Geerinckx-Rice via Guix-patches via =E5=86=99=E9=81=93=EF=BC=9A
> The set's over a year old and needs a bit of love.
I noticed some merge conflicts after sending this cover letter,=20
and, as I'm too tired for love right now, will fix them and send=20
the rest tomorrow.
Kind regards,
T G-R
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iIMEARYKACsWIQT12iAyS4c9C3o4dnINsP+IT1VteQUCY+lU0Q0cbWVAdG9iaWFz
LmdyAAoJEA2w/4hPVW15FF8A/A/hnwF5IYhs13H9ooT7WaKcP7tUWTZCgddptq19
l0mJAQClDDaRMVdKZ2d4d0JdUG4IATHaok/BQCWdoLsS/7/AAA==
=/4BU
-----END PGP SIGNATURE-----
--=-=-=--
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sat, 04 Mar 2023 16:57:02 +0000
Resent-Message-ID: <handler.61462.B61462.167794897123321 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: Tobias Geerinckx-Rice <me@HIDDEN>
Cc: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167794897123321
(code B ref 61462); Sat, 04 Mar 2023 16:57:02 +0000
Received: (at 61462) by debbugs.gnu.org; 4 Mar 2023 16:56:11 +0000
Received: from localhost ([127.0.0.1]:37573 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pYVB5-000645-5D
for submit <at> debbugs.gnu.org; Sat, 04 Mar 2023 11:56:11 -0500
Received: from eggs.gnu.org ([209.51.188.92]:44042)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1pYVB3-00063s-Ed
for 61462 <at> debbugs.gnu.org; Sat, 04 Mar 2023 11:56:09 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1pYVAy-0005bn-43; Sat, 04 Mar 2023 11:56:04 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
From; bh=PAAw89UqmdjdF/wuphcngUyNER0pl569rIdvDpyGh00=; b=BvpfTBDwR421TFuXb8bb
d4iES2zhoNAuI1g8ERF10DsXZaP5MGrvESgJRB/oZ6Qcyk8YcwlNCpAmHtHyWT3U5ezIlFICsaP2l
pS0ETfYYFaagAckQbH87RO407RMpSb891hunAfTFrfyeUT5AKqi7q7+YfBofZDoFljz0k9F2ZgNUm
d3uIvFkwq+/GvwhtWWZtreNN11e1qxyUkFc6CKvssWk9aQ3xUhb+zOoW0zfISH6yTDkJt3PPWzlrI
CTyh8QpDWzv8CwEME4OdIS1MQyfhP2UHIfkMiSI2uZklIFQeM2YIsF1ZmFra0eKy2Q4+fNS3S+pUA
4H+/QzgY53wiGg==;
Received: from 91-160-117-201.subs.proxad.net ([91.160.117.201] helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1pYVAw-0004iO-VL; Sat, 04 Mar 2023 11:56:03 -0500
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <87r0uuehlr.fsf@nckx>
Date: Sat, 04 Mar 2023 17:55:59 +0100
In-Reply-To: <87r0uuehlr.fsf@nckx> (Tobias Geerinckx-Rice's message of "Sun,
12 Feb 2023 21:37:54 +0100")
Message-ID: <877cvwsbfk.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi!
Tobias Geerinckx-Rice <me@HIDDEN> skribis:
> I need to offload some of my eternally rebased local patches. Here's
> one that makes it easy to assign capabilities(7) =E2=80=94 currently thro=
ugh
> setcap(8) =E2=80=94 to programmes like we can set{u,g}id.
>
> There are many packages that benefit from this. Mine are:
>
> (privileged-programs
> (cons* (privileged-program
> (file-append mtr "/sbin/mtr")
> (capabilities "cap_net_raw+ep"))
> (privileged-program
> (file-append nethogs "/sbin/nethogs")
> (capabilities "cap_net_admin,cap_new_raw+ep"))
> (privileged-program
> (file-append light "/bin/light")
> (setuid? #t))
> %default-privileged-programs))
Neat!
> The set's over a year old and needs a bit of love. Some details might
> have bitrot, I probably forgot a to-do or two in that year, and
> there's something unguixy about calling setcap(8) instead of writing a
> completely new Guile binding/module :-)
>
> I'm quite opinionated about the setuid-programs unification: there
> should not be multiple confusing and masking layers of privilege, and
> it should be possible to setgid a capable executable.
So you mean that =E2=80=98privileged-programs=E2=80=99 should entirely repl=
ace
=E2=80=98setuid-programs=E2=80=99, right?
I=E2=80=99m a bit unsure about using file capabilities:
1. File capabilities are persistent and less visible than setuid bits
(you won=E2=80=99t see them with =E2=80=9Cls -l=E2=80=9D), so easily o=
verlooked. Could
there be a risk of lingering file capabilities when reconfiguring a
system?
2. How =E2=80=99bout portability to different file systems and to GNU/Hur=
d?
3. What=E2=80=99s the complexity/benefit ratio? :-)
Then there=E2=80=99s the compatibility story with moving from
/run/setuid-programs to /run/privileged-programs etc. that=E2=80=99ll have =
to be
handled with care.
I=E2=80=99m very much sold to the principle of least authority, but I feel =
like
POSIX capabilities (not to be confused with =E2=80=9Cactual=E2=80=9D capabi=
lities) are a
bit of a hack.
Thoughts?
Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Vagrant Cascadian <vagrant@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 24 Mar 2023 04:34:01 +0000
Resent-Message-ID: <handler.61462.B61462.167963242732652 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords:
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Cc: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.167963242732652
(code B ref 61462); Fri, 24 Mar 2023 04:34:01 +0000
Received: (at 61462) by debbugs.gnu.org; 24 Mar 2023 04:33:47 +0000
Received: from localhost ([127.0.0.1]:39637 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1pfZ7a-0008Ua-JG
for submit <at> debbugs.gnu.org; Fri, 24 Mar 2023 00:33:47 -0400
Received: from cascadia.aikidev.net ([173.255.214.101]:42570)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <vagrant@HIDDEN>) id 1pfZ6D-0008SF-U2
for 61462 <at> debbugs.gnu.org; Fri, 24 Mar 2023 00:33:45 -0400
Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:20])
(Authenticated sender: vagrant@HIDDEN)
by cascadia.aikidev.net (Postfix) with ESMTPSA id B88171AC6F;
Thu, 23 Mar 2023 21:32:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org;
s=1.vagrant.user; t=1679632321;
bh=tXtwnCpMDo84rynIJj+21B8ArOyjndaJhNJr7BDtYfw=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
b=DDrQC4tErizMNbrGJkK3wj7wNdJ7PV38D8wWf+6qe9U5EpZGTWaZpGvZX2T8wVmjW
LNBmgEHi1rHori1ddvox3QvaMaSflO3eWcIhSKpJWfha5OLPsc+qcAzdCGyktjpf3N
BoEsD/XAJerssqjgEZzoqLE/eLB3OmNAe8OKYrbX9oCaL0W1AqJzaPEwYk9ZHwq5H8
hBcqFxA1EGZpoJabe63HGRxkObm0RY89gz9Ke9t0AwQ3kGYagIP242AUwkZ5oW5TPk
2KNStcAm14CQXIMa+lP2XM+y33XuwpNswUO6diVKO1Ylw/z9iBKrz2i03VxVom0rJ1
4AUxJsOYGclhA==
From: Vagrant Cascadian <vagrant@HIDDEN>
In-Reply-To: <877cvwsbfk.fsf@HIDDEN>
References: <87r0uuehlr.fsf@nckx> <877cvwsbfk.fsf@HIDDEN>
Date: Thu, 23 Mar 2023 21:31:53 -0700
Message-ID: <87cz4y6a86.fsf@contorta>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
On 2023-03-04, Ludovic Court=C3=A8s wrote:
> Tobias Geerinckx-Rice <me@HIDDEN> skribis:
>
>> I need to offload some of my eternally rebased local patches. Here's
>> one that makes it easy to assign capabilities(7) =E2=80=94 currently thr=
ough
>> setcap(8) =E2=80=94 to programmes like we can set{u,g}id.
>>
>> There are many packages that benefit from this. Mine are:
>>
>> (privileged-programs
>> (cons* (privileged-program
>> (file-append mtr "/sbin/mtr")
>> (capabilities "cap_net_raw+ep"))
>> (privileged-program
>> (file-append nethogs "/sbin/nethogs")
>> (capabilities "cap_net_admin,cap_new_raw+ep"))
>> (privileged-program
>> (file-append light "/bin/light")
>> (setuid? #t))
>> %default-privileged-programs))
>
> Neat!
Agreed! Thanks!
>> I'm quite opinionated about the setuid-programs unification: there
>> should not be multiple confusing and masking layers of privilege, and
>> it should be possible to setgid a capable executable.
>
> So you mean that =E2=80=98privileged-programs=E2=80=99 should entirely re=
place
> =E2=80=98setuid-programs=E2=80=99, right?
>
> I=E2=80=99m a bit unsure about using file capabilities:
>
> 1. File capabilities are persistent and less visible than setuid bits
> (you won=E2=80=99t see them with =E2=80=9Cls -l=E2=80=9D), so easily=
overlooked. Could
> there be a risk of lingering file capabilities when reconfiguring a
> system?
Does reconfigure leave old setuid binaries laying around in
/run/setuid-programs currently? That sounds like leaking state from
previous generations into the current generation, and should be fixed if
it is indeed the case.
Seems like with setuid/setgid and the proposed priviledged binaries, the
setuid/setgid bits and capabilties should be explicitly set on any
defined binaries, and any that are left over in the /run/*-programs
directories should be... forcibly removed! Otherwise your current system
is vulnerable to previous potentially bad choices indefinitely...
Basically, guix system reconfigure should be fastidious and ideally
deterministic with generating and updating /run/*-programs ...
> 2. How =E2=80=99bout portability to different file systems and to GNU/H=
urd?
Currently I *think* /run/setuid-programs is tmpfs (at least on systems I
have used running a linux-libre kernel) ... I do not think this attempts
to change that...; we probably do not need broad filesystem
compatibility, just whatever filesystem /run/*-programs is implemented
on.
And since they are not compatibly with GNU/Hurd, then let us drop
support for x86_64-linux, riscv64-linux, ppc64el-linux, arm64-linux,
etc. ... to make sure things are compatible! :P
In all seriousness though, while I appreciate thinking about broad
compatibility across different types of systems, I am a bit nervous
about an approach that would require features to behave compatibly
across all systems...
...though I suspect you were more getting at "What are the consequences
of implementing this for some other system types?"
> 3. What=E2=80=99s the complexity/benefit ratio? :-)
>
> Then there=E2=80=99s the compatibility story with moving from
> /run/setuid-programs to /run/privileged-programs etc. that=E2=80=99ll hav=
e to be
> handled with care.
I am less opinionated about adding yet another directory to PATH,
although obivously then you get into the weird issues with old $PATH
values laying around (e.g. not getting the new directory added until
logging out or re-loading the running profile)
> I=E2=80=99m very much sold to the principle of least authority, but I fee=
l like
> POSIX capabilities (not to be confused with =E2=80=9Cactual=E2=80=9D capa=
bilities) are a
> bit of a hack.
And setuid/setgid is not a hack? It seems like essentially the same
thing, just with no granularity...
> Thoughts?
There are some things that are just not possible without capabilities,
and setuid/setgid is a dangerous hammer that should be used very
sparingly, if at all, and capabilities are no *worse* that
setuid/setgid, allowing a finer grained set of problems :)
The need for this functionality has come up more than a few times:
https://issues.guix.gnu.org/27415
https://issues.guix.gnu.org/39136
https://issues.guix.gnu.org/55683
And possibly a few others:
https://issues.guix.gnu.org/search?query=3Dsetcap
live well,
vagrant
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZB0nugAKCRDcUY/If5cW
qs9AAQDmHv2X5PEZVmW6X0wGSbqTGP/1lT22DrJGHUnhKJyIMgEA2e2/zzQjDxwd
NUfndSt+0z/GfKibdAv/8tiXvaLuZwU=
=jTL3
-----END PGP SIGNATURE-----
--=-=-=--
Received: (at control) by debbugs.gnu.org; 4 Apr 2023 13:31:50 +0000 From debbugs-submit-bounces <at> debbugs.gnu.org Tue Apr 04 09:31:50 2023 Received: from localhost ([127.0.0.1]:46831 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>) id 1pjglK-0005pc-2e for submit <at> debbugs.gnu.org; Tue, 04 Apr 2023 09:31:50 -0400 Received: from smtpm5.myservices.hosting ([185.26.105.236]:53482) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from <mirai@HIDDEN>) id 1pjglI-0005pT-01 for control <at> debbugs.gnu.org; Tue, 04 Apr 2023 09:31:48 -0400 Received: from mail1.netim.hosting (unknown [185.26.106.173]) by smtpm5.myservices.hosting (Postfix) with ESMTP id 1029020B2C for <control <at> debbugs.gnu.org>; Tue, 4 Apr 2023 15:31:46 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by mail1.netim.hosting (Postfix) with ESMTP id BA8148009B for <control <at> debbugs.gnu.org>; Tue, 4 Apr 2023 15:31:46 +0200 (CEST) X-Virus-Scanned: Debian amavisd-new at mail1.netim.hosting Received: from mail1.netim.hosting ([127.0.0.1]) by localhost (mail1-2.netim.hosting [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id hvqd3Mhg6OHq for <control <at> debbugs.gnu.org>; Tue, 4 Apr 2023 15:31:46 +0200 (CEST) Received: from [192.168.1.239] (unknown [10.192.1.83]) (Authenticated sender: lumen@HIDDEN) by mail1.netim.hosting (Postfix) with ESMTPSA id 6EB0F8009A for <control <at> debbugs.gnu.org>; Tue, 4 Apr 2023 15:31:46 +0200 (CEST) Message-ID: <b1c28681-d877-2cdd-db09-0895fa9a8a72@HIDDEN> Date: Tue, 4 Apr 2023 14:31:42 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.9.1 From: Bruno Victal <mirai@HIDDEN> Subject: control-msg To: control <control <at> debbugs.gnu.org> Content-Language: en-US Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit <at> debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: <debbugs-submit.debbugs.gnu.org> List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe> List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/> List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org> List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help> List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>, <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe> Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org> X-Spam-Score: -1.0 (-) tags 62324 patch tags 61462 patch tags 60788 - pending tags 59971 wishlist tags 51737 patch tags 62624 + security tags 49817 + security # resend control-msg close 37740 quit
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 18 Apr 2023 13:15:02 +0000
Resent-Message-ID: <handler.61462.B61462.168182367211736 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Vagrant Cascadian <vagrant@HIDDEN>
Cc: Tobias Geerinckx-Rice <me@HIDDEN>, 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.168182367211736
(code B ref 61462); Tue, 18 Apr 2023 13:15:02 +0000
Received: (at 61462) by debbugs.gnu.org; 18 Apr 2023 13:14:32 +0000
Received: from localhost ([127.0.0.1]:58143 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1polAF-00033E-G2
for submit <at> debbugs.gnu.org; Tue, 18 Apr 2023 09:14:31 -0400
Received: from eggs.gnu.org ([209.51.188.92]:46950)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1polAC-00032r-1l
for 61462 <at> debbugs.gnu.org; Tue, 18 Apr 2023 09:14:30 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1polA5-00062V-AP; Tue, 18 Apr 2023 09:14:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
From; bh=ss+odpx0z7TOvlSzIVRtQnyeGqLYC8WjzsVyBIuPGh4=; b=Z0J0viJAm0vzO7nRLAWJ
aGa92q4FvLo+N6ivBaMphYLKN8Aie/rofgORDTWFBV5gqp4RJqPo/M0lmbPJxDSPamHSSl/D15j+8
U0Idagklxx8iZamxBdF6T5If+Yp6f8ev1G8N57rrmwVTbTi/lr5okIduiBfov+FCB5Zd4agtN2wXV
L6YPxFGkDn/HrMfHO4Y0P5aN1/xJ3CxbC4KZktkNWIs+7rOFcBCz/nL7Q8OX1DOE6MWuMcN/iyEy9
4/fdld7z5H/RIvmvW2wz9sOOX2scdUXk0dZf87QZaisfXlXv5cNIBcnjB07vPHnLJ+bWwzsjwMwDx
ZnL8QpY7i1dFBQ==;
Received: from [2001:660:6102:320:e120:2c8f:8909:cdfe] (helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1polA4-0002z6-0J; Tue, 18 Apr 2023 09:14:21 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <87r0uuehlr.fsf@nckx> <877cvwsbfk.fsf@HIDDEN>
<87cz4y6a86.fsf@contorta>
Date: Tue, 18 Apr 2023 15:14:16 +0200
In-Reply-To: <87cz4y6a86.fsf@contorta> (Vagrant Cascadian's message of "Thu,
23 Mar 2023 21:31:53 -0700")
Message-ID: <87o7nlwcwn.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi Vagrant & Tobias,
Sorry for the late reply!
Vagrant Cascadian <vagrant@HIDDEN> skribis:
>>> I'm quite opinionated about the setuid-programs unification: there
>>> should not be multiple confusing and masking layers of privilege, and
>>> it should be possible to setgid a capable executable.
>>
>> So you mean that =E2=80=98privileged-programs=E2=80=99 should entirely r=
eplace
>> =E2=80=98setuid-programs=E2=80=99, right?
>>
>> I=E2=80=99m a bit unsure about using file capabilities:
>>
>> 1. File capabilities are persistent and less visible than setuid bits
>> (you won=E2=80=99t see them with =E2=80=9Cls -l=E2=80=9D), so easil=
y overlooked. Could
>> there be a risk of lingering file capabilities when reconfiguring a
>> system?
>
> Does reconfigure leave old setuid binaries laying around in
> /run/setuid-programs currently?
No: =E2=80=98activate-setuid-programs=E2=80=99 first deletes /run/setuid-pr=
ograms/*,
then populates it.
> Seems like with setuid/setgid and the proposed priviledged binaries, the
> setuid/setgid bits and capabilties should be explicitly set on any
> defined binaries, and any that are left over in the /run/*-programs
> directories should be... forcibly removed! Otherwise your current system
> is vulnerable to previous potentially bad choices indefinitely...
Right, so in that sense it=E2=80=99s no different from setuid binaries, oth=
er
than the fact that =E2=80=9Cls -l=E2=80=9D won=E2=80=99t show it.
>> 2. How =E2=80=99bout portability to different file systems and to GNU/=
Hurd?
>
> Currently I *think* /run/setuid-programs is tmpfs
It=E2=80=99s not by default.
[...]
> In all seriousness though, while I appreciate thinking about broad
> compatibility across different types of systems, I am a bit nervous
> about an approach that would require features to behave compatibly
> across all systems...
I guess All I=E2=80=99m saying is that we should keep this in mind.
Perhaps the hypothetical =E2=80=98activate-privileged-programs=E2=80=99 pro=
cedure would
fall back to setuid-root on GNU/Hurd or do some other Hurd-specific
thing. We don=E2=80=99t need to go too far, but we do need to give it some
thought IMO.
>> I=E2=80=99m very much sold to the principle of least authority, but I fe=
el like
>> POSIX capabilities (not to be confused with =E2=80=9Cactual=E2=80=9D cap=
abilities) are a
>> bit of a hack.
>
> And setuid/setgid is not a hack? It seems like essentially the same
> thing, just with no granularity...
That=E2=80=99s right!
> There are some things that are just not possible without capabilities,
> and setuid/setgid is a dangerous hammer that should be used very
> sparingly, if at all, and capabilities are no *worse* that
> setuid/setgid, allowing a finer grained set of problems :)
>
> The need for this functionality has come up more than a few times:
>
> https://issues.guix.gnu.org/27415
> https://issues.guix.gnu.org/39136
> https://issues.guix.gnu.org/55683
Right; thanks for digging the references.
I wouldn=E2=80=99t want to block this change. Tobias, if you=E2=80=99re ar=
ound, let=E2=80=99s
look more closely how we can address Hurd suppot and backward
compatibility.
Thanks,
Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Vagrant Cascadian <vagrant@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 18 Apr 2023 19:40:02 +0000
Resent-Message-ID: <handler.61462.B61462.168184677119470 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: Tobias Geerinckx-Rice <me@HIDDEN>, 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.168184677119470
(code B ref 61462); Tue, 18 Apr 2023 19:40:02 +0000
Received: (at 61462) by debbugs.gnu.org; 18 Apr 2023 19:39:31 +0000
Received: from localhost ([127.0.0.1]:60421 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1porAo-00053y-UE
for submit <at> debbugs.gnu.org; Tue, 18 Apr 2023 15:39:31 -0400
Received: from cascadia.aikidev.net ([173.255.214.101]:35946)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <vagrant@HIDDEN>) id 1porAk-00053f-3u
for 61462 <at> debbugs.gnu.org; Tue, 18 Apr 2023 15:39:30 -0400
Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:20])
(Authenticated sender: vagrant@HIDDEN)
by cascadia.aikidev.net (Postfix) with ESMTPSA id 91FD11AB72;
Tue, 18 Apr 2023 12:39:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org;
s=1.vagrant.user; t=1681846757;
bh=C1b85S6PYFOE3vPc59EPMgqGisN5KxAsS8Gr4GOt02g=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
b=RlLwphfFDQ1IcucvJOSufEAvvOANNJm4D+j83Tj9PuPa+EZ2tNneClf/xkSfZt+Hr
6MuRhIqDHAm2pcmPcN4JfniTgTc4KVNzCjVUR13c7EE+LpiBptqryN/uz9uOlC03XD
gHpJPjYc94pibGaQsQG5HwUxQ36gTBjuz/4GHf7jPAGkLKukJ1WBwLio9mm/KlsBon
YzBLo8tnri7+kLGlWMkUYJ9xZBZ99+XfmFt0dwN1b0IW9AYE5/Go2JEuyLu3CgAz91
ZXEwg05G/Etl9cBPs+ABYwQ1pCSRhCJzsVS6CxAbZqxxivv3CPihRiObalQRSmmDpY
E8Rwse2NOhh4g==
From: Vagrant Cascadian <vagrant@HIDDEN>
In-Reply-To: <87o7nlwcwn.fsf_-_@HIDDEN>
References: <87r0uuehlr.fsf@nckx> <877cvwsbfk.fsf@HIDDEN>
<87cz4y6a86.fsf@contorta> <87o7nlwcwn.fsf_-_@HIDDEN>
Date: Tue, 18 Apr 2023 12:38:53 -0700
Message-ID: <878reprnea.fsf@contorta>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
On 2023-04-18, Ludovic Court=C3=A8s wrote:
> Vagrant Cascadian <vagrant@HIDDEN> skribis:
>
>>>> I'm quite opinionated about the setuid-programs unification: there
>>>> should not be multiple confusing and masking layers of privilege, and
>>>> it should be possible to setgid a capable executable.
>>>
>>> So you mean that =E2=80=98privileged-programs=E2=80=99 should entirely =
replace
>>> =E2=80=98setuid-programs=E2=80=99, right?
>>>
>>> I=E2=80=99m a bit unsure about using file capabilities:
>>>
>>> 1. File capabilities are persistent and less visible than setuid bits
>>> (you won=E2=80=99t see them with =E2=80=9Cls -l=E2=80=9D), so easi=
ly overlooked. Could
>>> there be a risk of lingering file capabilities when reconfiguring a
>>> system?
>>
>> Does reconfigure leave old setuid binaries laying around in
>> /run/setuid-programs currently?
>
> No: =E2=80=98activate-setuid-programs=E2=80=99 first deletes /run/setuid-=
programs/*,
> then populates it.
Good!
>> Seems like with setuid/setgid and the proposed priviledged binaries, the
>> setuid/setgid bits and capabilties should be explicitly set on any
>> defined binaries, and any that are left over in the /run/*-programs
>> directories should be... forcibly removed! Otherwise your current system
>> is vulnerable to previous potentially bad choices indefinitely...
>
> Right, so in that sense it=E2=80=99s no different from setuid binaries, o=
ther
> than the fact that =E2=80=9Cls -l=E2=80=9D won=E2=80=99t show it.
That aspect seems fixable with documentation in the simplest case of how
to show that /run/*-programs contains the correct permissions, e.g a
brief mention of "getcap" to show the capabilities.
The most fancy case I quickly think of might be "guix system
list-privledged-programs" or some such that would display all the
various privledges (setuid, setgid, capabilities, etc.) on each of the
binaries in /run/*-programs? But probably overkill...
>>> 2. How =E2=80=99bout portability to different file systems and to GNU=
/Hurd?
>>
>> Currently I *think* /run/setuid-programs is tmpfs
>
> It=E2=80=99s not by default.
Huh, could have sworn on all my guix systems that /run was on tmpfs by
default, and I did not knowingly do anything special to change that...
>> In all seriousness though, while I appreciate thinking about broad
>> compatibility across different types of systems, I am a bit nervous
>> about an approach that would require features to behave compatibly
>> across all systems...
>
> I guess All I=E2=80=99m saying is that we should keep this in mind.
>
> Perhaps the hypothetical =E2=80=98activate-privileged-programs=E2=80=99 p=
rocedure would
> fall back to setuid-root on GNU/Hurd or do some other Hurd-specific
> thing. We don=E2=80=99t need to go too far, but we do need to give it so=
me
> thought IMO.
If it cannot properly set the capabilities, then it should not assume
setuid-root is an ok fallback; it should instead most definitely just
fail!
At least the case I am most familiar with, lcsync, it really should not
run as setuid-root, as that effectively allows anyone to modify or copy
any file as root. Although, likely Hurd limits the impacts of setuid
root in ways I do not understand?
Even then, I still think if you ask for something in your guix system
configuration, and it cannot deliver what you asked for, it should not
give you something else as an approximation of what you wanted. Maybe
that is a strict interpretation of an ideal, and reality is much harder
than that. :)
live well,
vagrant
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZD7xzgAKCRDcUY/If5cW
qpTcAQD7bHTdztr6FrMwL+B4RpAKV1Kv5Bjy6G+4wl1y3PZqCQD9EIvDWiCriD7D
yFokFCodzmxTuBfilPW8lrQ6mR/LAgc=
=dxnf
-----END PGP SIGNATURE-----
--=-=-=--
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 20 Apr 2023 10:34:02 +0000
Resent-Message-ID: <handler.61462.B61462.168198681822993 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Vagrant Cascadian <vagrant@HIDDEN>
Cc: Tobias Geerinckx-Rice <me@HIDDEN>, 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.168198681822993
(code B ref 61462); Thu, 20 Apr 2023 10:34:02 +0000
Received: (at 61462) by debbugs.gnu.org; 20 Apr 2023 10:33:38 +0000
Received: from localhost ([127.0.0.1]:36696 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1ppRbd-0005yn-Kq
for submit <at> debbugs.gnu.org; Thu, 20 Apr 2023 06:33:37 -0400
Received: from eggs.gnu.org ([209.51.188.92]:45158)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1ppRbb-0005yW-M6
for 61462 <at> debbugs.gnu.org; Thu, 20 Apr 2023 06:33:36 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1ppRbV-0006ud-P9; Thu, 20 Apr 2023 06:33:29 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
From; bh=npYRHYg8M+njJT9KlC8N2js7zKT21K/tBjaO9lOGuhc=; b=rE/oAcM0bOG5nsiEJJdR
u2APwkoBwvlbQY4uvHVcIe2Y/bCTYzCBzJLuJK+X0HIfU9/TeVmIskkUGVFNmdrrRVJRDvNW6WeSg
vVs8kD7H87dfHWN2D98vGg2206NnG0WymQOy9AEx+pzyojnFpBc4QPYBY8vLxqtilmOBofyt8TS+u
2UNi/Xb3XP3NJGGJGwgnYRj9wkjXeUmL+qJBJ5IB4BYshyI+IKcHOYDpoR5NRtKssWXv085xS8HgV
FvE9E/kV3dofu7ikV1WvzUZWBzTs4j+yhDsrnqoi/ZOnQZS/V+1x8eZnYYVM+VpnBm+lCPYGni9j+
nF2PVIPbt9RiWg==;
Received: from [193.50.110.118] (helo=ribbon)
by fencepost.gnu.org with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1ppRbV-0001vE-2M; Thu, 20 Apr 2023 06:33:29 -0400
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <87r0uuehlr.fsf@nckx> <877cvwsbfk.fsf@HIDDEN>
<87cz4y6a86.fsf@contorta> <87o7nlwcwn.fsf_-_@HIDDEN>
<878reprnea.fsf@contorta>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: Primidi 1 =?UTF-8?Q?Flor=C3=A9al?= an 231 de la
=?UTF-8?Q?R=C3=A9volution,?= jour de la Rose
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Thu, 20 Apr 2023 12:33:27 +0200
In-Reply-To: <878reprnea.fsf@contorta> (Vagrant Cascadian's message of "Tue,
18 Apr 2023 12:38:53 -0700")
Message-ID: <878remvo5k.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hi,
Vagrant Cascadian <vagrant@HIDDEN> skribis:
> At least the case I am most familiar with, lcsync, it really should not
> run as setuid-root, as that effectively allows anyone to modify or copy
> any file as root. Although, likely Hurd limits the impacts of setuid
> root in ways I do not understand?
There are many more things that can be done on the Hurd without being
root. So I don=E2=80=99t know, maybe we can ignore the issue for now and s=
imply
make sure that the defaults work for the Hurd.
> Even then, I still think if you ask for something in your guix system
> configuration, and it cannot deliver what you asked for, it should not
> give you something else as an approximation of what you wanted.
Yeah, you=E2=80=99re right that an approximation could be risky=E2=80=A6
Thanks,
Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH v2 01/10] system: Disallow file-like setuid-programs.
References: <87r0uuehlr.fsf@nckx>
In-Reply-To: <87r0uuehlr.fsf@nckx>
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 20 Jul 2023 20:43:01 +0000
Resent-Message-ID: <handler.61462.B61462.16898857271953 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.16898857271953
(code B ref 61462); Thu, 20 Jul 2023 20:43:01 +0000
Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:07 +0000
Received: from localhost ([127.0.0.1]:60032 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qMaTO-0000VK-VM
for submit <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:07 -0400
Received: from tobias.gr ([80.241.217.52]:36824)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1qMaTN-0000V4-3T
for 61462 <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=vnOwixCqc40Cj
EZZSwQq+Us9UMR4v2cKqqgUa9N7wfk=; h=date:subject:to:from;
d=tobias.gr;
b=ZDnqFDVqfoBrsefygn1ilv5s+tfYwmeddiUc2W/qtD+LZFZOEtzice734MDUExbfZmgT
u0nDoWdM53bkK2wDgSjjl0iuSoG+et3Fm1GMw8xOZ3lIOUclgcMm6lAsvZCn20mI3wl1cP
i7WsRDTjkyN1dqqlTF08QFQZK5niZvvOrL3g7IfJR44v6uMLXP3lU+ZsH4VP7lCS8wY4kG
mAAihMsLmBTXDjwzeI6q+0PZiaHzdrVCAHRItd+BjQgt1JUhFl5rknTIHxGUTCxzZeJgj2
k1XaO9yiql2eJnIfW1ynS7+0FJuxKrPU82uTMKkTsRJ92amKjHC2PeMJBguna1vQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 514093f5
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Thu, 20 Jul 2023 20:41:47 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 16 Jul 2023 01:59:51 +0200
Message-ID: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
X-Mailer: git-send-email 2.41.0
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: It has been a warning for well over a year now. Now, with
privileged-programs coming, don't let's support nested deprecation hacks.
* gnu/system.scm (<operating-system>): Don't =?UTF-8?Q?=E2=80=98sanitize=E2=80=99?= the setuid-programs
field. (ensure-setuid-program-list): Delete syntax. (%ensure-setuid-program-list):
Delete variable. ---
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: It has been a warning for well over a year now. Now, with
privileged-programs coming, don't let's support nested deprecation hacks.
* gnu/system.scm (<operating-system>): Don't =?UTF-8?Q?=E2=80=98sanitize=E2=80=99?= the setuid-programs
field. (ensure-setuid-program-list): Delete syntax. (%ensure-setuid-program-list):
Delete variable. ---
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
It has been a warning for well over a year now. Now, with
privileged-programs coming, don't let's support nested deprecation
hacks.
* gnu/system.scm (<operating-system>):
Don't ‘sanitize’ the setuid-programs field.
(ensure-setuid-program-list): Delete syntax.
(%ensure-setuid-program-list): Delete variable.
---
This is a quick snapshot of my rebased tree at the request of vagrantc.
There shouldn't be any functional changes. If there are, that's cool too.
gnu/system.scm | 28 +---------------------------
1 file changed, 1 insertion(+), 27 deletions(-)
diff --git a/gnu/system.scm b/gnu/system.scm
index 23addf41e9..e32879b240 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -296,8 +296,7 @@ (define-record-type* <operating-system> operating-system
(pam-services operating-system-pam-services ; list of PAM services
(default (base-pam-services)))
(setuid-programs operating-system-setuid-programs
- (default %setuid-programs) ; list of <setuid-program>
- (sanitize ensure-setuid-program-list))
+ (default %setuid-programs)) ; list of <setuid-program>
(sudoers-file operating-system-sudoers-file ; file-like
(default %sudoers-specification))
@@ -1203,31 +1202,6 @@ (define (operating-system-environment-variables os)
;; when /etc/machine-id is missing. Make sure these warnings are non-fatal.
("DBUS_FATAL_WARNINGS" . "0")))
-;; Ensure LST is a list of <setuid-program> records and warn otherwise.
-(define-with-syntax-properties (ensure-setuid-program-list (lst properties))
- (%ensure-setuid-program-list lst properties))
-
-;; We want to be able to use defines, so define a procedure.
-(define (%ensure-setuid-program-list lst properties)
- (define warned? #f)
-
- (define (warn-once)
- (unless warned?
- (warning (source-properties->location properties)
- (G_ "representing setuid programs with file-like objects is \
-deprecated; use 'setuid-program' instead~%"))
- (set! warned? #t)))
-
- (map (match-lambda
- ((? setuid-program? program)
- program)
- (program
- ;; PROGRAM is a file-like or a gexp like #~(string-append #$foo
- ;; "/bin/bar").
- (warn-once)
- (setuid-program (program program))))
- lst))
-
(define %setuid-programs
;; Default set of setuid-root programs.
(let ((shadow (@ (gnu packages admin) shadow)))
base-commit: 21b718f4d6c3ded8ef50d12f6e9ae6474f74620f
prerequisite-patch-id: efc79914a4e3e994a8786e02774237de36f6b105
prerequisite-patch-id: 1986dc849c15ae6c1502df25f9c17b53a02df83d
prerequisite-patch-id: bb189cbd1346b0d00e9b79189155c9916731788b
prerequisite-patch-id: 062a02ed88acf0f11c5895b67065faa55d71fae8
prerequisite-patch-id: 2eea585e7940a16c24baeed3b65a123b1b10fd6b
prerequisite-patch-id: 31a3407b0c583d01cc2664168ec6cf499f10cb53
prerequisite-patch-id: a0566799f4aef296a3efcd228c3a223202662f86
prerequisite-patch-id: cd50cb9494a47433c7fd167729e239178c78d7f1
prerequisite-patch-id: e86e94b9a40613e3ce534ce778d027210b93b05a
prerequisite-patch-id: c7068d2079b3d2f0f172cc4cf9e0791ff5e84da3
prerequisite-patch-id: b52b35693094914ea1962ac2f186a52617d38c8a
prerequisite-patch-id: b2bdf5541825c9cd57d2fe3e3e9a90e5fc8ffbe6
prerequisite-patch-id: f085c8ee7c7f1d0250b0ed8a548a72d397d96056
prerequisite-patch-id: 49c8f3f912d24147362a3a874c2b2c0b4b182d5d
prerequisite-patch-id: 1f0fc1ca1a40444f4831beaf3183d7d4f866fd6d
prerequisite-patch-id: 8c69acfe3cb01ff3c0a46a2efe04b53ad063002d
prerequisite-patch-id: 10f972ac75020ce096d83b53a68a3b2f1eba1c8c
prerequisite-patch-id: 74586b82a25b775527adc7e8cf09b15bdb4850f7
prerequisite-patch-id: 7388ac8d395ef16830105026230e47d903026335
prerequisite-patch-id: 2c7df330bf50663218016e01b9c0922a6b3a001f
prerequisite-patch-id: f45ec5e6d6023fc5538e1578bbb4e270d7b23baf
prerequisite-patch-id: 0083d0b8d60fd0e526449cd192f153d0bd1bde0b
prerequisite-patch-id: 7e6e4ab87b52996e9bb6cd8595889f21ba87e9fe
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH v2 03/10] system: Use /run/privileged/bin in search paths.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 20 Jul 2023 20:43:02 +0000
Resent-Message-ID: <handler.61462.B61462.16898857332002 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.16898857332002
(code B ref 61462); Thu, 20 Jul 2023 20:43:02 +0000
Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:13 +0000
Received: from localhost ([127.0.0.1]:60044 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qMaTU-0000WC-FU
for submit <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:13 -0400
Received: from tobias.gr ([80.241.217.52]:36824)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1qMaTO-0000V4-C2
for 61462 <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:06 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=MeCDTHfC0daZ8
5fKkZ2GxjWavigkWvv+J33ULNyVxTo=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=Cod5h3arcBD9Z7vMrp2ds7W/eypdb+A6yUC31O
3NEzNoiV32kPrmXzYTs/9KLT85UmalZKPJCRYn2VYcWG95teIg2RjJaDE3o957CDbCIm77
49pWFq4S/ZF1Zs6K6GmBJxKWbk0daauP1LOHGhJAQ7bU811CryVTLIHul3MMartFAqoPmN
8HD4wCie7ZvKYHgSjgpHN4wdgOjqg+ywj/svIGH/hsGjJPewla6Xliz+uBXjNKy/nUWK6r
Q5dJmObPz6CXRWxsz+boQRnAAZuAJOoFrmXEWZtyq8ZmvCmKVhUO+Z+ddeeAnXjpvjVrkT
kmkDusPKZ2V0VY5rcqiAKzrQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 3549850a
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Thu, 20 Jul 2023 20:41:48 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 16 Jul 2023 01:59:53 +0200
Message-ID: <0600bad063dc787892f74e148755532d25e61257.1689465600.git.me@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system.scm (operating-system-etc-service): Substitute
/run/privileged/bin for deprecated /run/setuid-programs. --- gnu/system.scm
| 8 ++++---- 1 file changed, 4 insertions(+),
4 deletions(-) diff --git a/gnu/system.scm
b/gnu/system.scm index e32879b240..b68c4d272b 100644 --- a/gnu/system.scm
+++ b/gnu/system.scm @@ -985, 10 +985,
10 @@ (define* (operating-system-etc-service
os) (plain-file [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date -0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system.scm (operating-system-etc-service): Substitute
/run/privileged/bin for deprecated /run/setuid-programs. --- gnu/system.scm
| 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/gnu/system.scm
b/gnu/system.scm index e32879b240..b68c4d272b 100644 --- a/gnu/system.scm
+++ b/gnu/system.scm @@ -985,10 +985,10 @@ (define* (operating-system-etc-service
os) (plain-file [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/system.scm (operating-system-etc-service):
Substitute /run/privileged/bin for deprecated /run/setuid-programs.
---
gnu/system.scm | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/gnu/system.scm b/gnu/system.scm
index e32879b240..b68c4d272b 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -985,10 +985,10 @@ (define* (operating-system-etc-service os)
(plain-file "login.defs"
(string-append
"# Default paths for non-login shells started by su(1).\n"
- "ENV_PATH /run/setuid-programs:"
+ "ENV_PATH /run/privileged/bin:"
"/run/current-system/profile/bin:"
"/run/current-system/profile/sbin\n"
- "ENV_SUPATH /run/setuid-programs:"
+ "ENV_SUPATH /run/privileged/bin:"
"/run/current-system/profile/bin:"
"/run/current-system/profile/sbin\n"
@@ -1051,8 +1051,8 @@ (define* (operating-system-etc-service os)
fi
done
-# Prepend setuid programs.
-export PATH=/run/setuid-programs:$PATH
+# Prepend privileged programs.
+export PATH=/run/privileged/bin:$PATH
# Arrange so that ~/.config/guix/current/share/info comes first.
export INFOPATH=\"$HOME/.config/guix/current/share/info:$INFOPATH\"
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH v2 02/10] services: setuid-program: Populate /run/privileged/bin.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 20 Jul 2023 20:43:02 +0000
Resent-Message-ID: <handler.61462.B61462.16898857342010 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.16898857342010
(code B ref 61462); Thu, 20 Jul 2023 20:43:02 +0000
Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:14 +0000
Received: from localhost ([127.0.0.1]:60046 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qMaTV-0000WF-Bt
for submit <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:13 -0400
Received: from tobias.gr ([2a02:c205:2020:6054::1]:51548)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1qMaTO-0000V6-08
for 61462 <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=zQ7n98Zu4iZJf
qQlpyjTH+lcrgZkw69P+WJewcLh18w=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=Zyrp39uUeQ/YOuXezxhyoUNkxsByX55MvRrMlg
ajU9az75w2iv9rQo3ENpPt4WWvcWIbGAlgrUTo+0+tteFG8JtasBoWZdwk97GeANZyS+kU
PpfwpQIJ9TxHw8odKVkBKce+oiGIK5fSxNiL+iS+uoy05/QvjSaTSxJ0jeGbNb657yfCkc
e8z61ODgLrlc8fALoYQ9NvFxC1qtzi8y2mZwmGKzlUdgsxUljlLQy2pBA8f9sD8EixKF6X
THl9dtPIQBdv3Ggu9EeChi929mVvzmglzhbhFV8o2Gl4pCgJ8f26etqMeV3xjlgTrx4W8E
pHv9LppW/W3zH/8r3SKGBXOA==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id c653cf7c
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Thu, 20 Jul 2023 20:41:48 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 16 Jul 2023 01:59:52 +0200
Message-ID: <482841db32bd1baf69af0a09705bd387ed04e346.1689465600.git.me@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Create /run/setuid-programs compatibility symlinks so that
we can migrate all users (both package and human) piecemeal at our leisure.
Apart from being symlinks, this should be a user-invisible change.
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date -0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: Create /run/setuid-programs compatibility symlinks so that
we can migrate all users (both package and human) piecemeal at our leisure.
Apart from being symlinks, this should be a user-invisible change.
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
Create /run/setuid-programs compatibility symlinks so that we can
migrate all users (both package and human) piecemeal at our leisure.
Apart from being symlinks, this should be a user-invisible change.
* gnu/build/activation.scm (%privileged-program-directory): New variable.
[activate-setuid-programs]: Put privileged copies in
%PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in
%SETUID-DIRECTORY.
* gnu/services.scm (setuid-program-service-type): Update docstring.
* doc/guix.texi (Setuid Programs): Update @file{} name accordingly.
---
doc/guix.texi | 2 +-
gnu/build/activation.scm | 54 ++++++++++++++++++++++++++--------------
gnu/services.scm | 9 +++++--
3 files changed, 44 insertions(+), 21 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 1d8ebcd72f..9426c72e1e 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -39383,7 +39383,7 @@ Setuid Programs
@end defvar
Under the hood, the actual setuid programs are created in the
-@file{/run/setuid-programs} directory at system activation time. The
+@file{/run/privileged/bin} directory at system activation time. The
files in this directory refer to the ``real'' binaries, which are in the
store.
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index eea2233563..7f4800bba1 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -8,6 +8,7 @@
;;; Copyright © 2021 Maxime Devos <maximedevos@HIDDEN>
;;; Copyright © 2020 Christine Lemmer-Webber <cwebber@HIDDEN>
;;; Copyright © 2021 Brice Waegeneire <brice@HIDDEN>
+;;; Copyright © 2022 Tobias Geerinckx-Rice <me@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -278,14 +279,29 @@ (define (activate-etc etc)
string<?)))
(define %setuid-directory
- ;; Place where setuid programs are stored.
+ ;; Place where setuid programs used to be stored. It exists for backwards
+ ;; compatibility & will be removed. Use %PRIVILEGED-PROGRAM-DIRECTORY instead.
"/run/setuid-programs")
+(define %privileged-program-directory
+ ;; Place where privileged copies of programs are stored.
+ "/run/privileged/bin")
+
(define (activate-setuid-programs programs)
- "Turn PROGRAMS, a list of file setuid-programs record, into setuid programs
-stored under %SETUID-DIRECTORY."
- (define (make-setuid-program program setuid? setgid? uid gid)
- (let ((target (string-append %setuid-directory
+ "Turn PROGRAMS, a list of file setuid-programs records, into privileged
+copies stored under %PRIVILEGED-PROGRAM-DIRECTORY."
+ (define (ensure-empty-directory directory)
+ (if (file-exists? directory)
+ (for-each (compose delete-file
+ (cut string-append directory "/" <>))
+ (scandir directory
+ (lambda (file)
+ (not (member file '("." ".."))))
+ string<?))
+ (mkdir-p directory)) )
+
+ (define (make-privileged-program program setuid? setgid? uid gid)
+ (let ((target (string-append %privileged-program-directory
"/" (basename program)))
(mode (+ #o0555 ; base permissions
(if setuid? #o4000 0) ; setuid bit
@@ -294,16 +310,17 @@ (define (activate-setuid-programs programs)
(chown target uid gid)
(chmod target mode)))
- (format #t "setting up setuid programs in '~a'...~%"
- %setuid-directory)
- (if (file-exists? %setuid-directory)
- (for-each (compose delete-file
- (cut string-append %setuid-directory "/" <>))
- (scandir %setuid-directory
- (lambda (file)
- (not (member file '("." ".."))))
- string<?))
- (mkdir-p %setuid-directory))
+ (define (make-deprecated-wrapper program)
+ ;; This will eventually become a script that warns on usage, then vanish.
+ (symlink (string-append %privileged-program-directory
+ "/" (basename program))
+ (string-append %setuid-directory
+ "/" (basename program))))
+
+ (format #t "setting up privileged programs in '~a'...~%"
+ %privileged-program-directory)
+ (ensure-empty-directory %privileged-program-directory)
+ (ensure-empty-directory %setuid-directory)
(for-each (lambda (program)
(catch 'system-error
@@ -319,11 +336,12 @@ (define (activate-setuid-programs programs)
(gid (match group
((? string?) (group:gid (getgrnam group)))
((? integer?) group))))
- (make-setuid-program program-name setuid? setgid? uid gid)))
+ (make-privileged-program program-name setuid? setgid? uid gid)
+ (make-deprecated-wrapper program-name)))
(lambda args
;; If we fail to create a setuid program, better keep going
- ;; so that we don't leave %SETUID-DIRECTORY empty or
- ;; half-populated. This can happen if PROGRAMS contains
+ ;; so that we don't leave %PRIVILEGED-PROGRAM-DIRECTORY empty
+ ;; or half-populated. This can happen if PROGRAMS contains
;; incorrect file names: <https://bugs.gnu.org/38800>.
(format (current-error-port)
"warning: failed to make ~s setuid/setgid: ~a~%"
diff --git a/gnu/services.scm b/gnu/services.scm
index 109e050a23..eefe58b336 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -6,6 +6,7 @@
;;; Copyright © 2021 raid5atemyhomework <raid5atemyhomework@HIDDEN>
;;; Copyright © 2020 Christine Lemmer-Webber <cwebber@HIDDEN>
;;; Copyright © 2020, 2021 Brice Waegeneire <brice@HIDDEN>
+;;; Copyright © 2022 Tobias Geerinckx-Rice <me@HIDDEN>
;;; Copyright © 2023 Brian Cully <bjc@HIDDEN>
;;;
;;; This file is part of GNU Guix.
@@ -892,8 +893,12 @@ (define setuid-program-service-type
(extend (lambda (config extensions)
(append config extensions)))
(description
- "Populate @file{/run/setuid-programs} with the specified
-executables, making them setuid and/or setgid.")))
+ "Copy the specified executables to @file{/run/privileged/bin}
+and apply special privileges like setuid and/or setgid.
+
+The deprecated @file{/run/setuid-programs} directory is also populated with
+symbolic links to their @file{/run/privileged/bin} counterpart. It will be
+removed in a future Guix release.")))
(define (packages->profile-entry packages)
"Return a system entry for the profile containing PACKAGES."
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH v2 05/10] system: Add (gnu system privilege).
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 20 Jul 2023 20:43:03 +0000
Resent-Message-ID: <handler.61462.B61462.16898857342017 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.16898857342017
(code B ref 61462); Thu, 20 Jul 2023 20:43:03 +0000
Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:14 +0000
Received: from localhost ([127.0.0.1]:60048 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qMaTW-0000WN-1f
for submit <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:14 -0400
Received: from tobias.gr ([80.241.217.52]:53738)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1qMaTP-0000VG-Fl
for 61462 <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=fFenzCyWp34FY
vC8s/VDuQRGKfgCWhC8SnolL/VRzVE=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=G/qmkX6NHtjyuZkTxBDo/JmxmMoeCQgBrm5kAx
fc0x9LjQq7LoP1dgmvSbndSHPTYxc5G7t85lEXVhxdpZi7iiLnq70KL6+TKAXwSsJcsYUH
Ff8CH/kVQzgihYGKsjBygWRAJBnwhXCDnbkefpsLmWw2kIoWzQ5+GJskGcyPB1r1y67/63
8G/BXsBHDcF2lG2GtAVg72pcjmZz31OUyg+Tf3+qmrV4i+vuCWbko3xqQ0dUl+xNnWcHll
IQpArR+qVMwsU9hAjoOj4JlETrzqcYCOBog6PR7qppFqnzFt23ePVeVRUTB0xK0BuxMOKw
6a9HX7luxPPjHKrX5xjv7hxQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 295c9a2a
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Thu, 20 Jul 2023 20:41:49 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 16 Jul 2023 01:59:55 +0200
Message-ID: <05b635bc74e8f726f03242a05a3007336fb29522.1689465600.git.me@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system/privilege.scm: New file. * gnu/local.mk
(GNU_SYSTEM_MODULES):
Add it. --- gnu/local.mk | 1 + gnu/system/privilege.scm | 58
++++++++++++++++++++++++++++++++++++++++
2 files changed, 59 ins [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date -0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system/privilege.scm: New file. * gnu/local.mk (GNU_SYSTEM_MODULES):
Add it. --- gnu/local.mk | 1 + gnu/system/privilege.scm | 58 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 59 ins [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/system/privilege.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
---
gnu/local.mk | 1 +
gnu/system/privilege.scm | 58 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 59 insertions(+)
create mode 100644 gnu/system/privilege.scm
diff --git a/gnu/local.mk b/gnu/local.mk
index f10713f126..49298ff0ad 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -733,6 +733,7 @@ GNU_SYSTEM_MODULES = \
%D%/system/mapped-devices.scm \
%D%/system/nss.scm \
%D%/system/pam.scm \
+ %D%/system/privilege.scm \
%D%/system/setuid.scm \
%D%/system/shadow.scm \
%D%/system/uuid.scm \
diff --git a/gnu/system/privilege.scm b/gnu/system/privilege.scm
new file mode 100644
index 0000000000..d89d5d5d1c
--- /dev/null
+++ b/gnu/system/privilege.scm
@@ -0,0 +1,58 @@
+;;; GNU Guix --- Functional package management for GNU
+;;; Copyright © 2021 Brice Waegeneire <brice@HIDDEN>
+;;; Copyright © 2022 Tobias Geerinckx-Rice <me@HIDDEN>
+;;;
+;;; This file is part of GNU Guix.
+;;;
+;;; GNU Guix is free software; you can redistribute it and/or modify it
+;;; under the terms of the GNU General Public License as published by
+;;; the Free Software Foundation; either version 3 of the License, or (at
+;;; your option) any later version.
+;;;
+;;; GNU Guix is distributed in the hope that it will be useful, but
+;;; WITHOUT ANY WARRANTY; without even the implied warranty of
+;;; MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+;;; GNU General Public License for more details.
+;;;
+;;; You should have received a copy of the GNU General Public License
+;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
+
+(define-module (gnu system privilege)
+ #:use-module (guix records)
+ #:export (privileged-program
+ privileged-program?
+ privileged-program-program
+ privileged-program-setuid?
+ privileged-program-setgid?
+ privileged-program-user
+ privileged-program-group
+ privileged-program-capabilities))
+
+;;; Commentary:
+;;;
+;;; Data structures representing privileged programs: binaries with additional
+;;; permissions such as setuid/setgid, or POSIX capabilities. This is meant to
+;;; be used both on the host side and at run time--e.g., in activation snippets.
+;;;
+;;; Code:
+
+(define-record-type* <privileged-program>
+ privileged-program make-privileged-program
+ privileged-program?
+ ;; File name of the program to assign elevated privileges.
+ (program privileged-program-program) ;file-like
+ ;; Whether to set the setuid (‘set user ID’) bit.
+ (setuid? privileged-program-setuid? ;boolean
+ (default #f))
+ ;; Whether to set the setgid (‘set group ID’) bit.
+ (setgid? privileged-program-setgid? ;boolean
+ (default #f))
+ ;; The user name or ID this should be set to (defaults to root's).
+ (user privileged-program-user ;integer or string
+ (default 0))
+ ;; The group name or ID we want to set this to (defaults to root's).
+ (group privileged-program-group ;integer or string
+ (default 0))
+ ;; POSIX capabilities in cap_from_text(3) form (defaults to #f: none).
+ (capabilities privileged-program-capabilities ;string or #f
+ (default #f)))
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH v2 06/10] system: (gnu system setuid) wraps (gnu system privilege).
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 20 Jul 2023 20:43:03 +0000
Resent-Message-ID: <handler.61462.B61462.16898857352024 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.16898857352024
(code B ref 61462); Thu, 20 Jul 2023 20:43:03 +0000
Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:15 +0000
Received: from localhost ([127.0.0.1]:60050 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qMaTW-0000WU-Hd
for submit <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:14 -0400
Received: from tobias.gr ([2a02:c205:2020:6054::1]:51548)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1qMaTP-0000V6-FL
for 61462 <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:08 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=r4xj+47xf/BPp
ZvWT3kGAqdgBx4AagTfmDZIYmdqEzc=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=AZ1fr7P4rO10zJFtjyhCWD4btAJh6kiWmAgS4m
c1Kx66KBdUt5ICYeGdj7dBsb75cy7Y/n8UTbFneLo1Ve3r4xDrlk+vfrAWf4AEsBl4oLiv
mELJXnGADvTjTm8i8tTDBiuucsPGyc+IS7OR9I4uOlVGSdHZzjN8USb17fgj4StSwrO3mq
J9rjO43lC0S/MfMH4VlU/MUgnmtzhxtys6nLxQh4+T6t5HUjKXVIsQQarxQ0Xk6ZwYicxd
AfcIXeiW+fbJEDNn7INOyRucd9FOL2QMcf7+uuXx+BQvgnzc32hLLqk1K1EVaRLh5g0eWz
xH4tEeqZ2LNxUsGc6aWnRugw==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 33c1bad8
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Thu, 20 Jul 2023 20:41:49 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 16 Jul 2023 01:59:56 +0200
Message-ID: <d17ee82cabcb73e7887b9cf60dbb5463a308468c.1689465600.git.me@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system/setuid.scm (setuid-program): Rewrite as syntax
to create a <privileged-program> record that is setuid by default.
(setuid-program?,
setuid-program-program, setuid-program-setuid?) (setuid [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date -0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system/setuid.scm (setuid-program): Rewrite as syntax
to create a <privileged-program> record that is setuid by default. (setuid-program?,
setuid-program-program, setuid-program-setuid?) (setuid [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/system/setuid.scm (setuid-program): Rewrite as syntax to create a
<privileged-program> record that is setuid by default.
(setuid-program?, setuid-program-program, setuid-program-setuid?)
(setuid-program-setgid?, setuid-program-user, setuid-program-group):
Alias their privileged-program equivalent.
---
gnu/system/setuid.scm | 44 +++++++++++++++++++++++--------------------
1 file changed, 24 insertions(+), 20 deletions(-)
diff --git a/gnu/system/setuid.scm b/gnu/system/setuid.scm
index 83111d932c..4dd0cc8962 100644
--- a/gnu/system/setuid.scm
+++ b/gnu/system/setuid.scm
@@ -1,5 +1,6 @@
;;; GNU Guix --- Functional package management for GNU
;;; Copyright © 2021 Brice Waegeneire <brice@HIDDEN>
+;;; Copyright © 2022 Tobias Geerinckx-Rice <me@HIDDEN>
;;;
;;; This file is part of GNU Guix.
;;;
@@ -17,7 +18,9 @@
;;; along with GNU Guix. If not, see <http://www.gnu.org/licenses/>.
(define-module (gnu system setuid)
- #:use-module (guix records)
+ #:use-module (gnu system privilege)
+ #:use-module (ice-9 match)
+ #:use-module (srfi srfi-1)
#:export (setuid-program
setuid-program?
setuid-program-program
@@ -30,28 +33,29 @@ (define-module (gnu system setuid)
;;; Commentary:
;;;
-;;; Data structures representing setuid/setgid programs. This is meant to be
-;;; used both on the host side and at run time--e.g., in activation snippets.
+;;; Do not use this module in new code. It used to define data structures
+;;; representing setuid/setgid programs, but is now a mere compatibility shim
+;;; wrapping a subset of (gnu system privilege).
;;;
;;; Code:
-(define-record-type* <setuid-program>
- setuid-program make-setuid-program
- setuid-program?
- ;; Path to program to link with setuid permissions
- (program setuid-program-program) ;file-like
- ;; Whether to set user setuid bit
- (setuid? setuid-program-setuid? ;boolean
- (default #t))
- ;; Whether to set group setgid bit
- (setgid? setuid-program-setgid? ;boolean
- (default #f))
- ;; The user this should be set to (defaults to root)
- (user setuid-program-user ;integer or string
- (default 0))
- ;; Group we want to set this to (defaults to root)
- (group setuid-program-group ;integer or string
- (default 0)))
+(define-syntax setuid-program
+ (lambda (fields)
+ (syntax-case fields ()
+ ((_ (field value) ...)
+ #`(privileged-program
+ (setuid? (match (assoc-ref '((field value) ...) 'setuid?)
+ ((#f) #f)
+ (_ #t)))
+ #,@(remove (match-lambda ((f _) (eq? (syntax->datum f) 'setuid?)))
+ #'((field value) ...)))))))
+
+(define setuid-program? privileged-program?)
+(define setuid-program-program privileged-program-program)
+(define setuid-program-setuid? privileged-program-setuid?)
+(define setuid-program-setgid? privileged-program-setgid?)
+(define setuid-program-user privileged-program-user)
+(define setuid-program-group privileged-program-group)
(define (file-like->setuid-program program)
(setuid-program (program program)))
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH v2 04/10] gnu: Replace (almost) all uses of /run/setuid-programs.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: leo@HIDDEN, liliana.prikler@HIDDEN, maxim.cournoyer@HIDDEN, rg@HIDDEN, me@HIDDEN, guix-patches@HIDDEN
Resent-Date: Thu, 20 Jul 2023 20:43:04 +0000
Resent-Message-ID: <handler.61462.B61462.16898857362032 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 61462 <at> debbugs.gnu.org
Cc: Leo Famulari <leo@HIDDEN>, Liliana Marie Prikler <liliana.prikler@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>, Raghav Gururajan <rg@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
X-Debbugs-Original-Xcc: Leo Famulari <leo@HIDDEN>, Liliana Marie Prikler <liliana.prikler@HIDDEN>, Maxim Cournoyer <maxim.cournoyer@HIDDEN>, Raghav Gururajan <rg@HIDDEN>, Tobias Geerinckx-Rice <me@HIDDEN>
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.16898857362032
(code B ref 61462); Thu, 20 Jul 2023 20:43:04 +0000
Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:16 +0000
Received: from localhost ([127.0.0.1]:60052 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qMaTX-0000Wb-11
for submit <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:15 -0400
Received: from tobias.gr ([80.241.217.52]:36824)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1qMaTP-0000V4-7k
for 61462 <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=0FSTh1NoTBq9j
Z47sqYRZXxXyaqdbtnWI1KKeWeorp8=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=CFGCBAn2ZOjc8Mkn3GOnGjs69SRNtUds9CeSeT
PMVjgEK1csbkG+ZUP6984d9aJzNxEIevxk8tUrLJLASrnt7ICkwXLfSMXKU6LNoDmkCKKh
8wgPojbQIQj7png0C/a0LuElzTlE8Yr18y5kpQu5JF1GvXQSNAbhbReN6oaMQU7r+w+h3R
O/DZVsr59jSUo8vVB3S2nk/pzq8AMvQ6t/4I8tILRA6S6kGH+gnkPRlv5m43RlRnP/ORcB
NTGNqJE5y3f6ARUIzj51pLgTk9v9x8IkMH8UICTw+oCy6WGJH7L1nVVlwASmAJCURR8ZC5
EeZaC0AFWEDY3yh74IpnKSgQ==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id e4007eba
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Thu, 20 Jul 2023 20:41:48 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 16 Jul 2023 01:59:54 +0200
Message-ID: <ab18d24c95ed2765c83521b9b8d05cb9d7d91b39.1689465600.git.me@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: =?UTF-8?Q?=E2=80=A6those?= good for master, anyway. * gnu/packages/admin.scm
(ktsuss, opendoas, hosts) [arguments]: Replace /run/setuid-programs with
/run/privileged/bin. * gnu/packages/containers.scm (slirp4netns)[arguments]:
Likewise. * gnu/packages/ [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: =?UTF-8?Q?=E2=80=A6those?= good for master, anyway. * gnu/packages/admin.scm
(ktsuss, opendoas, hosts) [arguments]: Replace /run/setuid-programs with
/run/privileged/bin. * gnu/packages/containers.scm (slirp4netns)[arguments]:
Likewise. * gnu/packages/ [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
…those good for master, anyway.
* gnu/packages/admin.scm (ktsuss, opendoas, hosts)
[arguments]: Replace /run/setuid-programs with /run/privileged/bin.
* gnu/packages/containers.scm (slirp4netns)[arguments]: Likewise.
* gnu/packages/debian.scm (pbuilder)[arguments]: Likewise.
* gnu/packages/disk.scm (udevil)[arguments]: Likewise.
* gnu/packages/enlightenment.scm (efl, enlightenment)
[arguments]: Likewise.
* gnu/packages/gnome.scm (gdm, gnome-control-center)
[arguments]: Likewise.
* gnu/packages/linux.scm (singularity)[arguments]: Likewise.
* gnu/packages/lxde.scm (spacefm)[arguments]: Likewise.
* gnu/packages/monitoring.scm (zabbix-agentd)[arguments]: Likewise.
* gnu/packages/virtualization.scm (ganeti)[arguments]: Likewise.
* gnu/packages/xdisorg.scm (xsecurelock)[arguments]: Likewise.
* gnu/services/dbus.scm (dbus-configuration-directory): Likewise.
* gnu/services/ganeti.scm (%default-ganeti-environment-variables):
Likewise.
* gnu/services/monitoring.scm (zabbix-agent-shepherd-service): Likewise.
* gnu/tests/ldap.scm (marionette): Likewise.
* gnu/tests/monitoring.scm (os): Likewise.
---
gnu/machine/ssh.scm | 2 ++
gnu/packages/admin.scm | 6 +++---
gnu/packages/containers.scm | 2 +-
gnu/packages/debian.scm | 4 ++--
gnu/packages/disk.scm | 14 +++++++-------
gnu/packages/enlightenment.scm | 10 +++++-----
gnu/packages/gnome.scm | 4 ++--
gnu/packages/linux.scm | 2 +-
gnu/packages/lxde.scm | 19 ++++++++-----------
gnu/packages/monitoring.scm | 2 +-
gnu/packages/virtualization.scm | 2 +-
gnu/packages/xdisorg.scm | 2 +-
gnu/services/dbus.scm | 2 +-
gnu/services/ganeti.scm | 2 +-
gnu/services/monitoring.scm | 2 +-
gnu/tests/ldap.scm | 2 +-
gnu/tests/monitoring.scm | 4 ++--
17 files changed, 40 insertions(+), 41 deletions(-)
diff --git a/gnu/machine/ssh.scm b/gnu/machine/ssh.scm
index 343cf74748..26ea787e29 100644
--- a/gnu/machine/ssh.scm
+++ b/gnu/machine/ssh.scm
@@ -177,6 +177,8 @@ (define (machine-become-command machine)
(if (string= "root" (machine-ssh-configuration-user
(machine-configuration machine)))
'()
+ ;; Use the old setuid-programs location until the remote is likely to
+ ;; have the new /run/privileged one in place.
'("/run/setuid-programs/sudo" "-n" "--")))
(define (managed-host-remote-eval machine exp)
diff --git a/gnu/packages/admin.scm b/gnu/packages/admin.scm
index ec32041055..c42f23f437 100644
--- a/gnu/packages/admin.scm
+++ b/gnu/packages/admin.scm
@@ -205,7 +205,7 @@ (define-public ktsuss
(lambda _
(substitute* "configure.ac"
(("supath=`which su 2>/dev/null`")
- "supath=/run/setuid-programs/su"))
+ "supath=/run/privileged/bin/su"))
#t)))))
(native-inputs
(list autoconf automake libtool pkg-config))
@@ -2077,7 +2077,7 @@ (define-public opendoas
(substitute* "doas.c"
(("safepath =" match)
(string-append match " \""
- "/run/setuid-programs:"
+ "/run/privileged/bin:"
"/run/current-system/profile/bin:"
"/run/current-system/profile/sbin:"
"\" ")))))
@@ -4918,7 +4918,7 @@ (define-public hosts
":" (assoc-ref %build-inputs "grep") "/bin"
":" (assoc-ref %build-inputs "ncurses") "/bin"
":" (assoc-ref %build-inputs "sed") "/bin"
- ":" "/run/setuid-programs"
+ ":" "/run/privileged/bin"
":" (getenv "PATH")))
(substitute* "hosts"
(("#!/usr/bin/env bash")
diff --git a/gnu/packages/containers.scm b/gnu/packages/containers.scm
index 232d994fe3..92573f211d 100644
--- a/gnu/packages/containers.scm
+++ b/gnu/packages/containers.scm
@@ -237,7 +237,7 @@ (define-public slirp4netns
(add-after 'unpack 'fix-hardcoded-paths
(lambda _
(substitute* (find-files "tests" "\\.sh")
- (("ping") "/run/setuid-programs/ping")))))))
+ (("ping") "/run/privileged/bin/ping")))))))
(inputs
(list glib
libcap
diff --git a/gnu/packages/debian.scm b/gnu/packages/debian.scm
index c5cfda9f80..c18de1403c 100644
--- a/gnu/packages/debian.scm
+++ b/gnu/packages/debian.scm
@@ -494,8 +494,8 @@ (define-public pbuilder
(lambda ()
(format #t "# A couple of presets to make this work more smoothly.~@
MIRRORSITE=\"http://deb.debian.org/debian\"~@
- if [ -r /run/setuid-programs/sudo ]; then~@
- PBUILDERROOTCMD=\"/run/setuid-programs/sudo -E\"~@
+ if [ -r /run/privileged/bin/sudo ]; then~@
+ PBUILDERROOTCMD=\"/run/privileged/bin/sudo -E\"~@
fi~@
PBUILDERSATISFYDEPENDSCMD=\"~a/lib/pbuilder/pbuilder-satisfydepends-apt\"~%"
#$output)))))
diff --git a/gnu/packages/disk.scm b/gnu/packages/disk.scm
index 35ffcf173e..95688ad422 100644
--- a/gnu/packages/disk.scm
+++ b/gnu/packages/disk.scm
@@ -204,10 +204,10 @@ (define-public udevil
;; udevil expects these programs to be run with uid set as root.
;; user has to manually add these programs to setuid-programs.
;; mount and umount are default setuid-programs in guix system.
- "--with-mount-prog=/run/setuid-programs/mount"
- "--with-umount-prog=/run/setuid-programs/umount"
- "--with-losetup-prog=/run/setuid-programs/losetup"
- "--with-setfacl-prog=/run/setuid-programs/setfacl")
+ "--with-mount-prog=/run/privileged/bin/mount"
+ "--with-umount-prog=/run/privileged/bin/umount"
+ "--with-losetup-prog=/run/privileged/bin/losetup"
+ "--with-setfacl-prog=/run/privileged/bin/setfacl")
#:phases
(modify-phases %standard-phases
(add-after 'unpack 'remove-root-reference
@@ -218,12 +218,12 @@ (define-public udevil
(add-after 'unpack 'patch-udevil-reference
;; udevil expects itself to be run with uid set as root.
;; devmon also expects udevil to be run with uid set as root.
- ;; user has to manually add udevil to setuid-programs.
+ ;; user has to manually add udevil to privileged-programs.
(lambda _
(substitute* "src/udevil.c"
- (("/usr/bin/udevil") "/run/setuid-programs/udevil"))
+ (("/usr/bin/udevil") "/run/privileged/bin/udevil"))
(substitute* "src/devmon"
- (("`which udevil 2>/dev/null`") "/run/setuid-programs/udevil"))
+ (("`which udevil 2>/dev/null`") "/run/privileged/bin/udevil"))
#t)))))
(native-inputs
(list intltool pkg-config))
diff --git a/gnu/packages/enlightenment.scm b/gnu/packages/enlightenment.scm
index 64d8945f8e..a6ee9dcb8a 100644
--- a/gnu/packages/enlightenment.scm
+++ b/gnu/packages/enlightenment.scm
@@ -149,8 +149,8 @@ (define-public efl
"-Dbuild-examples=false"
"-Decore-imf-loaders-disabler=scim"
"-Dglib=true"
- "-Dmount-path=/run/setuid-programs/mount"
- "-Dunmount-path=/run/setuid-programs/umount"
+ "-Dmount-path=/run/privileged/bin/mount"
+ "-Dunmount-path=/run/privileged/bin/umount"
"-Dnetwork-backend=connman"
,,@(if (member (%current-system)
(package-transitive-supported-systems luajit))
@@ -338,7 +338,7 @@ (define-public enlightenment
(substitute* '("src/bin/e_sys_main.c"
"src/bin/e_util_suid.h")
(("PATH=/bin:/usr/bin:/sbin:/usr/sbin")
- (string-append "PATH=/run/setuid-programs:"
+ (string-append "PATH=/run/privileged/bin:"
"/run/current-system/profile/bin:"
"/run/current-system/profile/sbin")))
(substitute* "src/modules/everything/evry_plug_calc.c"
@@ -347,8 +347,8 @@ (define-public enlightenment
(("libddcutil\\.so\\.?" libddcutil)
(string-append ddcutil "/lib/" libddcutil)))
(substitute* "data/etc/meson.build"
- (("/bin/mount") "/run/setuid-programs/mount")
- (("/bin/umount") "/run/setuid-programs/umount")
+ (("/bin/mount") "/run/privileged/bin/mount")
+ (("/bin/umount") "/run/privileged/bin/umount")
(("/usr/bin/eject") "/run/current-system/profile/bin/eject"))
(substitute* "src/bin/system/e_system_power.c"
(("systemctl") "loginctl"))))))))
diff --git a/gnu/packages/gnome.scm b/gnu/packages/gnome.scm
index 11085ecc80..485b8a16ba 100644
--- a/gnu/packages/gnome.scm
+++ b/gnu/packages/gnome.scm
@@ -8813,7 +8813,7 @@ (define-public gdm
"--localstatedir=/var"
(string-append "-Ddefault-path="
- (string-join '("/run/setuid-programs"
+ (string-join '("/run/privileged/bin"
"/run/current-system/profile/bin"
"/run/current-system/profile/sbin")
":"))
@@ -9088,7 +9088,7 @@ (define-public gnome-control-center
inputs "bin/nm-connection-editor"))))
(substitute* "panels/user-accounts/run-passwd.c"
(("/usr/bin/passwd")
- "/run/setuid-programs/passwd"))
+ "/run/privileged/bin/passwd"))
(substitute* "panels/info-overview/cc-info-overview-panel.c"
(("DATADIR \"/gnome/gnome-version.xml\"")
(format #f "~s" (search-input-file
diff --git a/gnu/packages/linux.scm b/gnu/packages/linux.scm
index 67128524ff..cc8d3be791 100644
--- a/gnu/packages/linux.scm
+++ b/gnu/packages/linux.scm
@@ -5114,7 +5114,7 @@ (define-public singularity
(substitute* (find-files "libexec/cli" "\\.exec$")
(("\\$SINGULARITY_libexecdir/singularity/bin/([a-z]+)-suid"
_ program)
- (string-append "/run/setuid-programs/singularity-"
+ (string-append "/run/privileged/bin/singularity-"
program "-helper")))
;; These squashfs mount options are apparently no longer
diff --git a/gnu/packages/lxde.scm b/gnu/packages/lxde.scm
index 0291f50302..1a969eb4b5 100644
--- a/gnu/packages/lxde.scm
+++ b/gnu/packages/lxde.scm
@@ -372,26 +372,23 @@ (define-public spacefm
(substitute* '("mime-type/mime-type.c" "ptk/ptk-file-menu.c")
(("/usr(/local)?/share/mime") mime)))
#t)))
- (add-after 'patch-mime-dirs 'patch-setuid-progs
+ (add-after 'patch-mime-dirs 'patch-privileged-programs
(lambda _
- (let* ((su "/run/setuid-programs/su")
- (mount "/run/setuid-programs/mount")
- (umount "/run/setuid-programs/umount")
- (udevil "/run/setuid-programs/udevil"))
+ (let ((privileged (lambda (command)
+ (string-append "/run/privileged/bin/"
+ command))))
(with-directory-excursion "src"
(substitute* '("settings.c" "settings.h" "vfs/vfs-file-task.c"
"vfs/vfs-volume-hal.c" "../data/ui/prefdlg.ui"
"../data/ui/prefdlg2.ui")
- (("(/usr)?/bin/su") su)
- (("/(bin|sbin)/mount") mount)
- (("/(bin|sbin)/umount") umount)
- (("/usr/bin/udevil") udevil)))
+ (("(/usr)?/s?bin/(mount|umount|su|udevil)" _ _ command)
+ (privileged command))))
#t)))
- (add-after 'patch-setuid-progs 'patch-spacefm-conf
+ (add-after 'patch-privileged-programs 'patch-spacefm.conf
(lambda* (#:key inputs #:allow-other-keys)
(substitute* "etc/spacefm.conf"
(("#terminal_su=/bin/su")
- "terminal_su=/run/setuid-programs/su")
+ "terminal_su=/run/privileged/bin/su")
(("#graphical_su=/usr/bin/gksu")
(string-append "graphical_su="
(search-input-file inputs "/bin/ktsuss")))))))
diff --git a/gnu/packages/monitoring.scm b/gnu/packages/monitoring.scm
index 3238f11fb4..f935c015a4 100644
--- a/gnu/packages/monitoring.scm
+++ b/gnu/packages/monitoring.scm
@@ -186,7 +186,7 @@ (define-public zabbix-agentd
"src/zabbix_server/server.c")
;; 'fping' must be setuid, so look for it in the usual location.
(("/usr/sbin/fping6?")
- "/run/setuid-programs/fping")))))
+ "/run/privileged/bin/fping")))))
(build-system gnu-build-system)
(arguments
(list #:configure-flags
diff --git a/gnu/packages/virtualization.scm b/gnu/packages/virtualization.scm
index 9b1bdeb5e4..26e4ecff14 100644
--- a/gnu/packages/virtualization.scm
+++ b/gnu/packages/virtualization.scm
@@ -764,7 +764,7 @@ (define-public ganeti
;; hard coded PATH. Patch so it works on Guix System.
(substitute* "src/Ganeti/Constants.hs"
(("/sbin:/bin:/usr/sbin:/usr/bin")
- "/run/setuid-programs:/run/current-system/profile/sbin:\
+ "/run/privileged/bin:/run/current-system/profile/sbin:\
/run/current-system/profile/bin"))))
(add-after 'bootstrap 'patch-sphinx-version-detection
(lambda _
diff --git a/gnu/packages/xdisorg.scm b/gnu/packages/xdisorg.scm
index da5ca76e10..e7ede8de3e 100644
--- a/gnu/packages/xdisorg.scm
+++ b/gnu/packages/xdisorg.scm
@@ -2507,7 +2507,7 @@ (define-public xsecurelock
'(#:configure-flags
'("--with-pam-service-name=login"
"--with-xkb"
- "--with-default-authproto-module=/run/setuid-programs/authproto_pam")))
+ "--with-default-authproto-module=/run/privileged/bin/authproto_pam")))
(native-inputs
(list pandoc pkg-config))
(inputs
diff --git a/gnu/services/dbus.scm b/gnu/services/dbus.scm
index 5a0c634393..bb9efb1c56 100644
--- a/gnu/services/dbus.scm
+++ b/gnu/services/dbus.scm
@@ -115,7 +115,7 @@ (define (dbus-configuration-directory services)
;; failures such as <https://issues.guix.gnu.org/52051> on slow
;; computers with slow I/O.
(limit (@ (name "auth_timeout")) "300000")
- (servicehelper "/run/setuid-programs/dbus-daemon-launch-helper")
+ (servicehelper "/run/privileged/bin/dbus-daemon-launch-helper")
;; First, the '.service' files of services subject to activation.
;; We use a fixed location under /etc because the setuid helper
diff --git a/gnu/services/ganeti.scm b/gnu/services/ganeti.scm
index f4fec3833e..ee72946c88 100644
--- a/gnu/services/ganeti.scm
+++ b/gnu/services/ganeti.scm
@@ -182,7 +182,7 @@ (define-module (gnu services ganeti)
;; Ceph, Gluster, etc, without having to add absolute references to everything.
(define %default-ganeti-environment-variables
(list (string-append "PATH="
- (string-join '("/run/setuid-programs"
+ (string-join '("/run/privileged/bin"
"/run/current-system/profile/sbin"
"/run/current-system/profile/bin")
":"))))
diff --git a/gnu/services/monitoring.scm b/gnu/services/monitoring.scm
index e698040078..c3fc8dafc8 100644
--- a/gnu/services/monitoring.scm
+++ b/gnu/services/monitoring.scm
@@ -1016,7 +1016,7 @@ (define (zabbix-agent-shepherd-service config)
/etc/ssl/certs"
"SSL_CERT_FILE=/run/current-system/profile\
/etc/ssl/certs/ca-certificates.crt"
- "PATH=/run/setuid-programs:\
+ "PATH=/run/privileged/bin:\
/run/current-system/profile/bin:/run/current-system/profile/sbin")))
(stop #~(make-kill-destructor)))))
diff --git a/gnu/tests/ldap.scm b/gnu/tests/ldap.scm
index 47e77c0c53..d5ab6899cf 100644
--- a/gnu/tests/ldap.scm
+++ b/gnu/tests/ldap.scm
@@ -144,7 +144,7 @@ (define (run-ldap-test)
(test-assert "Can become LDAP user"
(marionette-eval
- '(zero? (system* "/run/setuid-programs/su" "eva" "-c"
+ '(zero? (system* "/run/privileged/bin/su" "eva" "-c"
#$(file-append coreutils "/bin/true")))
marionette))
diff --git a/gnu/tests/monitoring.scm b/gnu/tests/monitoring.scm
index bbab1d8acf..a0c8c929b1 100644
--- a/gnu/tests/monitoring.scm
+++ b/gnu/tests/monitoring.scm
@@ -189,11 +189,11 @@ (define* (run-zabbix-server-test name test-os)
(start-service 'postgres))
marionette))
- ;; Add /run/setuid-programs to $PATH so that the scripts passed to
+ ;; Add privileged programs to $PATH so that the scripts passed to
;; 'system' can find 'sudo'.
(marionette-eval
'(setenv "PATH"
- "/run/setuid-programs:/run/current-system/profile/bin")
+ "/run/privileged/bin:/run/current-system/profile/bin")
marionette)
(test-eq "postgres create zabbix user"
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH v2 07/10] build: Rename activate-setuid-programs.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 20 Jul 2023 20:43:04 +0000
Resent-Message-ID: <handler.61462.B61462.16898857362040 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.16898857362040
(code B ref 61462); Thu, 20 Jul 2023 20:43:04 +0000
Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:16 +0000
Received: from localhost ([127.0.0.1]:60054 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qMaTX-0000Wj-W1
for submit <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:16 -0400
Received: from tobias.gr ([2a02:c205:2020:6054::1]:51548)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1qMaTQ-0000V6-Nt
for 61462 <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=ImXSL+e3vmn8t
TrpEqYTNjkc+6HsTPFcPM6zjN+eDNo=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=cgo/WfwMpzAyZBUsauuGhdqvueGz5pl+xz8lAT
Fg55EcriZPNXq5AZa4Kd/bc+qA8DCsFUwimVxSkEvJJWECpfrmw0Bu6tyWacw6+1jKpc2Q
uzpTjKqY6+R7N8pKn7mxyyHE0n20NmUBCHa28HPO5pxv20boZA7xZ5WM1zs6dB0c+uN31v
24TmeMiyfCVMk0c90QrkS9colJvWOXuk+Tjt3Turf51n8zGNGdTp08JVH+tNrSW+XcnbJW
0QPCYQNmUNJfeUYCnWZ1dsvt/jJ8L08G5XqGD+yPG+i87e17ITGfXpLm807gyoARAp4r+F
aNw/bIcW3D3pck8NPoyQsSoA==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id d133ca6a
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Thu, 20 Jul 2023 20:41:50 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 16 Jul 2023 01:59:57 +0200
Message-ID: <f91f98d106647d4f75c38e6303f8dddfaf9d4dcf.1689465600.git.me@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/build/activation.scm (activate-setuid-programs): Rename
=?UTF-8?Q?this=E2=80=A6?= (activate-privileged-programs): =?UTF-8?Q?=E2=80=A6to?= this. Operate on a list of
<privileged-program> records. * gnu/services.scm (setuid-program- [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/build/activation.scm (activate-setuid-programs): Rename
=?UTF-8?Q?this=E2=80=A6?= (activate-privileged-programs): =?UTF-8?Q?=E2=80=A6to?= this. Operate on a list of
<privileged-program> records. * gnu/services.scm (setuid-program- [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/build/activation.scm (activate-setuid-programs): Rename this…
(activate-privileged-programs): …to this.
Operate on a list of <privileged-program> records.
* gnu/services.scm (setuid-program->activation-gexp): Adjust caller.
---
gnu/build/activation.scm | 24 ++++++++++++------------
gnu/services.scm | 2 +-
2 files changed, 13 insertions(+), 13 deletions(-)
diff --git a/gnu/build/activation.scm b/gnu/build/activation.scm
index 7f4800bba1..84fbeda162 100644
--- a/gnu/build/activation.scm
+++ b/gnu/build/activation.scm
@@ -27,7 +27,7 @@
(define-module (gnu build activation)
#:use-module (gnu system accounts)
- #:use-module (gnu system setuid)
+ #:use-module (gnu system privilege)
#:use-module (gnu build accounts)
#:use-module (gnu build linux-boot)
#:use-module (guix build utils)
@@ -41,7 +41,7 @@ (define-module (gnu build activation)
#:export (activate-users+groups
activate-user-home
activate-etc
- activate-setuid-programs
+ activate-privileged-programs
activate-special-files
activate-modprobe
activate-firmware
@@ -287,8 +287,8 @@ (define %privileged-program-directory
;; Place where privileged copies of programs are stored.
"/run/privileged/bin")
-(define (activate-setuid-programs programs)
- "Turn PROGRAMS, a list of file setuid-programs records, into privileged
+(define (activate-privileged-programs programs)
+ "Turn PROGRAMS, a list of file privileged-programs records, into privileged
copies stored under %PRIVILEGED-PROGRAM-DIRECTORY."
(define (ensure-empty-directory directory)
(if (file-exists? directory)
@@ -325,11 +325,11 @@ (define (activate-setuid-programs programs)
(for-each (lambda (program)
(catch 'system-error
(lambda ()
- (let* ((program-name (setuid-program-program program))
- (setuid? (setuid-program-setuid? program))
- (setgid? (setuid-program-setgid? program))
- (user (setuid-program-user program))
- (group (setuid-program-group program))
+ (let* ((program-name (privileged-program-program program))
+ (setuid? (privileged-program-setuid? program))
+ (setgid? (privileged-program-setgid? program))
+ (user (privileged-program-user program))
+ (group (privileged-program-group program))
(uid (match user
((? string?) (passwd:uid (getpwnam user)))
((? integer?) user)))
@@ -339,13 +339,13 @@ (define (activate-setuid-programs programs)
(make-privileged-program program-name setuid? setgid? uid gid)
(make-deprecated-wrapper program-name)))
(lambda args
- ;; If we fail to create a setuid program, better keep going
+ ;; If we fail to create a privileged program, better keep going
;; so that we don't leave %PRIVILEGED-PROGRAM-DIRECTORY empty
;; or half-populated. This can happen if PROGRAMS contains
;; incorrect file names: <https://bugs.gnu.org/38800>.
(format (current-error-port)
- "warning: failed to make ~s setuid/setgid: ~a~%"
- (setuid-program-program program)
+ "warning: failed to privilege ~s: ~a~%"
+ (privileged-program-program program)
(strerror (system-error-errno args))))))
programs))
diff --git a/gnu/services.scm b/gnu/services.scm
index eefe58b336..91584e64ca 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -882,7 +882,7 @@ (define (setuid-program->activation-gexp programs)
#~(begin
(use-modules (gnu system setuid))
- (activate-setuid-programs (list #$@programs))))))
+ (activate-privileged-programs (list #$@programs))))))
(define setuid-program-service-type
(service-type (name 'setuid-program)
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH v2 08/10] services: Rename setuid-program-service-type.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 20 Jul 2023 20:43:05 +0000
Resent-Message-ID: <handler.61462.B61462.16898857372049 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.16898857372049
(code B ref 61462); Thu, 20 Jul 2023 20:43:05 +0000
Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:17 +0000
Received: from localhost ([127.0.0.1]:60056 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qMaTY-0000Ww-Hb
for submit <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:17 -0400
Received: from tobias.gr ([80.241.217.52]:53738)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1qMaTQ-0000VG-Qk
for 61462 <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:09 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=4AFlEzXYTYbFC
0kM2rPc3Wl+LbLCfved6DhAQJPym8k=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=VkA1kalMsUs1VU3FNOqWU/BlXN9I8Z6yZZSNUq
8PSU/x5hjM0OfA2JCUxOebe2mDDbRGBiOsF2Zj3B9kQQGl7Hq4HlxCohwLwCNWLR9MYD+/
04pCkAjjoa21U4pNC7zJMo5vtw4OFtY6W3abOA6dAI+WWsCx8gUwNlJTlkmRaqmM8VF1dF
sUW2cLNHKf5bWX/X8yqxS++eBQz0K/ZU7pPrbIsk5bUjYiGKcx+QGgimMc5hPmrHNhkJlC
PXR6x5kfuDe9VmTwrgzW+kRzZJrlLyfvBammWTOmGVGAssCJVT2re3FnpDMSpOAfhLNLxi
vcRyrf1Haiiy1lnRNfotLyvg==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id c2c2c45f
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Thu, 20 Jul 2023 20:41:50 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 16 Jul 2023 01:59:58 +0200
Message-ID: <18df04c97b0ad915e098a160d19d8f3ecb5e7e2a.1689465600.git.me@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/services.scm (setuid-program->activation-gexp): Rename
=?UTF-8?Q?this=E2=80=A6?= (privileged-program->activation-gexp): =?UTF-8?Q?=E2=80=A6to?= this. Operate on a list
of <privileged-program> records. (privileged-program-service-t [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/services.scm (setuid-program->activation-gexp): Rename
=?UTF-8?Q?this=E2=80=A6?= (privileged-program->activation-gexp): =?UTF-8?Q?=E2=80=A6to?= this. Operate on a list
of <privileged-program> records. (privileged-program-service-t [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/services.scm (setuid-program->activation-gexp): Rename this…
(privileged-program->activation-gexp): …to this.
Operate on a list of <privileged-program> records.
(privileged-program-service-type): New variable, renamed from
setuid-program-service-type. Rename the service-type accordingly.
(setuid-program-service-type): Redefine as an alias for the above.
---
gnu/services.scm | 34 ++++++++++++++++++++--------------
1 file changed, 20 insertions(+), 14 deletions(-)
diff --git a/gnu/services.scm b/gnu/services.scm
index 91584e64ca..5cb7f37c06 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -45,6 +45,7 @@ (define-module (gnu services)
#:use-module (gnu packages base)
#:use-module (gnu packages bash)
#:use-module (gnu packages hurd)
+ #:use-module (gnu system privilege)
#:use-module (gnu system setuid)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
@@ -113,7 +114,8 @@ (define-module (gnu services)
extra-special-file
etc-service-type
etc-directory
- setuid-program-service-type
+ privileged-program-service-type
+ setuid-program-service-type ; deprecated
profile-service-type
firmware-service-type
gc-root-service-type
@@ -860,17 +862,17 @@ (define-deprecated (etc-service files)
FILES must be a list of name/file-like object pairs."
(service etc-service-type files))
-(define (setuid-program->activation-gexp programs)
- "Return an activation gexp for setuid-program from PROGRAMS."
+(define (privileged-program->activation-gexp programs)
+ "Return an activation gexp for privileged-program from PROGRAMS."
(let ((programs (map (lambda (program)
;; FIXME This is really ugly, I didn't managed to use
;; "inherit"
- (let ((program-name (setuid-program-program program))
- (setuid? (setuid-program-setuid? program))
- (setgid? (setuid-program-setgid? program))
- (user (setuid-program-user program))
- (group (setuid-program-group program)) )
- #~(setuid-program
+ (let ((program-name (privileged-program-program program))
+ (setuid? (privileged-program-setuid? program))
+ (setgid? (privileged-program-setgid? program))
+ (user (privileged-program-user program))
+ (group (privileged-program-group program)) )
+ #~(privileged-program
(setuid? #$setuid?)
(setgid? #$setgid?)
(user #$user)
@@ -878,17 +880,17 @@ (define (setuid-program->activation-gexp programs)
(program #$program-name))))
programs)))
(with-imported-modules (source-module-closure
- '((gnu system setuid)))
+ '((gnu system privilege)))
#~(begin
- (use-modules (gnu system setuid))
+ (use-modules (gnu system privilege))
(activate-privileged-programs (list #$@programs))))))
-(define setuid-program-service-type
- (service-type (name 'setuid-program)
+(define privileged-program-service-type
+ (service-type (name 'privileged-program)
(extensions
(list (service-extension activation-service-type
- setuid-program->activation-gexp)))
+ privileged-program->activation-gexp)))
(compose concatenate)
(extend (lambda (config extensions)
(append config extensions)))
@@ -900,6 +902,10 @@ (define setuid-program-service-type
symbolic links to their @file{/run/privileged/bin} counterpart. It will be
removed in a future Guix release.")))
+(define setuid-program-service-type
+ ;; Deprecated alias to ease transition. Will be removed!
+ privileged-program-service-type)
+
(define (packages->profile-entry packages)
"Return a system entry for the profile containing PACKAGES."
;; XXX: 'mlet' is needed here for one reason: to get the proper
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH v2 09/10] system: Use privileged-program-service-type by default.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 20 Jul 2023 20:43:05 +0000
Resent-Message-ID: <handler.61462.B61462.16898857372057 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.16898857372057
(code B ref 61462); Thu, 20 Jul 2023 20:43:05 +0000
Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:17 +0000
Received: from localhost ([127.0.0.1]:60058 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qMaTZ-0000X0-6e
for submit <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:17 -0400
Received: from tobias.gr ([80.241.217.52]:36824)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1qMaTR-0000V4-NL
for 61462 <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:10 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=I2OKij9MWv21N
vkx5g5FAzem7b5+qLvQHI0CVJq9P7c=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=A9jIBQgXVfm0Kg2brkr6ESIvS5oddD/UGO92Jy
J4rGWK8tJ38QxMfZxjfIM8NX235a5gHqoQjZpTCwc69UejUb5FpVqi889DZFRLHggem7sf
tdKtG5cO55hGZjCjsDnU3boL/PO0phq2oV1qC8FVssl2Qf56tS1ZSSHhXfHzrXHKqkmW96
z4d0cteiLjuDFRCw95EexrLO2eUDIXZ5gj7LDB9vVA9AmpMziy86wWu6chg4F1+KKCEk/h
hLqLl3P+BQIX/MaWQ15Z8k/5iTiSGhuEOBHM5SSISIrodHWuIBnVwRU2rqq5ZlCBngtyV1
AnO1BNcy/w7cCwVuV/pZwC9A==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id 28f24b01
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Thu, 20 Jul 2023 20:41:50 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 16 Jul 2023 01:59:59 +0200
Message-ID: <ebaf368d362a67006a4b9af6a28055c3e18106ee.1689465600.git.me@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system.scm
(operating-system-default-essential-services)
(hurd-default-essential-services): Substitute privileged-program-service-type
for setuid-program-service-type. --- gnu/system.scm | 4 ++- [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date -0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system.scm (operating-system-default-essential-services)
(hurd-default-essential-services): Substitute privileged-program-service-type
for setuid-program-service-type. --- gnu/system.scm | 4 ++- [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/system.scm (operating-system-default-essential-services)
(hurd-default-essential-services): Substitute
privileged-program-service-type for setuid-program-service-type.
---
gnu/system.scm | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/gnu/system.scm b/gnu/system.scm
index b68c4d272b..39c10dddcb 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -783,7 +783,7 @@ (define (operating-system-default-essential-services os)
(operating-system-environment-variables os))
(service host-name-service-type host-name)
procs root-fs
- (service setuid-program-service-type
+ (service privileged-program-service-type
(operating-system-setuid-programs os))
(service profile-service-type
(operating-system-packages os))
@@ -824,7 +824,7 @@ (define (hurd-default-essential-services os)
(list `("hosts" ,hosts-file)))
(service hosts-service-type
(local-host-entries host-name)))
- (service setuid-program-service-type
+ (service privileged-program-service-type
(operating-system-setuid-programs os))
(service profile-service-type (operating-system-packages os)))))
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] [PATCH v2 10/10] system: Add privileged-programs to <operating-system>.
Resent-From: Tobias Geerinckx-Rice <me@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Thu, 20 Jul 2023 20:43:06 +0000
Resent-Message-ID: <handler.61462.B61462.16898857382064 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.16898857382064
(code B ref 61462); Thu, 20 Jul 2023 20:43:06 +0000
Received: (at 61462) by debbugs.gnu.org; 20 Jul 2023 20:42:18 +0000
Received: from localhost ([127.0.0.1]:60060 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qMaTZ-0000X8-Hj
for submit <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:18 -0400
Received: from tobias.gr ([2a02:c205:2020:6054::1]:51548)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <me@HIDDEN>) id 1qMaTR-0000V6-U3
for 61462 <at> debbugs.gnu.org; Thu, 20 Jul 2023 16:42:11 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; s=2018; bh=6kkBI9n4TFSbC
c3TeONf358gRsQ6d+f/X1w/baAoUc4=; h=references:in-reply-to:date:
subject:to:from; d=tobias.gr;
b=o4MrLctgJ29H+kHGQ+C6mKf3zkiCc8mJDVZqhr
DmvJmfrzz7yXXO0KiCQDiL+QnPuTV1j/YPdPBoT+PmJyL2SV63fjmjoLMznOpmaxXm55ux
dUpXQXxMEm7AiudJRRXCvk0bz36EUz2C6PQqhb8IgNKCmUKVlpNn68eeaGa122q9DXMf9V
wYGd/HII2RHpPymLvnoGf7UlMphMELOq2xPiK6LPdNQMnfL/n1lPHy73o9w2UyzdjDkKGM
+Sq3p62sKpIjFtyiwWcxCr1oJBK/0RUDteYXA+Bg6J16lS06K0koMB07+5SIQvbJla9sXh
5hIOso8i+afZUkDo0nX1zoig==
Received: by submission.tobias.gr (OpenSMTPD) with ESMTPSA id af4e6bad
(TLSv1.3:TLS_AES_256_GCM_SHA384:256:NO) for <61462 <at> debbugs.gnu.org>;
Thu, 20 Jul 2023 20:41:51 +0000 (UTC)
From: Tobias Geerinckx-Rice <me@HIDDEN>
Date: Sun, 16 Jul 2023 02:00:00 +0200
Message-ID: <4e0fe1db5ac68e78dcc5221896797fc452bbdde1.1689465600.git.me@HIDDEN>
X-Mailer: git-send-email 2.41.0
In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
References: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Score: 2.1 (++)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system.scm (<operating-system>): Add new privileged-programs
field, that defaults =?UTF-8?Q?to=E2=80=A6?= (%default-privileged-programs): =?UTF-8?Q?=E2=80=A6this?= new variable,
renamed =?UTF-8?Q?from=E2=80=A6?= (%setuid-programs): =?UTF-8?Q?=E2=80=A6this,?= which i [...]
Content analysis details: (2.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: 1.1 (+)
X-Spam-Report: Spam detection software, running on the system "debbugs.gnu.org",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: * gnu/system.scm (<operating-system>): Add new privileged-programs
field, that defaults =?UTF-8?Q?to=E2=80=A6?= (%default-privileged-programs): =?UTF-8?Q?=E2=80=A6this?= new variable,
renamed =?UTF-8?Q?from=E2=80=A6?= (%setuid-programs): =?UTF-8?Q?=E2=80=A6this,?= which i [...]
Content analysis details: (1.1 points, 10.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
2.1 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received:
date
-0.0 SPF_PASS SPF: sender matches SPF record
-0.0 SPF_HELO_PASS SPF: HELO matches SPF record
-0.0 T_SCC_BODY_TEXT_LINE No description available.
-1.0 MAILING_LIST_MULTI Multiple indicators imply a widely-seen list
manager
* gnu/system.scm (<operating-system>): Add new privileged-programs
field, that defaults to…
(%default-privileged-programs): …this new variable, renamed from…
(%setuid-programs): …this, which is now defined as the empty list.
* doc/guix.texi (Setuid Programs): Rename this…
(Privileged Programs): …to this. Adjust all refs. Update all mentions
of ‘setuid’ (whether in prose, variable names, or code samples) to use
the new ‘privilege[d]’ terminology instead.
(operating-system Reference, X Window, Desktop Services,
Invoking guix system, Service Reference): Adjust likewise.
---
doc/guix.texi | 89 ++++++++++++++++++++++-------------------
gnu/packages/crypto.scm | 2 +-
gnu/services.scm | 1 -
gnu/system.scm | 21 ++++++++--
4 files changed, 65 insertions(+), 48 deletions(-)
diff --git a/doc/guix.texi b/doc/guix.texi
index 9426c72e1e..0be8a2f4b5 100644
--- a/doc/guix.texi
+++ b/doc/guix.texi
@@ -362,7 +362,7 @@ Top
* Keyboard Layout:: How the system interprets key strokes.
* Locales:: Language and cultural convention settings.
* Services:: Specifying system services.
-* Setuid Programs:: Programs running with elevated privileges.
+* Privileged Programs:: Programs running with elevated privileges.
* X.509 Certificates:: Authenticating HTTPS servers.
* Name Service Switch:: Configuring libc's name service switch.
* Initial RAM Disk:: Linux-Libre bootstrapping.
@@ -16712,7 +16712,7 @@ System Configuration
* Keyboard Layout:: How the system interprets key strokes.
* Locales:: Language and cultural convention settings.
* Services:: Specifying system services.
-* Setuid Programs:: Programs running with elevated privileges.
+* Privileged Programs:: Programs running with elevated privileges.
* X.509 Certificates:: Authenticating HTTPS servers.
* Name Service Switch:: Configuring libc's name service switch.
* Initial RAM Disk:: Linux-Libre bootstrapping.
@@ -17159,9 +17159,9 @@ operating-system Reference
Linux @dfn{pluggable authentication module} (PAM) services.
@c FIXME: Add xref to PAM services section.
-@item @code{setuid-programs} (default: @code{%setuid-programs})
-List of @code{<setuid-program>}. @xref{Setuid Programs}, for more
-information.
+@item @code{privileged-programs} (default: @code{%default-privileged-programs})
+List of @code{<privileged-program>}. @xref{Privileged Programs}, for
+more information.
@item @code{sudoers-file} (default: @code{%sudoers-specification})
@cindex sudoers file
@@ -22760,10 +22760,10 @@ X Window
@defvar screen-locker-service-type
Type for a service that adds a package for a screen locker or screen
-saver to the set of setuid programs and/or add a PAM entry for it. The
+saver to the set of privileged programs and/or add a PAM entry for it. The
value for this service is a @code{<screen-locker-configuration>} object.
-While the default behavior is to setup both a setuid program and PAM
+While the default behavior is to setup both a privileged program and PAM
entry, these two methods are redundant. Screen locker programs may not
execute when PAM is configured and @code{setuid} is set on their
executable. In this case, @code{using-setuid?} can be set to @code{#f}.
@@ -23689,9 +23689,9 @@ Desktop Services
system interfaces. Additionally, adding a service of type
@code{mate-desktop-service-type} adds the MATE metapackage to the system
profile. ``Adding Enlightenment'' means that @code{dbus} is extended
-appropriately, and several of Enlightenment's binaries are set as setuid,
-allowing Enlightenment's screen locker and other functionality to work as
-expected.
+appropriately, and several of Enlightenment's binaries are set as privileged
+programs, allowing Enlightenment's screen locker and other functionality to
+work as expected.
The desktop environments in Guix use the Xorg display server by
default. If you'd like to use the newer display server protocol
@@ -26727,7 +26727,7 @@ Mail Services
Make the following commands setgid to @code{smtpq} so they can be
executed: @command{smtpctl}, @command{sendmail}, @command{send-mail},
@command{makemap}, @command{mailq}, and @command{newaliases}.
-@xref{Setuid Programs}, for more information on setgid programs.
+@xref{Privileged Programs}, for more information on setgid programs.
@end table
@end deftp
@@ -38868,8 +38868,8 @@ Miscellaneous Services
service is the Singularity package to use.
The service does not install a daemon; instead, it installs helper programs as
-setuid-root (@pxref{Setuid Programs}) such that unprivileged users can invoke
-@command{singularity run} and similar commands.
+setuid-root (@pxref{Privileged Programs}) such that unprivileged users can
+invoke @command{singularity run} and similar commands.
@end defvar
@cindex Audit
@@ -39300,11 +39300,14 @@ Miscellaneous Services
@c End of auto-generated fail2ban documentation.
-@node Setuid Programs
-@section Setuid Programs
+@node Privileged Programs
+@section Privileged Programs
+@cindex privileged programs
@cindex setuid programs
@cindex setgid programs
+@cindex capabilities, POSIX
+@cindex setcap
Some programs need to run with elevated privileges, even when they are
launched by unprivileged users. A notorious example is the
@command{passwd} program, which users can run to change their
@@ -39315,46 +39318,48 @@ Setuid Programs
(@pxref{How Change Persona,,, libc, The GNU C Library Reference Manual},
for more info about the setuid mechanism).
-The store itself @emph{cannot} contain setuid programs: that would be a
-security issue since any user on the system can write derivations that
+The store itself @emph{cannot} contain privileged programs: that would be
+a security issue since any user on the system can write derivations that
populate the store (@pxref{The Store}). Thus, a different mechanism is
-used: instead of changing the setuid or setgid bits directly on files that
-are in the store, we let the system administrator @emph{declare} which
+used: instead of directly granting permissions to files that are in
+the store, we let the system administrator @emph{declare} which
programs should be entrusted with these additional privileges.
-The @code{setuid-programs} field of an @code{operating-system}
-declaration contains a list of @code{<setuid-program>} denoting the
+The @code{privileged-programs} field of an @code{operating-system}
+declaration contains a list of @code{<privileged-program>} denoting the
names of programs to have a setuid or setgid bit set (@pxref{Using the
Configuration System}). For instance, the @command{mount.nfs} program,
which is part of the nfs-utils package, with a setuid root can be
designated like this:
@lisp
-(setuid-program
- (program (file-append nfs-utils "/sbin/mount.nfs")))
+(privileged-program
+ (program (file-append nfs-utils "/sbin/mount.nfs"))
+ (setuid? #t))
@end lisp
And then, to make @command{mount.nfs} setuid on your system, add the
previous example to your operating system declaration by appending it to
-@code{%setuid-programs} like this:
+@code{%default-privileged-programs} like this:
@lisp
(operating-system
;; Some fields omitted...
- (setuid-programs
- (append (list (setuid-program
- (program (file-append nfs-utils "/sbin/mount.nfs"))))
- %setuid-programs)))
+ (privileged-programs
+ (append (list (privileged-program
+ (program (file-append nfs-utils "/sbin/mount.nfs"))
+ (setuid? #t))
+ %default-privileged-programs)))
@end lisp
-@deftp {Data Type} setuid-program
-This data type represents a program with a setuid or setgid bit set.
+@deftp {Data Type} privileged-program
+This data type represents a program with special privileges, such as setuid
@table @asis
@item @code{program}
-A file-like object having its setuid and/or setgid bit set.
+A file-like object to which all given privileges should apply.
-@item @code{setuid?} (default: @code{#t})
+@item @code{setuid?} (default: @code{#f})
Whether to set user setuid bit.
@item @code{setgid?} (default: @code{#f})
@@ -39371,18 +39376,18 @@ Setuid Programs
@end table
@end deftp
-A default set of setuid programs is defined by the
-@code{%setuid-programs} variable of the @code{(gnu system)} module.
+A default set of privileged programs is defined by the
+@code{%default-privileged-programs} variable of the @code{(gnu system)} module.
-@defvar %setuid-programs
-A list of @code{<setuid-program>} denoting common programs that are
-setuid-root.
+@defvar {Scheme Variable} %default-privileged-programs
+A list of @code{<privileged-program>} denoting common programs with
+elevated privileges.
The list includes commands such as @command{passwd}, @command{ping},
@command{su}, and @command{sudo}.
@end defvar
-Under the hood, the actual setuid programs are created in the
+Under the hood, the actual privileged programs are created in the
@file{/run/privileged/bin} directory at system activation time. The
files in this directory refer to the ``real'' binaries, which are in the
store.
@@ -40276,7 +40281,7 @@ Invoking guix system
@end quotation
This effects all the configuration specified in @var{file}: user
-accounts, system services, global package list, setuid programs, etc.
+accounts, system services, global package list, privileged programs, etc.
The command starts system services specified in @var{file} that are not
currently running; if a service is currently running this command will
arrange for it to be upgraded the next time it is stopped (e.g.@: by
@@ -41649,10 +41654,10 @@ Service Reference
pointing to the given file.
@end defvar
-@defvar setuid-program-service-type
-Type for the ``setuid-program service''. This service collects lists of
+@defvar privileged-program-service-type
+Type for the ``privileged-program service''. This service collects lists of
executable file names, passed as gexps, and adds them to the set of
-setuid and setgid programs on the system (@pxref{Setuid Programs}).
+privileged programs on the system (@pxref{Privileged Programs}).
@end defvar
@defvar profile-service-type
diff --git a/gnu/packages/crypto.scm b/gnu/packages/crypto.scm
index 91acedbc97..5c711e0cc6 100644
--- a/gnu/packages/crypto.scm
+++ b/gnu/packages/crypto.scm
@@ -501,7 +501,7 @@ (define-public tomb
`(#:make-flags (list (string-append "PREFIX=" (assoc-ref %outputs "out")))
;; The "sudo" input is needed only to satisfy dependency checks in the
;; 'check' phase. The "sudo" used at runtime should come from the
- ;; system's setuid-programs, so ensure no reference is kept.
+ ;; system's privileged-programs, so ensure no reference is kept.
#:disallowed-references (,sudo)
;; TODO: Build and install gtk and qt trays
#:phases
diff --git a/gnu/services.scm b/gnu/services.scm
index 5cb7f37c06..a96d42099f 100644
--- a/gnu/services.scm
+++ b/gnu/services.scm
@@ -46,7 +46,6 @@ (define-module (gnu services)
#:use-module (gnu packages bash)
#:use-module (gnu packages hurd)
#:use-module (gnu system privilege)
- #:use-module (gnu system setuid)
#:use-module (srfi srfi-1)
#:use-module (srfi srfi-9)
#:use-module (srfi srfi-9 gnu)
diff --git a/gnu/system.scm b/gnu/system.scm
index 39c10dddcb..572a0c19df 100644
--- a/gnu/system.scm
+++ b/gnu/system.scm
@@ -75,6 +75,7 @@ (define-module (gnu system)
#:use-module (gnu system locale)
#:use-module (gnu system pam)
#:use-module (gnu system linux-initrd)
+ #:use-module (gnu system privilege)
#:use-module (gnu system setuid)
#:use-module (gnu system uuid)
#:use-module (gnu system file-systems)
@@ -128,6 +129,7 @@ (define-module (gnu system)
operating-system-keyboard-layout
operating-system-name-service-switch
operating-system-pam-services
+ operating-system-privileged-programs
operating-system-setuid-programs
operating-system-skeletons
operating-system-sudoers-file
@@ -172,6 +174,7 @@ (define-module (gnu system)
local-host-aliases ;deprecated
%root-account
+ %default-privileged-programs
%setuid-programs
%sudoers-specification
%base-packages
@@ -295,7 +298,10 @@ (define-record-type* <operating-system> operating-system
(pam-services operating-system-pam-services ; list of PAM services
(default (base-pam-services)))
+ (privileged-programs operating-system-privileged-programs ; list of <privileged-program>
+ (default %default-privileged-programs))
(setuid-programs operating-system-setuid-programs
+ ;; For backwards compatibility; will be removed.
(default %setuid-programs)) ; list of <setuid-program>
(sudoers-file operating-system-sudoers-file ; file-like
@@ -784,7 +790,8 @@ (define (operating-system-default-essential-services os)
(service host-name-service-type host-name)
procs root-fs
(service privileged-program-service-type
- (operating-system-setuid-programs os))
+ (append (operating-system-privileged-programs os)
+ (operating-system-setuid-programs os)))
(service profile-service-type
(operating-system-packages os))
boot-fs non-boot-fs
@@ -825,7 +832,8 @@ (define (hurd-default-essential-services os)
(service hosts-service-type
(local-host-entries host-name)))
(service privileged-program-service-type
- (operating-system-setuid-programs os))
+ (append (operating-system-privileged-programs os)
+ (operating-system-setuid-programs os)))
(service profile-service-type (operating-system-packages os)))))
(define* (operating-system-services os)
@@ -1202,8 +1210,7 @@ (define (operating-system-environment-variables os)
;; when /etc/machine-id is missing. Make sure these warnings are non-fatal.
("DBUS_FATAL_WARNINGS" . "0")))
-(define %setuid-programs
- ;; Default set of setuid-root programs.
+(define %default-privileged-programs
(let ((shadow (@ (gnu packages admin) shadow)))
(map file-like->setuid-program
(list (file-append shadow "/bin/passwd")
@@ -1225,6 +1232,12 @@ (define %setuid-programs
(file-append util-linux "/bin/mount")
(file-append util-linux "/bin/umount")))))
+(define %setuid-programs
+ ;; Do not add to this list or use it in new code! It's defined only to ease
+ ;; transition to %default-privileged-programs and will be removed. Some rare
+ ;; use cases already break, such as the obvious (remove … %setuid-programs).
+ '())
+
(define %sudoers-specification
;; Default /etc/sudoers contents: 'root' and all members of the 'wheel'
;; group can do anything. See
--
2.41.0
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Vagrant Cascadian <vagrant@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 21 Jul 2023 18:55:01 +0000
Resent-Message-ID: <handler.61462.B61462.16899656559120 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Tobias Geerinckx-Rice <me@HIDDEN>, 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.16899656559120
(code B ref 61462); Fri, 21 Jul 2023 18:55:01 +0000
Received: (at 61462) by debbugs.gnu.org; 21 Jul 2023 18:54:15 +0000
Received: from localhost ([127.0.0.1]:34879 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qMvGZ-0002N2-57
for submit <at> debbugs.gnu.org; Fri, 21 Jul 2023 14:54:15 -0400
Received: from cascadia.aikidev.net ([2600:3c01:e000:267:0:a171:de7:c]:39104)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <vagrant@HIDDEN>) id 1qMvGV-0002Mm-Jr
for 61462 <at> debbugs.gnu.org; Fri, 21 Jul 2023 14:54:13 -0400
Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50])
(Authenticated sender: vagrant@HIDDEN)
by cascadia.aikidev.net (Postfix) with ESMTPSA id D69791AD10;
Fri, 21 Jul 2023 11:54:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org;
s=1.vagrant.user; t=1689965641;
bh=hgScSJvpMk5dphhTVwIjL5QF86XyPs3gxneyK4ooFwo=;
h=From:To:Subject:In-Reply-To:References:Date:From;
b=dmGVHxHNP5p1Z+xxN51GSg/dfgRnay39FbnVlv01Cp3nIhi1tygFWNNwY/KUCpOXg
5gf4Gmnd5MrwcWuSDmMJms4RRdGzJDIn0rAQ0EgkEzHmXBX6GsZQABOppsnTNZah1I
AqXUCoqk9/FkKUfRaBM93lmig9XVLs0oeXKqUsyYu0nzJrO2Lt1faAxm+h4EyMkpHw
/YOC02Jkqr+9aiQMkq2mGwpH+00tQgSaqodkXf4IrI/t/k+m7MwC5iZTtTO0eM5ea2
nCXgwBxM4hk264C5loEQtVTUBVZkRUjpvzW1fd+t+TnDUVyh9t2KRoAdquYR7YlXXS
lqUK+OS1FOGrg==
From: Vagrant Cascadian <vagrant@HIDDEN>
In-Reply-To: <129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
References: <87r0uuehlr.fsf@nckx>
<129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
Date: Fri, 21 Jul 2023 11:53:55 -0700
Message-ID: <87edl1yu2k.fsf@wireframe>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--=-=-=
Content-Type: text/plain
Thanks for the refreshed v2 patches! I gave them a quick spin...
As noted on IRC, apparently it lacks actual calls to setcap, so that
part still needs another patch at least!
Otherwise, it did seem to more-or-less work...
There are compatibility symlinks from /run/setuid-programs to
/run/privledged/bin and it sets setuid on requested files.
I was a little curious about why /run/privlidged/bin as opposed to
without /bin ... keeping the door open for other privlidged things? What
about things that come from /gnu/store/*/sbin ? are those handled any
differently?
My only concern is... wow is it hard, even for a native speaker, to
spell privileged!
live well,
vagrant
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZLrUQwAKCRDcUY/If5cW
qlsnAQDZyoaeGDW7NJoFImkuWScFNoiNCEyLFG8K4TAQ/2C+igD/e0sqYqh1Pu3v
ra5mSCfe0DqotjcGedqDhzqMMC3A0wY=
=EI+h
-----END PGP SIGNATURE-----
--=-=-=--
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Vagrant Cascadian <vagrant@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Fri, 21 Jul 2023 19:12:01 +0000
Resent-Message-ID: <handler.61462.B61462.168996671710752 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Tobias Geerinckx-Rice <me@HIDDEN>, 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.168996671710752
(code B ref 61462); Fri, 21 Jul 2023 19:12:01 +0000
Received: (at 61462) by debbugs.gnu.org; 21 Jul 2023 19:11:57 +0000
Received: from localhost ([127.0.0.1]:34894 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qMvXg-0002nM-LK
for submit <at> debbugs.gnu.org; Fri, 21 Jul 2023 15:11:56 -0400
Received: from cascadia.aikidev.net ([2600:3c01:e000:267:0:a171:de7:c]:60036)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <vagrant@HIDDEN>) id 1qMvXe-0002n7-3B
for 61462 <at> debbugs.gnu.org; Fri, 21 Jul 2023 15:11:56 -0400
Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50])
(Authenticated sender: vagrant@HIDDEN)
by cascadia.aikidev.net (Postfix) with ESMTPSA id D1A8B1AD10;
Fri, 21 Jul 2023 12:11:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org;
s=1.vagrant.user; t=1689966704;
bh=mKexdde9HXgpYsgBcz3Et9pX7Xl/LryS4ypYQ69zoOo=;
h=From:To:Subject:In-Reply-To:References:Date:From;
b=GxK9kJ2o+pohQVcssgSTf/5gaBw7XwebTblruX11rSgGETW0LFWpR/85jSpCZVI93
lewXQcdT3ZCuK70/CHF/Ha6hm614cVl12NZoCQJ6qPLBRGFadVd0Sftql2i2aGdHu9
odQUphPptufYgX6/30I8yBNBDGHB8qLzcbc55y3jP4EqzM3g3pNnswPfnlUKiYeb+F
chsKsL4agl8S4+3Nh+4ZEw1d5mfmCng/9RsMd300IuJbHPWQE/rpbCFkwns1sa7Oj8
KEMqmQ/r2fSflgpM6anD43CVHKPAwg02tYOlaI/5lqhABoYnqdwmoYn66GH5fdmjLX
ZCBRYZ7y8gXZg==
From: Vagrant Cascadian <vagrant@HIDDEN>
In-Reply-To: <87edl1yu2k.fsf@wireframe>
References: <87r0uuehlr.fsf@nckx>
<129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
<87edl1yu2k.fsf@wireframe>
Date: Fri, 21 Jul 2023 12:11:38 -0700
Message-ID: <87bkg5yt91.fsf@wireframe>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--=-=-=
Content-Type: text/plain
On 2023-07-21, Vagrant Cascadian wrote:
> Thanks for the refreshed v2 patches! I gave them a quick spin...
>
> As noted on IRC, apparently it lacks actual calls to setcap, so that
> part still needs another patch at least!
>
> Otherwise, it did seem to more-or-less work...
>
> There are compatibility symlinks from /run/setuid-programs to
> /run/privledged/bin and it sets setuid on requested files.
Oh, I noticed on reconfiguring back to a system without the patches to
support /run/privileged configurations ... the /run/privileged directory
is still present, with all those files sitting there in their previous
state.
This is why I think at least by default, many other distros implement
/run as a tmpfs or similar, so that it at least gets thrown out at
reboot. Though this is obviously a deeper problem than just this patch
series... I will file a separate bug about that.
live well,
vagrant
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZLrYagAKCRDcUY/If5cW
qogbAP0Qph2cvAfJgMIyFRqMVNJ2ki2sHXl4RCb9/0G/ynLvdAEA5mjp700C+Ktn
Y3nz5iatxdVAOFPAwHmyi9QDFScbRAk=
=GrhB
-----END PGP SIGNATURE-----
--=-=-=--
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 08 Aug 2023 15:41:02 +0000
Resent-Message-ID: <handler.61462.B61462.16915092285551 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Vagrant Cascadian <vagrant@HIDDEN>
Cc: Tobias Geerinckx-Rice <me@HIDDEN>, 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.16915092285551
(code B ref 61462); Tue, 08 Aug 2023 15:41:02 +0000
Received: (at 61462) by debbugs.gnu.org; 8 Aug 2023 15:40:28 +0000
Received: from localhost ([127.0.0.1]:37570 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qTOou-0001RT-6Y
for submit <at> debbugs.gnu.org; Tue, 08 Aug 2023 11:40:28 -0400
Received: from eggs.gnu.org ([2001:470:142:3::10]:60446)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1qTOot-0001RD-2S
for 61462 <at> debbugs.gnu.org; Tue, 08 Aug 2023 11:40:27 -0400
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1qTOom-0008MM-WD; Tue, 08 Aug 2023 11:40:21 -0400
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:In-Reply-To:Date:References:Subject:To:
From; bh=jPsveMarcsPmF3kSRujJw75FFLoQLD42od7NIs+haMQ=; b=et5n6bG4GCiZ7ZO6QciK
xvsm3dJPtlLFiNbvsYKrf3Olo7An2rXyHwknKdW1+qr9/rVA+binoBMQ51cTXHohz+ofyWPzxqJL+
rvipIlUT+5AkgUtmrT4xqtP5xpRdzCczNhVZLXbpEidm/hFf0kuEW89P7W4BHOk2rFPQ/ObpcHGJM
wceIqCqRSBLAHlSUxMtsaQcMizffWwuQuNOGawdlF4KXrsooRLUwxiAfd2tmVMPmuABp+ETrVzy8F
xfp09YKbpZjmiDEkf7zKWIv/YRQijTmFVHp40CftDDuf+LHof4aso44mdsiyMaxT9qXV6WHD0xrEC
nEattqBMAe9M6A==;
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
References: <87r0uuehlr.fsf@nckx>
<129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
<87edl1yu2k.fsf@wireframe> <87bkg5yt91.fsf@wireframe>
Date: Tue, 08 Aug 2023 17:40:18 +0200
In-Reply-To: <87bkg5yt91.fsf@wireframe> (Vagrant Cascadian's message of "Fri,
21 Jul 2023 12:11:38 -0700")
Message-ID: <87r0odpmot.fsf_-_@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hey!
Vagrant Cascadian <vagrant@HIDDEN> skribis:
> Oh, I noticed on reconfiguring back to a system without the patches to
> support /run/privileged configurations ... the /run/privileged directory
> is still present, with all those files sitting there in their previous
> state.
>
> This is why I think at least by default, many other distros implement
> /run as a tmpfs or similar, so that it at least gets thrown out at
> reboot. Though this is obviously a deeper problem than just this patch
> series... I will file a separate bug about that.
We could try to make that change: /run as tmpfs, or wiped by
=E2=80=98cleanup-service-type=E2=80=99.
Ludo=E2=80=99.
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] /run should be cleaned on boot
Resent-From: Vagrant Cascadian <vagrant@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 29 Aug 2023 20:30:01 +0000
Resent-Message-ID: <handler.61462.B61462.169334097517454 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Cc: 64775 <at> debbugs.gnu.org, 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.169334097517454
(code B ref 61462); Tue, 29 Aug 2023 20:30:01 +0000
Received: (at 61462) by debbugs.gnu.org; 29 Aug 2023 20:29:35 +0000
Received: from localhost ([127.0.0.1]:51670 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qb5LC-0004XQ-W6
for submit <at> debbugs.gnu.org; Tue, 29 Aug 2023 16:29:35 -0400
Received: from cascadia.aikidev.net ([173.255.214.101]:43662)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <vagrant@HIDDEN>)
id 1qb5L9-0004X9-LA; Tue, 29 Aug 2023 16:29:32 -0400
Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:50])
(Authenticated sender: vagrant@HIDDEN)
by cascadia.aikidev.net (Postfix) with ESMTPSA id 98C5F1ADEE;
Tue, 29 Aug 2023 13:29:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org;
s=1.vagrant.user; t=1693340958;
bh=IaTMOVi3sS/sWyJQIM9r1hfF27rWHynI4VBaSmzRKZc=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
b=VSjq3/iHO6s2T1YuB3EOXBzI/gywA6zviXhH8di0RzG96MrJFFTfi4IhRyPgo69qu
hRNDnx6WOYM/4H/7XJMm9lSDXdbGzVWpmBKLYiN/MfUElTdeQQqw/xPnNJWBf2ThJo
6S9DchOrLKgPMfhUQn+MYpsw/dYWkLpBKb3eU/w5WzjYv2l6BvZlSJOWzQyYlj4c89
Sl+rXtWFxGyAFvp26/o9rT02TrN7/v9yTFmA4Db55yb8CtUYmkTzGOlJo0jOkUSeT6
EEXv/N1+SMxd3cnp4LCUB45ism/r4r0X5OJxpQbRyPNYmVtITsZzWTIc+5ZiSO6abb
pEOaESgo8ZsIQ==
From: Vagrant Cascadian <vagrant@HIDDEN>
In-Reply-To: <87r0odpmot.fsf_-_@HIDDEN>
References: <87r0uuehlr.fsf@nckx>
<129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
<87edl1yu2k.fsf@wireframe> <87bkg5yt91.fsf@wireframe>
<87r0odpmot.fsf_-_@HIDDEN>
Date: Tue, 29 Aug 2023 13:29:14 -0700
Message-ID: <87o7ipvbhh.fsf@wireframe>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--=-=-=
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
On 2023-08-08, Ludovic Court=C3=A8s wrote:
> Vagrant Cascadian <vagrant@HIDDEN> skribis:
>> Oh, I noticed on reconfiguring back to a system without the patches to
>> support /run/privileged configurations ... the /run/privileged directory
>> is still present, with all those files sitting there in their previous
>> state.
>>
>> This is why I think at least by default, many other distros implement
>> /run as a tmpfs or similar, so that it at least gets thrown out at
>> reboot. Though this is obviously a deeper problem than just this patch
>> series... I will file a separate bug about that.
>
> We could try to make that change: /run as tmpfs, or wiped by
> =E2=80=98cleanup-service-type=E2=80=99.
Or both, really!
Filed:
https://issues.guix.gnu.org/64775
live well,
vagrant
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZO5VGgAKCRDcUY/If5cW
qscTAP46tqkiBHdLjKXzI/n7Wg8wMKgBEhcxQtxMKNw7eoCpkAD+IqMp4nRebmnS
XOMfX+y15RPUb2AQl3ZgzB7GbtJI/w8=
=/Tnj
-----END PGP SIGNATURE-----
--=-=-=--
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] bug#64775: /run should be cleaned on boot
Resent-From: brian <bjc@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Tue, 29 Aug 2023 21:23:01 +0000
Resent-Message-ID: <handler.61462.B61462.1693344162463 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Vagrant Cascadian <vagrant@HIDDEN>
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, 64775 <at> debbugs.gnu.org, 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.1693344162463
(code B ref 61462); Tue, 29 Aug 2023 21:23:01 +0000
Received: (at 61462) by debbugs.gnu.org; 29 Aug 2023 21:22:42 +0000
Received: from localhost ([127.0.0.1]:51734 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1qb6Ac-00007N-7b
for submit <at> debbugs.gnu.org; Tue, 29 Aug 2023 17:22:42 -0400
Received: from coleridge.kublai.com ([166.84.7.167]:64288 helo=mail.spork.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <bjc@HIDDEN>)
id 1qb6AY-000079-Ba; Tue, 29 Aug 2023 17:22:41 -0400
Received: from ditto (ool-18b8e9e7.dyn.optonline.net [24.184.233.231])
by mail.spork.org (Postfix) with ESMTPSA id 6C630245F;
Tue, 29 Aug 2023 17:21:47 -0400 (EDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=spork.org; s=dkim;
t=1693344119; bh=O1+Mw/u32GNbApwJuUdyiLIdLWq9UsSCAbMVcMXfee0=;
h=From:To:Cc:Subject:In-Reply-To:References:Date;
b=PbXeoK4bLG0EZZXb/FVKT9f/kSNSGSY5ct/o5rOeIKGYZy+LZm1ipZ7PBb1WpB9fB
9TY7iktH1AR+1q/A1IC/L0410tYM4eB4YgQ9gV1pWnvFl5ORs/WYXd/vmT+XlQ83gr
hnV3vxS8ufz2sQAWgIPqf/z7YjFzZrYFJiYOdkE4=
From: brian <bjc@HIDDEN>
In-Reply-To: <87o7ipvbhh.fsf__48662.4622646318$1693341314$gmane$org@wireframe>
(Vagrant Cascadian's message of "Tue, 29 Aug 2023 13:29:14 -0700")
References: <87r0uuehlr.fsf@nckx>
<129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
<87edl1yu2k.fsf@wireframe> <87bkg5yt91.fsf@wireframe>
<87r0odpmot.fsf_-_@HIDDEN>
<87o7ipvbhh.fsf__48662.4622646318$1693341314$gmane$org@wireframe>
Date: Tue, 29 Aug 2023 17:21:47 -0400
Message-ID: <87ttshilxw.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: 0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
Vagrant Cascadian <vagrant@HIDDEN> writes:
> On 2023-08-08, Ludovic Court=C3=A8s wrote:
>> We could try to make that change: /run as tmpfs, or wiped by
>> =E2=80=98cleanup-service-type=E2=80=99.
>
> Or both, really!
>
> Filed:
>
> https://issues.guix.gnu.org/64775
I tried this a while ago, and the trivial case of mounting /run as tmpfs
in the operating-system definition causes errors during activation. It
turns out that the /run/current-system symlink is activated before all
non-root mounts, so mounting /run afterwards causes everything to break.
I don't have a solution, and haven't even looked at it past this, but
maybe this report will help.
-bjc
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Vagrant Cascadian <vagrant@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Wed, 15 Nov 2023 21:38:02 +0000
Resent-Message-ID: <handler.61462.B61462.170008426319878 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Tobias Geerinckx-Rice <me@HIDDEN>, 61462 <at> debbugs.gnu.org
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.170008426319878
(code B ref 61462); Wed, 15 Nov 2023 21:38:02 +0000
Received: (at 61462) by debbugs.gnu.org; 15 Nov 2023 21:37:43 +0000
Received: from localhost ([127.0.0.1]:54010 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1r3NZu-0005AY-Ko
for submit <at> debbugs.gnu.org; Wed, 15 Nov 2023 16:37:42 -0500
Received: from cascadia.aikidev.net ([173.255.214.101]:37120)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <vagrant@HIDDEN>) id 1r3NZp-0005AJ-S6
for 61462 <at> debbugs.gnu.org; Wed, 15 Nov 2023 16:37:41 -0500
Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:20])
(Authenticated sender: vagrant@HIDDEN)
by cascadia.aikidev.net (Postfix) with ESMTPSA id 7AC6E1AA73;
Wed, 15 Nov 2023 13:37:28 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org;
s=1.vagrant.user; t=1700084249;
bh=hqRTU4izUAgnqa1H1UjQXX6iRqKGMx3lV1ON85hsmi8=;
h=From:To:Subject:In-Reply-To:References:Date:From;
b=JzSknm9/2ZdMl8P8Ho0FFdgzIHuVHuYgDDJzbVXik2NhTG0hBDzFgCDX/Tt1jsGec
JzPeDwnRcpVcDtgRExwhtHGJxWQhd1rP3PFA58uyouTscVPYjOUF5P/JbTS6jcZODb
u6ZjGyzEwrfFUaO4iyaAyY0724GsOBL4J5sMHVmkII6G2kdj2Lq7RvQslcE1pDATb1
GQTk7+55sli9se2NWdSLtXyc+z5U94f3K1llMEjRSuycxO/FX237J3AZECIejpW4wl
LMOktQkmFay4G+EXaIk5thjuU5YVP7P7fLyzWoLUbUWIL5WYG5PySa0b5UFANXIpmj
F+X4pDzJ+cNNw==
From: Vagrant Cascadian <vagrant@HIDDEN>
In-Reply-To: <87edl1yu2k.fsf@wireframe>
References: <87r0uuehlr.fsf@nckx>
<129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
<87edl1yu2k.fsf@wireframe>
Date: Wed, 15 Nov 2023 13:37:22 -0800
Message-ID: <87wmuig0kt.fsf@contorta>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--=-=-=
Content-Type: text/plain
On 2023-07-21, Vagrant Cascadian wrote:
> Thanks for the refreshed v2 patches! I gave them a quick spin...
>
> As noted on IRC, apparently it lacks actual calls to setcap, so that
> part still needs another patch at least!
>
> Otherwise, it did seem to more-or-less work...
I did eventually get some updated patches that even followed through on
the promise of calling out to setcap, and from what I recall they even
worked! I liked them a lot.
> There are compatibility symlinks from /run/setuid-programs to
> /run/privledged/bin and it sets setuid on requested files.
>
> I was a little curious about why /run/privlidged/bin as opposed to
> without /bin ... keeping the door open for other privlidged things? What
> about things that come from /gnu/store/*/sbin ? are those handled any
> differently?
Working patches aside, that is my only outstanding question, and I would
hate to see that be a blocker. :)
In short, "ping" :)
live well,
vagrant
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZVU6EwAKCRDcUY/If5cW
qmuKAP9QnOZuemSxq2g6z59llOMBrAJhDYYD7iuASRLHLVixDgEAknTNn+ahYZ+K
lepFYUGiG/xIVizSEm76pdOKxjT4xwo=
=ejch
-----END PGP SIGNATURE-----
--=-=-=--
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Vagrant Cascadian <vagrant@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Sun, 24 Dec 2023 00:35:02 +0000
Resent-Message-ID: <handler.61462.B61462.170337810126387 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Tobias Geerinckx-Rice <me@HIDDEN>, 61462 <at> debbugs.gnu.org
Cc: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>, brian <bjc@HIDDEN>
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.170337810126387
(code B ref 61462); Sun, 24 Dec 2023 00:35:02 +0000
Received: (at 61462) by debbugs.gnu.org; 24 Dec 2023 00:35:01 +0000
Received: from localhost ([127.0.0.1]:51499 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rHCSL-0006rR-5v
for submit <at> debbugs.gnu.org; Sat, 23 Dec 2023 19:35:01 -0500
Received: from cascadia.aikidev.net ([173.255.214.101]:53396)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <vagrant@HIDDEN>) id 1rHCSI-0006rD-KI
for 61462 <at> debbugs.gnu.org; Sat, 23 Dec 2023 19:34:59 -0500
Received: from localhost (unknown [IPv6:2600:3c01:e000:21:7:77:0:20])
(Authenticated sender: vagrant@HIDDEN)
by cascadia.aikidev.net (Postfix) with ESMTPSA id 098231ADE7;
Sat, 23 Dec 2023 16:34:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=debian.org;
s=1.vagrant.user; t=1703378084;
bh=vkxhk+AOE3sKATAPKepluFVES9O/zQumCZUVTWbBqsY=;
h=From:To:Cc:Subject:In-Reply-To:References:Date:From;
b=d/InvRnChQMGWMh2W87EsaD0JhvR/laoadPo438zCToBHrKtICbBjk2ISihMGL3jh
TJFnA88eOoGb9QR7JHUU+m5yLcfIYLFhZ0CkHNhBfRWfU3m0qR52nxD2vlGoI8irdi
P4cqgm7LcHuc36RvpQQcZUwujhbhf25HMSjxDLe8srWpvOmsRzMHsHI8/K04rTzEfx
bG8LJkeX1+Nob85fw2MWFpYQFkFg5YLcvdzDnyogAB6HJA7fw/dUHLq+QeP4f1NU9k
UuuAAcOezY36e/pH2bm1W7HQb2hLOJTyjNuLTiVdY6NMecAcS86lFpOvWPtkstzl3j
h9OSMjpu+Iguw==
From: Vagrant Cascadian <vagrant@HIDDEN>
In-Reply-To: <87wmuig0kt.fsf@contorta>
References: <87r0uuehlr.fsf@nckx>
<129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
<87edl1yu2k.fsf@wireframe> <87wmuig0kt.fsf@contorta>
Date: Sat, 23 Dec 2023 16:34:11 -0800
Message-ID: <87r0jc1lrw.fsf@contorta>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Spam-Score: -0.0 (/)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -1.0 (-)
--=-=-=
Content-Type: text/plain
On 2023-11-15, Vagrant Cascadian wrote:
> On 2023-07-21, Vagrant Cascadian wrote:
>> Thanks for the refreshed v2 patches! I gave them a quick spin...
>>
>> As noted on IRC, apparently it lacks actual calls to setcap, so that
>> part still needs another patch at least!
>>
>> Otherwise, it did seem to more-or-less work...
>
> I did eventually get some updated patches that even followed through on
> the promise of calling out to setcap, and from what I recall they even
> worked! I liked them a lot.
>
>
>> There are compatibility symlinks from /run/setuid-programs to
>> /run/privledged/bin and it sets setuid on requested files.
>>
>> I was a little curious about why /run/privlidged/bin as opposed to
>> without /bin ... keeping the door open for other privlidged things? What
>> about things that come from /gnu/store/*/sbin ? are those handled any
>> differently?
>
> Working patches aside, that is my only outstanding question, and I would
> hate to see that be a blocker. :)
I just noticed I pushed a branch with the working patches to a public
branch last month:
https://salsa.debian.org/debian/guix/-/tree/capabilities-61462-20231115?ref_type=heads
They are even still cherry-pickable from current master! Yay!
These patches were started over a year ago(well, probably before that,
even), and had a working implementation about 6 months ago...
My guess is the main blocker is nervousness about renaming
setuid-programs to privilidged-programs (I know I am a bit nervous to do
so!)?
This would make it possible to properly fix several bugs:
https://issues.guix.gnu.org/27415
https://issues.guix.gnu.org/39136
https://issues.guix.gnu.org/39136
https://issues.guix.gnu.org/55683
And have been mentioned indirectly in several others over the years:
https://issues.guix.gnu.org/search?query=setcap
live well,
vagrant
--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"
-----BEGIN PGP SIGNATURE-----
iHUEARYKAB0WIQRlgHNhO/zFx+LkXUXcUY/If5cWqgUCZYd8hAAKCRDcUY/If5cW
qpp4AQCGyHDlzR+EjZ8HYzKsJifT4+vX5j4AfhNOEumw7EZLygEA7oHPm2FVjaSZ
dWECJ4Q9orjw4tSM8NR5mcjlqMynkQ8=
=2Icg
-----END PGP SIGNATURE-----
--=-=-=--
X-Loop: help-debbugs@HIDDEN
Subject: [bug#61462] Add support for file capabilities(7)
Resent-From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
Resent-CC: guix-patches@HIDDEN
Resent-Date: Mon, 08 Jan 2024 16:47:02 +0000
Resent-Message-ID: <handler.61462.B61462.170473237713954 <at> debbugs.gnu.org>
Resent-Sender: help-debbugs@HIDDEN
X-GNU-PR-Message: followup 61462
X-GNU-PR-Package: guix-patches
X-GNU-PR-Keywords: patch
To: Vagrant Cascadian <vagrant@HIDDEN>
Cc: Tobias Geerinckx-Rice <me@HIDDEN>, 61462 <at> debbugs.gnu.org, brian <bjc@HIDDEN>
Received: via spool by 61462-submit <at> debbugs.gnu.org id=B61462.170473237713954
(code B ref 61462); Mon, 08 Jan 2024 16:47:02 +0000
Received: (at 61462) by debbugs.gnu.org; 8 Jan 2024 16:46:17 +0000
Received: from localhost ([127.0.0.1]:37387 helo=debbugs.gnu.org)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <debbugs-submit-bounces <at> debbugs.gnu.org>)
id 1rMslV-0003cP-7q
for submit <at> debbugs.gnu.org; Mon, 08 Jan 2024 11:46:17 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:47368)
by debbugs.gnu.org with esmtp (Exim 4.84_2)
(envelope-from <ludo@HIDDEN>) id 1rMslS-0003TD-Uj
for 61462 <at> debbugs.gnu.org; Mon, 08 Jan 2024 11:46:16 -0500
Received: from fencepost.gnu.org ([2001:470:142:3::e])
by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
(Exim 4.90_1) (envelope-from <ludo@HIDDEN>)
id 1rMslF-0007s6-GT; Mon, 08 Jan 2024 11:46:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnu.org;
s=fencepost-gnu-org; h=MIME-Version:Date:References:In-Reply-To:Subject:To:
From; bh=HxZJCIF7AAO8wA8QGBmsZ9CqNx6RZxlwyns0bEEaBf4=; b=Dg28IJjUzjv/Vhdr5cvt
L1NaQHGf+Lob7t4z9DTCLIYh7g0opeKw5XBXmUXqWnNGgF7yqNHNQO3bbGjArrqsjOdSNPA7yERXG
td+Zm8KY8R30TF3IwnwiH5lkEH4QgInFNm5jI2hRvzRNonKH+5yD7yvoT/b0z1D+ipDQwK94xWUQq
R3spCVhgcTQyZUGCeAsVIlVeAEq7xQpusVj4cEE6GAZsjO2u1JCgr9aVb0IjlaeFS7hfsS2Qn6DEq
nTwV9YwmjN1Xn6fLHSUVuHHyBmb/g9b36kmo7D/LujhOrXofdBKx0mGlAINZWrHu4WCkyZXg8xnl3
uMYQzzH6tybJeg==;
From: Ludovic =?UTF-8?Q?Court=C3=A8s?= <ludo@HIDDEN>
In-Reply-To: <87r0jc1lrw.fsf@contorta> (Vagrant Cascadian's message of "Sat,
23 Dec 2023 16:34:11 -0800")
References: <87r0uuehlr.fsf@nckx>
<129e8d298556f6a159fcb704ed3df4bf0709ddd3.1689465600.git.me@HIDDEN>
<87edl1yu2k.fsf@wireframe> <87wmuig0kt.fsf@contorta>
<87r0jc1lrw.fsf@contorta>
X-URL: http://www.fdn.fr/~lcourtes/
X-Revolutionary-Date: Nonidi 19 =?UTF-8?Q?Niv=C3=B4se?= an 232 de la
=?UTF-8?Q?R=C3=A9volution,?= jour du Marbre
X-PGP-Key-ID: 0x090B11993D9AEBB5
X-PGP-Key: http://www.fdn.fr/~lcourtes/ludovic.asc
X-PGP-Fingerprint: 3CE4 6455 8A84 FDC6 9DB4 0CFB 090B 1199 3D9A EBB5
X-OS: x86_64-pc-linux-gnu
Date: Mon, 08 Jan 2024 17:45:57 +0100
Message-ID: <87o7dv4vui.fsf@HIDDEN>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Spam-Score: -2.3 (--)
X-BeenThere: debbugs-submit <at> debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
List-Id: <debbugs-submit.debbugs.gnu.org>
List-Unsubscribe: <https://debbugs.gnu.org/cgi-bin/mailman/options/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=unsubscribe>
List-Archive: <https://debbugs.gnu.org/cgi-bin/mailman/private/debbugs-submit/>
List-Post: <mailto:debbugs-submit <at> debbugs.gnu.org>
List-Help: <mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=help>
List-Subscribe: <https://debbugs.gnu.org/cgi-bin/mailman/listinfo/debbugs-submit>,
<mailto:debbugs-submit-request <at> debbugs.gnu.org?subject=subscribe>
Errors-To: debbugs-submit-bounces <at> debbugs.gnu.org
Sender: "Debbugs-submit" <debbugs-submit-bounces <at> debbugs.gnu.org>
X-Spam-Score: -3.3 (---)
Hello!
Vagrant Cascadian <vagrant@HIDDEN> skribis:
> I just noticed I pushed a branch with the working patches to a public
> branch last month:
>
> https://salsa.debian.org/debian/guix/-/tree/capabilities-61462-20231115=
?ref_type=3Dheads
>
> They are even still cherry-pickable from current master! Yay!
Wo0t!
> These patches were started over a year ago(well, probably before that,
> even), and had a working implementation about 6 months ago...
>
> My guess is the main blocker is nervousness about renaming
> setuid-programs to privilidged-programs (I know I am a bit nervous to do
> so!)?
It shouldn=E2=80=99t be an issue as /run/setuid-programs is populated with
symlinks for backward compatibility.
AIUI, we can still use good=E2=80=99ol setuid programs on the Hurd until a
better solution is found, so we should be fine (meaning
=E2=80=9Cmake check-system TESTS=3Dchildhurd=E2=80=9D should pass).
We could emit a deprecation warning when someone uses the
=E2=80=98setuid-programs=E2=80=99 field of <operating-system>. Not a block=
er though.
Tobias, ready to push? :-)
Cheers,
Ludo=E2=80=99.
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997 nCipher Corporation Ltd,
1994-97 Ian Jackson.