guix-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH] gnu: aegis: New variable.

From: John Darrington
Subject: Re: [PATCH] gnu: aegis: New variable.
Date: Fri, 18 Jul 2014 06:35:36 +0200
User-agent: Mutt/1.5.21 (2010-09-15) 
On Fri, Jul 18, 2014 at 01:15:42AM +0200, Ludovic Court??s wrote:
     John Darrington <address@hidden> skribis:
     
     > On Thu, Jul 17, 2014 at 05:00:40PM +0200, Ludovic Court??s wrote:
     >      
     >      The package itself cannot install things setuid (nothing can be 
setuid
     >      in the store), but there can be setuid programs in the system (see
     >      gnu/system.scm.)
     >      
     > I'm not sure that I understand that.  Maybe you can enlighten me 
sometime.o
     >
     > Should I add /bin/aegis here: ?
     >
     > (define %setuid-programs
     
     The package manager itself doesn???t help at all with setuid binaries.  It
     just doesn???t handle them.
     
     However, the OS does support it, via the ???setuid-programs??? field of
     ???operating-system??? declaration.  So, if the system administrator of a
     machine decides that it???s a good idea to have ???aegis??? setuid-root, 
then
     they add it to the ???setuid-programs??? field.
     
     The ???%setuid-programs??? variable you mention is just for *default* 
setuid
     programs.  We don???t want to add to many of them here, because that
     amounts to making installation of those packages compulsory.

I see (I think).  Could we at least arrange for a message to be emitted on 
package --install suggesting that the package be added to setuid-programs?
Aegis is useless without setuid-root.
     
J'

-- 
PGP Public key ID: 1024D/2DE827B3 
fingerprint = 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.

Attachment: signature.asc
Description: Digital signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]