From 1394a0c0a28f712344032ddea3f900a49cf9cfe0 Mon Sep 17 00:00:00 2001 From: Robin Gloster Date: Thu, 23 Mar 2017 13:32:10 +0100 Subject: [PATCH] security-wrapper: link old wrapper dir to new one This makes setuid wrappers not fail after upgrading. references #23641, #22914, #19862, #16654 (cherry picked from commit e82baf043e25abbb354c7ab4415a40a4155df398) --- nixos/modules/security/wrappers/default.nix | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/nixos/modules/security/wrappers/default.nix b/nixos/modules/security/wrappers/default.nix index 65d875c3a3757..c051b7d49e3fa 100644 --- a/nixos/modules/security/wrappers/default.nix +++ b/nixos/modules/security/wrappers/default.nix @@ -179,21 +179,31 @@ in # Remove the old /var/setuid-wrappers path from the system... # - # TODO: this is only necessary for ugprades 16.09 => 17.x; + # TODO: this is only necessary for upgrades 16.09 => 17.x; # this conditional removal block needs to be removed after # the release. if [ -d /var/setuid-wrappers ]; then rm -rf /var/setuid-wrappers + ln -s /run/wrappers/bin /var/setuid-wrappers fi # Remove the old /run/setuid-wrappers-dir path from the # system as well... # - # TODO: this is only necessary for ugprades 16.09 => 17.x; + # TODO: this is only necessary for upgrades 16.09 => 17.x; # this conditional removal block needs to be removed after # the release. if [ -d /run/setuid-wrapper-dirs ]; then rm -rf /run/setuid-wrapper-dirs + ln -s /run/wrappers/bin /run/setuid-wrapper-dirs + fi + + # TODO: this is only necessary for upgrades 16.09 => 17.x; + # this conditional removal block needs to be removed after + # the release. + if readlink -f /run/booted-system | grep nixos-17 > /dev/null; then + rm -rf /run/setuid-wrapper-dirs + rm -rf /var/setuid-wrappers fi # We want to place the tmpdirs for the wrappers to the parent dir.