From mboxrd@z Thu Jan  1 00:00:00 1970
From: John Darrington <john@darrington.wattle.id.au>
Subject: Re: [PATCH] gnu: aegis: New variable.
Date: Fri, 18 Jul 2014 06:35:36 +0200
Message-ID: <20140718043536.GA25423@jocasta.intra>
References: <1405518437-24315-1-git-send-email-jmd@gnu.org>
	<87r41kdo87.fsf@gnu.org> <20140717160528.GB3678@intra>
	<874myfd1b5.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="k1lZvvs/B4yU6o8G"
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:37985)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <john@darrington.wattle.id.au>) id 1X7ztd-0005rn-8a
	for guix-devel@gnu.org; Fri, 18 Jul 2014 00:35:53 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <john@darrington.wattle.id.au>) id 1X7ztZ-0008NQ-1W
	for guix-devel@gnu.org; Fri, 18 Jul 2014 00:35:49 -0400
Content-Disposition: inline
In-Reply-To: <874myfd1b5.fsf@gnu.org>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: Ludovic Court??s <ludo@gnu.org>
Cc: guix-devel@gnu.org


--k1lZvvs/B4yU6o8G
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jul 18, 2014 at 01:15:42AM +0200, Ludovic Court??s wrote:
     John Darrington <john@darrington.wattle.id.au> skribis:
    =20
     > On Thu, Jul 17, 2014 at 05:00:40PM +0200, Ludovic Court??s wrote:
     >     =20
     >      The package itself cannot install things setuid (nothing can be=
 setuid
     >      in the store), but there can be setuid programs in the system (=
see
     >      gnu/system.scm.)
     >     =20
     > I'm not sure that I understand that.  Maybe you can enlighten me som=
etime.o
     >
     > Should I add /bin/aegis here: ?
     >
     > (define %setuid-programs
    =20
     The package manager itself doesn???t help at all with setuid binaries.=
  It
     just doesn???t handle them.
    =20
     However, the OS does support it, via the ???setuid-programs??? field of
     ???operating-system??? declaration.  So, if the system administrator o=
f a
     machine decides that it???s a good idea to have ???aegis??? setuid-roo=
t, then
     they add it to the ???setuid-programs??? field.
    =20
     The ???%setuid-programs??? variable you mention is just for *default* =
setuid
     programs.  We don???t want to add to many of them here, because that
     amounts to making installation of those packages compulsory.

I see (I think).  Could we at least arrange for a message to be emitted on=
=20
package --install suggesting that the package be added to setuid-programs?
Aegis is useless without setuid-root.
    =20
J'

--=20
PGP Public key ID: 1024D/2DE827B3=20
fingerprint =3D 8797 A26D 0854 2EAB 0285  A290 8A67 719C 2DE8 27B3
See http://sks-keyservers.net or any PGP keyserver for public key.


--k1lZvvs/B4yU6o8G
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAlPIpBgACgkQimdxnC3oJ7NHwACbBrBKAmabMyta2qInvPyaaSqw
SBAAn0JhhTjMqsBEw0HC2nvX+XhTBVVg
=pOLi
-----END PGP SIGNATURE-----

--k1lZvvs/B4yU6o8G--