From mboxrd@z Thu Jan 1 00:00:00 1970 From: John Darrington Subject: Re: [PATCH] gnu: aegis: New variable. Date: Fri, 18 Jul 2014 06:35:36 +0200 Message-ID: <20140718043536.GA25423@jocasta.intra> References: <1405518437-24315-1-git-send-email-jmd@gnu.org> <87r41kdo87.fsf@gnu.org> <20140717160528.GB3678@intra> <874myfd1b5.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="k1lZvvs/B4yU6o8G" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:37985) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1X7ztd-0005rn-8a for guix-devel@gnu.org; Fri, 18 Jul 2014 00:35:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1X7ztZ-0008NQ-1W for guix-devel@gnu.org; Fri, 18 Jul 2014 00:35:49 -0400 Content-Disposition: inline In-Reply-To: <874myfd1b5.fsf@gnu.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Ludovic Court??s Cc: guix-devel@gnu.org --k1lZvvs/B4yU6o8G Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jul 18, 2014 at 01:15:42AM +0200, Ludovic Court??s wrote: John Darrington skribis: =20 > On Thu, Jul 17, 2014 at 05:00:40PM +0200, Ludovic Court??s wrote: > =20 > The package itself cannot install things setuid (nothing can be= setuid > in the store), but there can be setuid programs in the system (= see > gnu/system.scm.) > =20 > I'm not sure that I understand that. Maybe you can enlighten me som= etime.o > > Should I add /bin/aegis here: ? > > (define %setuid-programs =20 The package manager itself doesn???t help at all with setuid binaries.= It just doesn???t handle them. =20 However, the OS does support it, via the ???setuid-programs??? field of ???operating-system??? declaration. So, if the system administrator o= f a machine decides that it???s a good idea to have ???aegis??? setuid-roo= t, then they add it to the ???setuid-programs??? field. =20 The ???%setuid-programs??? variable you mention is just for *default* = setuid programs. We don???t want to add to many of them here, because that amounts to making installation of those packages compulsory. I see (I think). Could we at least arrange for a message to be emitted on= =20 package --install suggesting that the package be added to setuid-programs? Aegis is useless without setuid-root. =20 J' --=20 PGP Public key ID: 1024D/2DE827B3=20 fingerprint =3D 8797 A26D 0854 2EAB 0285 A290 8A67 719C 2DE8 27B3 See http://sks-keyservers.net or any PGP keyserver for public key. --k1lZvvs/B4yU6o8G Content-Type: application/pgp-signature; name="signature.asc" Content-Description: Digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlPIpBgACgkQimdxnC3oJ7NHwACbBrBKAmabMyta2qInvPyaaSqw SBAAn0JhhTjMqsBEw0HC2nvX+XhTBVVg =pOLi -----END PGP SIGNATURE----- --k1lZvvs/B4yU6o8G--