From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Re: [PATCH] gnu: aegis: New variable.
Date: Fri, 18 Jul 2014 01:15:42 +0200
Message-ID: <874myfd1b5.fsf@gnu.org>
References: <1405518437-24315-1-git-send-email-jmd@gnu.org>
	<87r41kdo87.fsf@gnu.org> <20140717160528.GB3678@intra>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:54880)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1X7uu8-0005K8-La
	for guix-devel@gnu.org; Thu, 17 Jul 2014 19:16:06 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1X7uts-00020l-Mz
	for guix-devel@gnu.org; Thu, 17 Jul 2014 19:16:00 -0400
In-Reply-To: <20140717160528.GB3678@intra> (John Darrington's message of "Thu,
	17 Jul 2014 18:05:28 +0200")
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: John Darrington <john@darrington.wattle.id.au>
Cc: guix-devel@gnu.org, John Darrington <jmd@gnu.org>

John Darrington <john@darrington.wattle.id.au> skribis:

> On Thu, Jul 17, 2014 at 05:00:40PM +0200, Ludovic Court=C3=A8s wrote:
>=20=20=20=20=20=20
>      The package itself cannot install things setuid (nothing can be setu=
id
>      in the store), but there can be setuid programs in the system (see
>      gnu/system.scm.)
>=20=20=20=20=20=20
> I'm not sure that I understand that.  Maybe you can enlighten me sometime=
.o
>
> Should I add /bin/aegis here: ?
>
> (define %setuid-programs

No.

The package manager itself doesn=E2=80=99t help at all with setuid binaries=
.  It
just doesn=E2=80=99t handle them.

However, the OS does support it, via the =E2=80=98setuid-programs=E2=80=99 =
field of
=E2=80=98operating-system=E2=80=99 declaration.  So, if the system administ=
rator of a
machine decides that it=E2=80=99s a good idea to have =E2=80=98aegis=E2=80=
=99 setuid-root, then
they add it to the =E2=80=98setuid-programs=E2=80=99 field.

The =E2=80=98%setuid-programs=E2=80=99 variable you mention is just for *de=
fault* setuid
programs.  We don=E2=80=99t want to add to many of them here, because that
amounts to making installation of those packages compulsory.

HTH,
Ludo=E2=80=99.