From mboxrd@z Thu Jan  1 00:00:00 1970
From: ludo@gnu.org (Ludovic =?utf-8?Q?Court=C3=A8s?=)
Subject: Support for setuid binaries
Date: Wed, 30 Apr 2014 23:20:33 +0200
Message-ID: <87a9b25xb2.fsf@gnu.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:57090)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1Wfbvq-0005A3-4H
	for guix-devel@gnu.org; Wed, 30 Apr 2014 17:20:55 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <ludo@gnu.org>) id 1Wfbvg-0005F7-Ls
	for guix-devel@gnu.org; Wed, 30 Apr 2014 17:20:46 -0400
Received: from hera.aquilenet.fr ([2a01:474::1]:53149)
	by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from <ludo@gnu.org>)
	id 1Wfbvg-0005Eo-2Z
	for guix-devel@gnu.org; Wed, 30 Apr 2014 17:20:36 -0400
Received: from localhost (localhost [127.0.0.1])
	by hera.aquilenet.fr (Postfix) with ESMTP id 60FBA2138
	for <guix-devel@gnu.org>; Wed, 30 Apr 2014 23:20:34 +0200 (CEST)
Received: from hera.aquilenet.fr ([127.0.0.1])
	by localhost (hera.aquilenet.fr [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id uK72-XlzqkyM for <guix-devel@gnu.org>;
	Wed, 30 Apr 2014 23:20:34 +0200 (CEST)
Received: from pluto (reverse-83.fdn.fr [80.67.176.83])
	by hera.aquilenet.fr (Postfix) with ESMTPSA id 07B52483
	for <guix-devel@gnu.org>; Wed, 30 Apr 2014 23:20:33 +0200 (CEST)
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
To: guix-devel <guix-devel@gnu.org>

Hello,

Commit 09e028f adds support for setuid binaries.  Since the store cannot
contain setuid binaries, we use the same technique as NixOS: setuid
binaries are created when booting (or when switching configurations.)

That is, for each setuid program, a hard link or a copy of the
executable is created under /run/setuid-programs and make setuid-root.

You can test it by running:

  ./pre-inst-env guix system vm build-aux/hydra/demo-os.scm

and running for instance =E2=80=98ping=E2=80=99 as guest from there.

Ludo=E2=80=99.