~ruther/guix-local

ee7bae3bbd2030d5f2cdb88e484e1c67a063e2a3 — Ludovic Courtès 11 years ago c851400 
activation: Set the permissions of /etc/sudoers to 440.

* gnu/build/activation.scm (activate-etc): Move 'rm-f' to a local
  'define'.  When TARGET is "sudoers", make it 440.
patch browse .tar.gz 
1 files changed, 34 insertions(+), 28 deletions(-)

M gnu/build/activation.scm

M gnu/build/activation.scm => gnu/build/activation.scm +34 -28
@@ 147,35 147,41 @@ numeric gid or #f."
  ;; /etc is a mixture of static and dynamic settings.  Here is where we
  ;; initialize it from the static part.

  (define (rm-f file)
    (false-if-exception (delete-file file)))

  (format #t "populating /etc from ~a...~%" etc)
  (let ((rm-f (lambda (f)
                (false-if-exception (delete-file f)))))
    (rm-f "/etc/static")
    (symlink etc "/etc/static")
    (for-each (lambda (file)
                (let ((target (string-append "/etc/" file))
                      (source (string-append "/etc/static/" file)))
                  (rm-f target)

                  ;; Things such as /etc/sudoers must be regular files, not
                  ;; symlinks; furthermore, they could be modified behind our
                  ;; back---e.g., with 'visudo'.  Thus, make a copy instead of
                  ;; symlinking them.
                  (if (file-is-directory? source)
                      (symlink source target)
                      (copy-file source target))))
              (scandir etc
                       (lambda (file)
                         (not (member file '("." ".."))))

                       ;; The default is 'string-locale<?', but we don't have
                       ;; it when run from the initrd's statically-linked
                       ;; Guile.
                       string<?))

    ;; Prevent ETC from being GC'd.
    (rm-f "/var/guix/gcroots/etc-directory")
    (symlink etc "/var/guix/gcroots/etc-directory")))

  (rm-f "/etc/static")
  (symlink etc "/etc/static")
  (for-each (lambda (file)
              (let ((target (string-append "/etc/" file))
                    (source (string-append "/etc/static/" file)))
                (rm-f target)

                ;; Things such as /etc/sudoers must be regular files, not
                ;; symlinks; furthermore, they could be modified behind our
                ;; back---e.g., with 'visudo'.  Thus, make a copy instead of
                ;; symlinking them.
                (if (file-is-directory? source)
                    (symlink source target)
                    (copy-file source target))

                ;; XXX: Dirty hack to meet sudo's expectations.
                (when (string=? (basename target) "sudoers")
                  (chmod target #o440))))
            (scandir etc
                     (lambda (file)
                       (not (member file '("." ".."))))

                     ;; The default is 'string-locale<?', but we don't have
                     ;; it when run from the initrd's statically-linked
                     ;; Guile.
                     string<?))

  ;; Prevent ETC from being GC'd.
  (rm-f "/var/guix/gcroots/etc-directory")
  (symlink etc "/var/guix/gcroots/etc-directory"))

(define %setuid-directory
  ;; Place where setuid programs are stored.