tv ff: use abspath to sudo
This commit is contained in:
parent
6370d2c2e2
commit
8ec65b04dc
@ -18,7 +18,7 @@ in {
|
|||||||
pkgs.xlibs.fontschumachermisc
|
pkgs.xlibs.fontschumachermisc
|
||||||
];
|
];
|
||||||
|
|
||||||
# TODO dedicated group, i.e. with a single user
|
# TODO dedicated group, i.e. with a single user [per-user-setuid]
|
||||||
# TODO krebs.setuid.slock.path vs /var/setuid-wrappers
|
# TODO krebs.setuid.slock.path vs /var/setuid-wrappers
|
||||||
krebs.setuid.slock = {
|
krebs.setuid.slock = {
|
||||||
filename = "${pkgs.slock}/bin/slock";
|
filename = "${pkgs.slock}/bin/slock";
|
||||||
|
@ -1,8 +1,12 @@
|
|||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
pkgs.writeScriptBin "ff" ''
|
# TODO use krebs.setuid
|
||||||
#! ${pkgs.bash}/bin/bash
|
# This requires that we can create setuid executables that can only be accessed
|
||||||
exec sudo -u ff -i <<EOF
|
# by a single user. [per-user-setuid]
|
||||||
|
|
||||||
|
# using bash for %q
|
||||||
|
pkgs.writeBashBin "ff" ''
|
||||||
|
exec /var/setuid-wrappers/sudo -u ff -i <<EOF
|
||||||
exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
|
exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
|
||||||
EOF
|
EOF
|
||||||
''
|
''
|
||||||
|
Loading…
Reference in New Issue
Block a user