tv ff: use abspath to sudo

This commit is contained in:
tv 2016-05-25 11:29:20 +02:00
parent 6370d2c2e2
commit 8ec65b04dc
2 changed files with 8 additions and 4 deletions

View File

@ -18,7 +18,7 @@ in {
pkgs.xlibs.fontschumachermisc
];
# TODO dedicated group, i.e. with a single user
# TODO dedicated group, i.e. with a single user [per-user-setuid]
# TODO krebs.setuid.slock.path vs /var/setuid-wrappers
krebs.setuid.slock = {
filename = "${pkgs.slock}/bin/slock";

View File

@ -1,8 +1,12 @@
{ pkgs, ... }:
pkgs.writeScriptBin "ff" ''
#! ${pkgs.bash}/bin/bash
exec sudo -u ff -i <<EOF
# TODO use krebs.setuid
# This requires that we can create setuid executables that can only be accessed
# by a single user. [per-user-setuid]
# using bash for %q
pkgs.writeBashBin "ff" ''
exec /var/setuid-wrappers/sudo -u ff -i <<EOF
exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
EOF
''