ryan77627/guix
1
0
Fork 0
mirror of https://git.in.rschanz.org/ryan77627/guix.git synced 2024-11-08 07:56:16 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions
78911 commits 1 branch 0 tags 448 MiB
Commit graph

7 commits

Author SHA1 Message Date
Maxime Devos
520bac7ed0
services: Prevent following symlinks during activation. 
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files.  However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.

Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html>

* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
  (%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.

Signed-off-by: Ludovic Courtès <ludo@gnu.org>
 2021-03-10 18:01:47 +01:00
Danny Milosavljevic
9374cbd1fb
services: fprintd: Provide polkit policy. 
* gnu/services/authentication.scm (fprintd-service-type)[extensions]: Add
polkit-service-type.
 2019-04-24 22:21:35 +02:00
Danny Milosavljevic
dc01978288
services: fprintd: Use define-configuration. 
* gnu/services/authentication.scm: Use define-configuration in fprintd.
 2019-04-21 10:40:19 +02:00
Danny Milosavljevic
0682f08463
services: fprintd: Fix service. 
* gnu/services/authentication.scm (<fprintd-configuration>)[ntp]: Rename to...
[fprintd]: ...this.
(fprintd-dbus-service): New procedure.
(fprintd-service-type): Use it.
[default-value]: Add value.
 2019-04-17 08:51:11 +02:00
Ricardo Wurmus
c16423f143
services: Add nslcd-service-type. 
* gnu/services/authentication.scm (nslcd-service-type, nslcd-configuration,
%nslcd-accounts): New variables.
(uglify-field-name, value->string, serialize-field, serialize-list,
ssl-option?, tls-reqcert-option?, deref-option?,
comma-separated-list-of-strings?, serialize-ignore-users-option, log-option?,
serialize-log-option, valid-map?, scope-option?, serialize-scope-option,
map-entry?, list-of-map-entries?, filter-entry?, list-of-filter-entries?,
serialize-filter-entry, serialize-list-of-filter-entries, serialize-map-entry,
serialize-list-of-map-entries, nslcd-config-file, nslcd-etc-service,
nslcd-shepherd-service, pam-ldap-pam-services, pam-ldap-pam-service,
generate-nslcd-documentation): New procedures.
* gnu/tests/ldap.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (LDAP Services): Document it.
 2019-03-20 20:31:15 +01:00
Danny Milosavljevic
812f6bd82d
services: Fix "authentication" service name. 
Follow-up to 7f93bbd5aa.

* gnu/services/authentication.scm: Fix module name.
 2018-06-23 00:21:23 +02:00
Danny Milosavljevic
7f93bbd5aa
services: Add fingerprint identification service. 
* gnu/services/authentication.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (Miscellaneous Services): Document it.
 2018-06-23 00:14:27 +02:00