zero/operating-systems/buer/privilege.scm

55 lines
1.7 KiB
Scheme

(define-module (operating-systems buer privilege)
#:use-module (gnu packages admin)
#:use-module (gnu packages linux)
#:use-module (gnu system privilege)
#:use-module (guix gexp)
#:export (authentication
file-systems
network))
(define authentication
(list (privileged-program
(program (file-append shadow "/bin/passwd"))
(setuid? #t))
(privileged-program
(program (file-append shadow "/bin/chfn"))
(setuid? #t))
(privileged-program
(program (file-append shadow "/bin/sg"))
(setuid? #t))
(privileged-program
(program (file-append shadow "/bin/su"))
(setuid? #t))
(privileged-program
(program (file-append shadow "/bin/newgrp"))
(setuid? #t))
(privileged-program
(program (file-append shadow "/bin/newuidmap"))
(setuid? #t))
(privileged-program
(program (file-append shadow "/bin/newgidmap"))
(setuid? #t))))
(define file-systems
(list (privileged-program
(program (file-append fuse "/bin/fusermount3"))
(setuid? #t))
(privileged-program
(program (file-append fuse-2 "/bin/fusermount"))
(setuid? #t))
(privileged-program
(program (file-append util-linux "/bin/mount"))
(setuid? #t))
(privileged-program
(program (file-append util-linux "/bin/umount"))
(setuid? #t))))
(define network
(list (privileged-program
(program (file-append inetutils "/bin/ping"))
(capabilities "cap_net_raw=ep"))
(privileged-program
(program (file-append inetutils "/bin/ping6"))
(capabilities "cap_net_raw=ep"))))