summary refs log tree commit diff
path: root/gnu/build/activation.scm
AgeCommit message (Collapse)Author
2024-11-03activation: Create directory with specified perms in ‘mkdir-p/perms’.Reepca Russelstein
There is currently a window of time between when the desired directory is created and when its permissions are changed. During this time, its permissions are restricted only by the umask. Of course, in the "directory already exists" case, this doesn't matter, but if the directory has been specifically deleted ahead of time so that it is created afresh, this is an unnecessary window. We can avoid this by passing the caller-provided BITS to 'mkdirat' when attempting to create the last directory. * gnu/build/activation.scm (mkdir-p/perms): Create target directory with BITS permissions. Change-Id: I03d2c620872e86b6f591abe0f1c8317aa1245383 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2024-09-06activation: Fix TOCTTOU in mkdir-p/perms.Maxime Devos
Fixes <https://issues.guix.gnu.org/47584>. I removed the 'Based upon mkdir-p from (guix build utils)' comment because it's quite a bit different now. * gnu/build/activation.scm (verify-not-symbolic): Delete. (mkdir-p/perms): Rewrite in terms of 'openat'. Signed-off-by: Ludovic Courtès <ludo@gnu.org> Change-Id: Id2f5bcbb903283afd45f6109190210d02eb383c7
2024-08-11privilege: Add POSIX capabilities(7) support.Tobias Geerinckx-Rice
* gnu/system/privilege.scm (<privileged-program>): Add a field representing the program's POSIX capabilities. (privileged-program-capabilities): New public procedure. * doc/guix.texi (Privileged Programs): Document it. * gnu/build/activation.scm (activate-privileged-programs): Take a LIBCAP package argument providing setcap(8) to apply said capabilities. * gnu/services.scm (privileged-program->activation-gexp): Pass said package argument where supported. Include privileged-program-capabilities in the compatibility hack.
2024-08-11build: Rename activate-setuid-programs.Tobias Geerinckx-Rice
* gnu/build/activation.scm (activate-setuid-programs): Rename this… (activate-privileged-programs): …to this. Operate on a list of <privileged-program> records. * gnu/services.scm (setuid-program->activation-gexp): Adjust caller.
2024-08-11services: setuid-program: Populate /run/privileged/bin.Tobias Geerinckx-Rice
Create /run/setuid-programs compatibility symlinks so that we can migrate all users (both package and human) piecemeal at our leisure. Apart from being symlinks, this should be a user-invisible change. * gnu/build/activation.scm (%privileged-program-directory): New variable. [activate-setuid-programs]: Put privileged copies in %PRIVILEGED-PROGRAM-DIRECTORY, with compatibility symlinks to each in %SETUID-DIRECTORY. * gnu/services.scm (setuid-program-service-type): Update docstring. * doc/guix.texi (Setuid Programs): Update @file{} name accordingly.
2024-02-19services: activation: Ensure /run existence.Nicolas Graves
* gnu/build/activation.scm (activation-script): Ensure /var/run existence. * gnu/build/install.scm (evaluate-populate-directive) [directives]: Remove directory /run. Change-Id: I19ca8e7605c0cff598ab89077a94e20390ba27b0 Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2023-08-20Revert "gnu: system: Add home-directory-permissions field to <user-account>."Tobias Geerinckx-Rice
This reverts commit e9a5eebc785cb843034b38c5c5a6dd10904bdf2a, which as far as I can tell breaks system roll-backs thusly: [...] In gnu/build/accounts.scm: 239:27 3 (_ #<<password-entry> name: "root" password: "x" uid: 0 gid: 0 real-name: "System >) In unknown file: 2 (string-join ("root" "x" "0" "0" "System administrator" "/root" #t) ":" #<undefined>) In ice-9/boot-9.scm: 1685:16 1 (raise-exception _ #:continuable? _) 1685:16 0 (raise-exception _ #:continuable? _) ice-9/boot-9.scm:1685:16: In procedure raise-exception: In procedure string-append: Wrong type (expecting string): #t
2023-08-25gnu: system: Add home-directory-permissions field to <user-account>.David Thompson
* gnu/system/accounts.scm (<user-account>)[home-directory-permissions]: New field. (user-account-home-directory-permissions): New accessor. * gnu/build/activation.scm (activate-users+groups): Use home directory permission bits from the user account object. * doc/guix.texi (User Accounts): Document new field. Signed-off-by: Josselin Poiret <dev@jpoiret.xyz>
2022-12-17activation: Firmware activation handles missing support in kernel.Marius Bakke
* gnu/build/activation.scm (activate-firmware): Check if firmware loading is enabled before attempting to use it.
2022-03-01initrd: Use non-hyphenated kernel command-line parameter names.Maxim Cournoyer
This is to make it less surprising, given the common convention sets forth by the kernel Linux command-line parameters. * gnu/build/linux-boot.scm (boot-system): Rename '--load', '--repl', '--root' and '--system' to 'gnu.load', 'gnu.repl', 'root' and 'gnu.system', respectively. Adjust doc. (find-long-option): Adjust doc. * gnu/installer/parted.scm (installer-root-partition-path): Adjust accordingly. * gnu/system.scm (bootable-kernel-arguments): Add a VERSION argument and update doc. Use VERSION to conditionally return old style vs new style initrd arguments. (%boot-parameters-version): Increment to 1. (operating-system-boot-parameters): Adjust doc. (operating-system-boot-parameters-file): Likewise. * gnu/system/linux-initrd.scm (raw-initrd, base-initrd): Likewise. * doc/guix.texi: Adjust doc. * gnu/build/activation.scm (boot-time-system): Adjust accordingly. * gnu/build/hurd-boot.scm (boot-hurd-system): Likewise. * gnu/packages/commencement.scm (%final-inputs-riscv64): Adjust comment.
2021-07-29services: setuid: More configurable setuid support.Chris Lemmer-Webber
New record <setuid-program> with fields for setting the specific user and group, as well as specifically selecting the setuid and setgid bits, for a program within the setuid-program-service. * gnu/services.scm (setuid-program-file-like-deprecated): New function. (setuid-program-service-type): Make use of setuid-program->activation-gexp. Adjust the extend property to handle <setuid-program>. * gnu/build/activation.scm (activate-setuid-programs): Update to expect a <setuid-record> list for each program entry. * gnu/system.scm: (operating-system-setuid-programs): Renamed to %operating-system-setuid-programs and replace it with new procedure. (operating-system-default-essential-services, hurd-default-essential-services): Replace operating-system-setuid-programs with %operating-system-setuid-programs. * gnu/system/setuid.scm: New file. * doc/guix.texi (Setuid Programs): Document <setuid-program>. Co-authored-by: Brice Waegeneire <brice@waegenei.re>
2021-04-03activation: Do not dereference symlinks during home directory creation.Maxime Devos
Fixes <https://bugs.gnu.org/47584>. * gnu/build/activation.scm (copy-account-skeletons): Do not chown the home directory; leave this to 'activate-user-home'. (activate-user-home): Only chown the home directory after the account skeletons have been copied. Co-authored-by: Ludovic Courtès <ludo@gnu.org>.
2021-03-10services: Prevent following symlinks during activation.Maxime Devos
This addresses a potential security issue, where a compromised service could trick the activation code in changing the permissions, owner and group of arbitrary files. However, this patch is currently only a partial fix, due to a TOCTTOU (time-of-check to time-of-use) race, which can be fixed once guile has bindings to openat and friends. Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html> * gnu/build/activation.scm: new procedure 'mkdir-p/perms'. * gnu/services/authentication.scm (%nslcd-activation, nslcd-service-type): use new procedure. * gnu/services/cups.scm (%cups-activation): likewise. * gnu/services/dbus.scm (dbus-activation): likewise. * gnu/services/dns.scm (knot-activation): likewise. Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2021-02-09activation: Do not make setuid programs setgid-root [security].Ludovic Courtès
Fixes <https://bugs.gnu.org/46395>. Reported by Duncan Overbruck <mail@duncano.de>. * gnu/build/activation.scm (activate-setuid-programs): Change TARGET mode to not be setgid.
2020-06-09activation: Fix function call for system activationRoyce Strange
* gnu/build/activation.scm (boot-time-system): Evaluate the linux-command-line thunk for linux systems to boot Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2020-06-08system: Support activation service for the Hurd.Jan (janneke) Nieuwenhuizen
* gnu/build/activation.scm (boot-time-system): Use "command-line" for the Hurd. * gnu/system.scm (hurd-default-essential-services): Add %boot-service and %activation-service.
2020-01-06activation: Check whether /proc/sys/kernel/modprobe exists.kanichos@yandex.ru
* gnu/build/activation.scm (activate-modprobe): Check whether /proc/sys/kernel/modprobe exists before writing to it. Co-authored-by: Ludovic Courtès <ludo@gnu.org>
2020-01-02activation: Keep going when failing to create one of the setuid programs.Ludovic Courtès
Fixes <https://bugs.gnu.org/38800>. Reported by Jakub Kądziołka <kuba@kadziolka.net>. * gnu/build/activation.scm (activate-setuid-programs): Catch 'system-error' around 'make-setuid-program' calls.
2019-06-05activation: Lock /etc/.pwd.lock before accessing databases.Ludovic Courtès
Suggested by Florian Pelz <pelzflorian@pelzflorian.de> in <http://bugs.gnu.org/35996>. * gnu/build/accounts.scm (%password-lock-file): New variable. * gnu/build/activation.scm (activate-users+groups): Wrap calls to 'user+group-databases', 'write-group', etc. into 'with-file-lock'.
2019-03-08activation: Shared system home directories are now 555 and root-owned.Ludovic Courtès
Fixes <https://bugs.gnu.org/34788>. Reported by Jack Hill <jackhill@jackhill.us>. Regression introduced by the combination of 8bb76f3d44c1f5ffec8011819494db306a51d801 and 0ae735bcc8ff7fdc89d67b492bdee9091ee19e86: /var/empty would be 700 and owned by one of the system accounts (thus inaccessible to others), and /var/run/dbus would be 700 as well, thereby preventing D-Bus clients from connecting to the daemon. * gnu/build/activation.scm (duplicates): New procedure. (activate-users+groups)[system-accounts]: New variable. Use it. Make shared system account home directories #o555 and root-owned. * gnu/services/dbus.scm (dbus-activation): Make /var/run/dbus #o755. * gnu/tests/base.scm (run-basic-test): Test the ownership and permissions of /var/empty.
2019-03-07activation: Build account databases with (gnu build accounts).Ludovic Courtès
* gnu/build/activation.scm (enumerate, current-users, current-groups) (add-group, add-user, modify-user, ensure-user): Remove. (activate-users+groups)[touch, activate-user]: Remove. [make-home-directory]: New procedure. Rewrite in terms of 'user+group-databases', 'write-group', etc. * gnu/build/install.scm (directives): Remove "/root". * gnu/system/shadow.scm (account-activation): Remove (setenv "PATH" ...) expression, which is now unneeded.
2019-03-07activation: Operate on <user-account> and <user-group> records.Ludovic Courtès
* gnu/system/accounts.scm (sexp->user-group, sexp->user-account): New procedures. * gnu/system/shadow.scm (account-activation): Call them in the arguments to 'activate-users+groups'. (account-shepherd-service): Likewise. * gnu/build/activation.scm (activate-users+groups): Expect a list of <user-account> and a list of <user-group>. Replace uses of 'match' on tuples with calls to record accessors. (activate-user-home): Likewise.
2019-03-04activation: Make home directories #o700 by default.Ludovic Courtès
Until now they'd be #o755, except for /root, which is treated specially in (gnu build install). * gnu/build/activation.scm (activate-user-home): Chmod HOME to #o700. Remove redundant 'unless system?'.
2018-11-18activation: Aways pass '-d HOME' to 'useradd'.Ludovic Courtès
Fixes <https://bugs.gnu.org/33422>. Reported by fps. * gnu/build/activation.scm (add-user): Always pass "-d HOME" when HOME is true. Pass "--create-home" only when HOME, CREATE-HOME?, and SYSTEM? are true. (activate-users+groups): Pass #:create-home? create-home? to 'ensure-user'. * gnu/tests/base.scm (run-basic-test)["accounts"]: Test 'passwd:dir' as well.
2018-03-27activation: Pass '-d HOME' to 'usermod'.Ludovic Courtès
Fixes a bug whereby changes to user home directories in the OS config would never be effective. Reported by Pierre Neidhardt <ambrevar@gmail.com>. * gnu/build/activation.scm (modify-user): Pass '-d HOME'.
2017-10-08activation: Do not create setuid binaries in the store [security fix].Ludovic Courtès
Fixes <https://bugs.gnu.org/28751>. * gnu/build/activation.scm (activate-setuid-programs)[link-or-copy]: Remove. Use 'copy-file' instead.
2017-08-03activation: Make sure /etc exists.Ludovic Courtès
Fixes <http://bugs.gnu.org/27146>. Reported by ng0 <ng0@pragmatique.xyz>. * gnu/build/activation.scm (activate-etc): Add call to 'mkdir-p'.
2017-05-30activation: Change permissions on /root to #o700.Ludovic Courtès
Reported by Alex Griffin <a@ajgrf.com>. Fixes <http://bugs.gnu.org/27135>. * gnu/build/activation.scm (add-user): When UID is zero, add 'chmod' call. * gnu/tests/base.scm (run-basic-test)["permissions on /root"]: New test.
2017-05-18services: user-homes: Do not create home directories marked as no-create.Ludovic Courtès
Fixes a bug whereby GuixSD would create the /nonexistent directory, from user 'nobody', even though it has 'create-home-directory?' set to #f. * gnu/build/activation.scm (activate-users+groups): Add comment for \#:create-home?. (activate-user-home)[ensure-user-home]: Skip when CREATE-HOME? is #f or SYSTEM? is #t. * gnu/tests/base.scm (run-basic-test)["no extra home directories"]: New tests.
2017-02-10Merge branch 'master' into core-updatesLudovic Courtès
2017-02-08services: Add 'special-files-service-type'.Ludovic Courtès
* gnu/build/activation.scm (activate-/bin/sh): Remove. (activate-special-files): New procedure. * gnu/services.scm (activation-script): Remove call to 'activate-/bin/sh'. (special-files-service-type): New variable. (extra-special-file): New procedure. * gnu/services/base.scm (%base-services): Add SPECIAL-FILES-SERVICE-TYPE instance. * gnu/tests/base.scm (run-basic-test)[special-files]: New variables. ["special files"]: New test.
2017-02-04activation: Set the right owner for home directories.Ludovic Courtès
This fixes a regression introduced in ae763b5b0b7d5e7316a3d0efe991fe8ab2261031 whereby home directories and skeletons would be root-owned. * gnu/build/activation.scm (copy-account-skeletons): Make 'directory' a keyword parameter. Add #:uid and #:gid and honor them. [set-owner]: New procedure. (activate-user-home): Add call to 'getpw' and 'chown'. Pass UID and GID to 'copy-account-skeletons'. * gnu/tests/base.scm (run-basic-test)["skeletons in home directories"]: Test file ownership under HOME.
2017-02-02Merge branch 'master' into core-updatesLeo Famulari
2017-02-01system: Create home directories once 'file-systems' is up.Ludovic Courtès
Fixes <http://bugs.gnu.org/21108>. Reported by Andy Patterson <ajpatter@uwaterloo.ca> and Leo Famulari <leo@famulari.name>. * gnu/build/activation.scm (activate-users+groups)[activate-user]: Pass #:create-home? #t iff CREATE-HOME? and SYSTEM?. (activate-user-home): New procedure. * gnu/system/shadow.scm (account-shepherd-service): New procedure. (account-service-type)[extensions]: Add SHEPHERD-ROOT-SERVICE-TYPE extension. * gnu/tests/base.scm (run-basic-test)["home"] ["skeletons in home directories"]: New tests. * gnu/tests/install.scm (%separate-home-os, %separate-home-os-source) (%test-separate-home-os): New variables.
2017-01-26utils: Add helper method to make files writable.Marius Bakke
* gnu/build/activation.scm (make-file-writable): Move this to ... * guix/build/utils.scm (make-file-writable): ... here. Export it. * guix/build/gnu-build-system.scm (strip): Use it.
2016-09-06activation: Don't fail if /var/lib exists.Leo Famulari
This is a followup to commit 6526d43ea4fb0cd151a0d5e9a072c651c1c963d1. * gnu/build/activation.scm (activate-user+groups): Use mkdir-p to create /var/lib.
2016-09-06activation: Allow home directories to be created under /var/lib.David Craven
* gnu/build/activation.scm (activate-user+groups): Make sure /var/lib exists.
2016-08-28system: Add 'create-home-directory?' field to <user-account>.Ludovic Courtès
* gnu/system/shadow.scm (<user-account>)[create-home-directory?]: New field. (user-account->gexp): Serialize it. * gnu/build/activation.scm (activate-users+groups)[activate-user]: Update 'match-lambda' pattern accordingly. Pass #:create-home? to 'ensure-user'. (add-user, modify-user, ensure-user): Add #:create-home? parameter and honor it. * doc/guix.texi (User Accounts): Document it.
2016-03-24activation: Copy account skeletons silently.Ludovic Courtès
* gnu/build/activation.scm (copy-account-skeletons): Pass #:log to 'copy-recursively'.
2016-03-20system: Allow account skeletons to be directories.Ludovic Courtès
* gnu/system/shadow.scm (skeleton-directory): Use 'copy-recursively' instead of 'copy-file'. * gnu/build/activation.scm (copy-account-skeletons): Likewise.
2015-05-09system: activate-ptrace-attach: Handle kernels without YAMA support.Mark H Weaver
* gnu/build/activation.scm (activate-ptrace-attach): Check for the existence of /proc/sys/kernel/yama/ptrace_scope before trying to write to it.
2015-05-05activation: Make user copies of the skeletons writable.Ludovic Courtès
* gnu/build/activation.scm (make-file-writable, make-skeletons-writable): New procedures. (copy-account-skeletons): Call 'make-file-writable' after 'copy-file'. (add-user): Add call to 'make-skeletons-writable'.
2015-04-12system: Allow users to PTRACE_ATTACH to their own processes.Ludovic Courtès
* gnu/build/activation.scm (activate-ptrace-attach): New procedure. * gnu/system.scm (operating-system-activation-script): Use it.
2015-04-08activation: Remove undeclared user accounts and groups.Ludovic Courtès
Fixes <http://bugs.gnu.org/19795>. Reported by David Thompson <dthompson2@worcester.edu>. * gnu/build/activation.scm (enumerate, current-users, current-groups, delete-user, delete-group): New procedures. (activate-users+groups): Add calls to 'delete-user' and 'delete-group'. * doc/guix.texi (User Accounts): Add a paragraph about statelessness. Explain that passwords are preserved.
2015-03-03system: Add /etc/ssl symlink; set needed variables in /etc/profile.Mark H Weaver
* gnu/build/activation.scm (activate-etc): Create /etc/ssl symlink. * gnu/system.scm (etc-directory): Set SSL_CERT_DIR, SSL_CERT_FILE, and GIT_SSL_CAINFO in /etc/profile. Co-Authored-By: Ludovic Courtès <ludo@gnu.org>
2014-12-13activation: Copy the account skeletons when creating the 'root' account.Ludovic Courtès
* gnu/build/activation.scm (%skeleton-directory): New variable. (dot-or-dot-dot?, copy-account-skeletons): New procedure. (add-user): Use 'copy-account-skeletons'. (activate-etc): Use 'dot-or-dot-dot?'.
2014-12-06activation: Don't create unneeded "/var/guix/gcroots/etc-directory".Ludovic Courtès
* gnu/build/activation.scm (activate-etc): Don't create "/var/guix/gcroots/etc-directory".
2014-11-11activation: Set the firmware search path.Ludovic Courtès
* gnu/build/activation.scm (activate-firmware): New procedure. * gnu/system.scm (<operating-system>)[firmware]: New field. (directory-union): New procedure. (%base-firmware): New variable. (operating-system-activation-script): Use 'directory-union', and call 'activate-firmware'. * doc/guix.texi (operating-system Reference): Document 'firmware'.
2014-11-02system: Allow Linux-libre to find our 'modprobe' command.Ludovic Courtès
Fixes <http://bugs.gnu.org/18525>. Reported by Mark H Weaver <mhw@netris.org>. * gnu/build/activation.scm (activate-modprobe): New procedure. * gnu/system.scm (modprobe-wrapper): New procedure. (operating-system-activation-script): Use both.
2014-09-22activation: Ensure existing user accounts have the right settings.Ludovic Courtès
* gnu/build/activation.scm (modify-user, ensure-user): New procedures. (activate-users+groups): Systematically call 'ensure-user'.
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-03-23 14:21:55 +0000