nixos/netdata: add capabilites to freeipmi.plugin

This commit is contained in:
Izorkin 2019-07-04 12:09:54 +03:00
parent 88f0823571
commit 064a19afe2
2 changed files with 12 additions and 0 deletions

View File

@ -8,6 +8,7 @@ let
wrappedPlugins = pkgs.runCommand "wrapped-plugins" { preferLocalBuild = true; } ''
mkdir -p $out/libexec/netdata/plugins.d
ln -s /run/wrappers/bin/apps.plugin $out/libexec/netdata/plugins.d/apps.plugin
ln -s /run/wrappers/bin/freeipmi.plugin $out/libexec/netdata/plugins.d/freeipmi.plugin
'';
plugins = [
@ -156,6 +157,13 @@ in {
permissions = "u+rx,g+rx,o-rwx";
};
security.wrappers."freeipmi.plugin" = {
source = "${pkgs.netdata}/libexec/netdata/plugins.d/freeipmi.plugin.org";
capabilities = "cap_dac_override,cap_fowner+ep";
owner = cfg.user;
group = cfg.group;
permissions = "u+rx,g+rx,o-rwx";
};
users.users = optional (cfg.user == defaultUser) {
name = defaultUser;

View File

@ -37,6 +37,10 @@ stdenv.mkDerivation rec {
# rename this plugin so netdata will look for setuid wrapper
mv $out/libexec/netdata/plugins.d/apps.plugin \
$out/libexec/netdata/plugins.d/apps.plugin.org
${optionalString withIpmi ''
mv $out/libexec/netdata/plugins.d/freeipmi.plugin \
$out/libexec/netdata/plugins.d/freeipmi.plugin.org
''}
'';
preConfigure = optionalString (!stdenv.isDarwin) ''