mirror of
https://github.com/ilyakooo0/nixpkgs.git
synced 2024-09-21 20:49:52 +03:00
nixos/openrazer: Change plugdev group to openrazer
For security reasons, and generally, it is best to create a more fine grained group than plugdev. This way users that wish to tweak razer devices don't have access to the entire plugdev group's permissions. This is of course a breaking change.
This commit is contained in:
parent
d00f146ca5
commit
42c6771744
@ -646,6 +646,20 @@
|
||||
to use wildcards in the <literal>source</literal> argument.
|
||||
</para>
|
||||
</listitem>
|
||||
<listitem>
|
||||
<para>
|
||||
The <literal>openrazer</literal> and
|
||||
<literal>openrazer-daemon</literal> packages as well as the
|
||||
<literal>hardware.openrazer</literal> module now require users
|
||||
to be members of the <literal>openrazer</literal> group
|
||||
instead of <literal>plugdev</literal>. With this change, users
|
||||
no longer need be granted the entire set of
|
||||
<literal>plugdev</literal> group permissions, which can
|
||||
include permissions other than those required by
|
||||
<literal>openrazer</literal>. This can be desirable from a
|
||||
security point of view.
|
||||
</para>
|
||||
</listitem>
|
||||
</itemizedlist>
|
||||
</section>
|
||||
<section xml:id="sec-release-21.11-notable-changes">
|
||||
|
@ -164,6 +164,8 @@ pt-services.clipcat.enable).
|
||||
|
||||
- `programs.neovim.runtime` switched to a `linkFarm` internally, making it impossible to use wildcards in the `source` argument.
|
||||
|
||||
- The `openrazer` and `openrazer-daemon` packages as well as the `hardware.openrazer` module now require users to be members of the `openrazer` group instead of `plugdev`. With this change, users no longer need be granted the entire set of `plugdev` group permissions, which can include permissions other than those required by `openrazer`. This can be desirable from a security point of view.
|
||||
|
||||
## Other Notable Changes {#sec-release-21.11-notable-changes}
|
||||
|
||||
- The setting [`services.openssh.logLevel`](options.html#opt-services.openssh.logLevel) `"VERBOSE"` `"INFO"`. This brings NixOS in line with upstream and other Linux distributions, and reduces log spam on servers due to bruteforcing botnets.
|
||||
|
@ -49,7 +49,11 @@ in
|
||||
{
|
||||
options = {
|
||||
hardware.openrazer = {
|
||||
enable = mkEnableOption "OpenRazer drivers and userspace daemon";
|
||||
enable = mkEnableOption ''
|
||||
OpenRazer drivers and userspace daemon.
|
||||
Any users that wish to make use of the daemon need to be
|
||||
members of the "openrazer" group.
|
||||
'';
|
||||
|
||||
verboseLogging = mkOption {
|
||||
type = types.bool;
|
||||
@ -106,10 +110,10 @@ in
|
||||
services.udev.packages = [ kernelPackages.openrazer ];
|
||||
services.dbus.packages = [ dbusServiceFile ];
|
||||
|
||||
# A user must be a member of the plugdev group in order to start
|
||||
# the openrazer-daemon. Therefore we make sure that the plugdev
|
||||
# group exists.
|
||||
users.groups.plugdev = {};
|
||||
# A user must be a member of the openrazer group in order to start
|
||||
# the openrazer-daemon. Therefore we make sure that the group
|
||||
# exists.
|
||||
users.groups.openrazer = {};
|
||||
|
||||
systemd.user.services.openrazer-daemon = {
|
||||
description = "Daemon to manage razer devices in userspace";
|
||||
|
@ -38,6 +38,10 @@ buildPythonApplication (common // rec {
|
||||
setproctitle
|
||||
];
|
||||
|
||||
postPatch = ''
|
||||
substituteInPlace openrazer_daemon/daemon.py --replace "plugdev" "openrazer"
|
||||
'';
|
||||
|
||||
postBuild = ''
|
||||
DESTDIR="$out" PREFIX="" make install manpages
|
||||
'';
|
||||
|
@ -30,11 +30,13 @@ stdenv.mkDerivation (common // {
|
||||
install -m 644 -v -D install_files/udev/99-razer.rules $RAZER_RULES_OUT
|
||||
install -m 755 -v -D install_files/udev/razer_mount $RAZER_MOUNT_OUT
|
||||
substituteInPlace $RAZER_RULES_OUT \
|
||||
--replace razer_mount $RAZER_MOUNT_OUT
|
||||
--replace razer_mount $RAZER_MOUNT_OUT \
|
||||
--replace plugdev openrazer
|
||||
substituteInPlace $RAZER_MOUNT_OUT \
|
||||
--replace /usr/bin/logger ${util-linux}/bin/logger \
|
||||
--replace chgrp ${coreutils}/bin/chgrp \
|
||||
--replace "PATH='/sbin:/bin:/usr/sbin:/usr/bin'" ""
|
||||
--replace "PATH='/sbin:/bin:/usr/sbin:/usr/bin'" "" \
|
||||
--replace plugdev openrazer
|
||||
|
||||
runHook postInstall
|
||||
'';
|
||||
|
Loading…
Reference in New Issue
Block a user