ilyakooo0/nixpkgs
1
0
Fork 0
mirror of https://github.com/ilyakooo0/nixpkgs.git synced 2024-09-21 12:38:41 +03:00
Code Issues Projects Releases Wiki Activity

nixos/virtualbox-host: Fix hardening with headless vbox

Browse Source 
Fixes #157157.
This commit is contained in:
Zhaofeng Li 2022-10-08 15:41:17 -06:00
parent f677051b8d
commit 6ed7e545ec
1 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
nixos/modules/virtualisation/virtualbox-host.nix
View File

@ -104,16 +104,18 @@ in
group = "vboxusers";
setuid = true;
};
executables = [
"VBoxHeadless"
"VBoxNetAdpCtl"
"VBoxNetDHCP"
"VBoxNetNAT"
"VBoxVolInfo"
] ++ (lib.optionals (!cfg.headless) [
"VBoxSDL"
"VirtualBoxVM"
]);
in mkIf cfg.enableHardening
(builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) [
"VBoxHeadless"
"VBoxNetAdpCtl"
"VBoxNetDHCP"
"VBoxNetNAT"
"VBoxSDL"
"VBoxVolInfo"
"VirtualBoxVM"
]));
(builtins.listToAttrs (map (x: { name = x; value = mkSuid x; }) executables));
users.groups.vboxusers.gid = config.ids.gids.vboxusers;