More derp? It's 5am...

2024-09-20 12:29:02 +02:00 · 2017-01-29 05:36:47 -06:00 · 2017-01-29 05:36:47 -06:00 · a3e9d77640
parent 1cc500ea8e
commit a3e9d77640
1 changed files with 15 additions and 11 deletions
--- a/nixos/modules/tasks/network-interfaces.nix
+++ b/nixos/modules/tasks/network-interfaces.nix
@ -898,23 +898,27 @@ in

    # Capabilities won't work unless we have at-least a 4.3 Linux
    # kernel because we need the ambient capability
-    security.wrappers = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") {
-      ping = {
-        source  = "${pkgs.iputils.out}/bin/ping";
-        capabilities = "cap_net_raw+p";
-      };
+    security = mkIf (versionAtLeast (getVersion config.boot.kernelPackages.kernel) "4.3") {
+      wrappers = {
+        ping = {
+          source  = "${pkgs.iputils.out}/bin/ping";
+          capabilities = "cap_net_raw+p";
+        };

-      ping6 = {
-        source  = "${pkgs.iputils.out}/bin/ping6";
-        capabilities = "cap_net_raw+p";
+        ping6 = {
+          source  = "${pkgs.iputils.out}/bin/ping6";
+          capabilities = "cap_net_raw+p";
+        };
      };
    };

    # If the linux kernel IS older than 4.3, create setuid wrappers
    # for ping and ping6
-    security.wrappers = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") {
-      ping.source = "${pkgs.iputils.out}/bin/ping";
-      "ping6".source = "${pkgs.iputils.out}/bin/ping6";
+    security = mkIf (versionOlder (getVersion config.boot.kernelPackages.kernel) "4.3") {
+      wrappers = {
+        ping.source = "${pkgs.iputils.out}/bin/ping";
+        "ping6".source = "${pkgs.iputils.out}/bin/ping6";
+      };
    };

    # Set the host and domain names in the activation script.  Don't