swendel/nixpkgs
1
0
Fork 0
mirror of https://github.com/SebastianWendel/nixpkgs.git synced 2024-09-21 12:59:04 +02:00
Code Issues Packages Projects Releases Wiki Activity

openssh: Use the default privilege separation dir (/var/empty)

Browse source 
If running NixOS inside a container where the host's root-owned files
and directories have been mapped to some other uid (like nobody), the
ssh daemon fails to start, producing this error message:

fatal: /nix/store/...-openssh-7.2p2/empty must be owned by root and not group or world-writable.

The reason for this is that when openssh is built, we explicitly set
`--with-privsep-path=$out/empty`. This commit removes that flag which
causes the default directory /var/empty to be used instead. Since NixOS'
activation script correctly sets up that directory, the ssh daemon now
also works within containers that have a non-root-owned nix store.
This commit is contained in:
Rickard Nilsson 2016-07-14 20:54:06 +02:00
parent c1a600e8df
commit a927709a35
1 changed files with 0 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
pkgs/tools/networking/openssh/default.nix
View file

@ -66,11 +66,6 @@ stdenv.mkDerivation rec {
++ optional stdenv.isDarwin "--disable-libutil" ++ optional stdenv.isDarwin "--disable-libutil"
++ optional (!linkOpenssl) "--without-openssl"; ++ optional (!linkOpenssl) "--without-openssl";
preConfigure = ''
configureFlagsArray+=("--with-privsep-path=$out/empty")
mkdir -p $out/empty
'';
enableParallelBuilding = true; enableParallelBuilding = true;
postInstall = '' postInstall = ''