Hello, is this a bug or I'm using privileged-programs the wrng way?
I'm trying to switch from setuid-programs to the new privileged-programs
but I get an error trying to reconfigure.
--8<---------------cut here---------------start------------->8---
g@ken ~$ guix describe
Generation 3 Sep 24 2024 15:42:22 (current)
guix 60dfa7f
repository URL: https://git.savannah.gnu.org/git/guix.git
branch: master
commit: 60dfa7f673344f7f81faafc225191c4492f9dd03
--8<---------------cut here---------------end--------------->8---
this is the configuration for privileged-programs:
--8<---------------cut here---------------start------------->8---
(operating-system
[...]
;; libvirt clients need spice-client-glib-usb-acl-helper suid
;; to be able to selectively share USB devices
(privileged-programs
(append (list (privileged-program
(program (file-append spice-gtk
"/libexec/spice-client-glib-usb-acl-helper"))
(setuid? #t))
%default-privileged-programs)))
--8<---------------cut here---------------end--------------->8---
I've changed the above code since I was using setuid-programs before [1]
and It was running.
this is the error I get when trying to reconfigure:
--8<---------------cut here---------------start------------->8---
g@ken ~$ sudo guix system reconfigure /etc/config.scm
In guix/scripts/system.scm:
1311:4 19 (_)
In ice-9/boot-9.scm:
1752:10 18 (with-exception-handler _ _ #:unwind? _ # _)
In guix/store.scm:
689:37 17 (thunk)
1330:8 16 (call-with-build-handler #<procedure 7f497a4a5600 at g…> …)
2210:25 15 (run-with-store #<store-connection 256.100 7f497a490280> …)
In guix/scripts/system.scm:
853:2 14 (_ _)
727:8 13 (_ #<store-connection 256.100 7f497a490280>)
In gnu/system.scm:
1323:19 12 (operating-system-derivation _)
In gnu/services.scm:
1240:16 11 (_ _)
In guix/monads.scm:
487:9 10 (_ _)
In gnu/services.scm:
1243:36 9 (_ _)
In srfi/srfi-1.scm:
586:29 8 (map1 (#<<service> type: #<service-type firmware 7f4…> …))
586:29 7 (map1 (#<<service> type: #<service-type linux-bare-m…> …))
586:17 6 (map1 (#<<service> type: #<service-type privileged-p…> …))
In gnu/services.scm:
897:9 5 (privileged-program->activation-gexp _)
In srfi/srfi-1.scm:
586:29 4 (map1 (#<<privileged-program> program: #<file-append…> …))
586:17 3 (map1 ((#<<privileged-program> program: #<file-ap…> …) …))
In gnu/services.scm:
899:36 2 (_ (#<<privileged-program> program: #<file-append #<…> …))
In ice-9/boot-9.scm:
1685:16 1 (raise-exception _ #:continuable? _)
1685:16 0 (raise-exception _ #:continuable? _)
ice-9/boot-9.scm:1685:16: In procedure raise-exception:
In procedure struct-vtable: Wrong type argument in position 1 (expecting
struct): (#<<privileged-program> program: #<file-append #<package shadow@4.13
gnu/packages/admin.scm:1021 7f4980b0c160> "/bin/passwd"> setuid?: #t setgid?:
#f user: 0 group: 0 capabilities: #f> #<<privileged-program> program:
#<file-append #<package shadow@4.13 gnu/packages/admin.scm:1021 7f4980b0c160>
"/bin/chfn"> setuid?: #t setgid?: #f user: 0 group: 0 capabilities: #f>
#<<privileged-program> program: #<file-append #<package shadow@4.13
gnu/packages/admin.scm:1021 7f4980b0c160> "/bin/sg"> setuid?: #t setgid?: #f
user: 0 group: 0 capabilities: #f> #<<privileged-program> program:
#<file-append #<package shadow@4.13 gnu/packages/admin.scm:1021 7f4980b0c160>
"/bin/su"> setuid?: #t setgid?: #f user: 0 group: 0 capabilities: #f>
#<<privileged-program> program: #<file-append #<package shadow@4.13
gnu/packages/admin.scm:1021 7f4980b0c160> "/bin/newgrp"> setuid?: #t setgid?:
#f user: 0 group: 0 capabilities: #f> #<<privileged-program> program:
#<file-append #<package shadow@4.13 gnu/packages/admin.scm:1021 7f4980b0c160>
"/bin/newuidmap"> setuid?: #t setgid?: #f user: 0 group: 0 capabilities: #f>
#<<privileged-program> program: #<file-append #<package shadow@4.13
gnu/packages/admin.scm:1021 7f4980b0c160> "/bin/newgidmap"> setuid?: #t
setgid?: #f user: 0 group: 0 capabilities: #f> #<<privileged-program> program:
#<file-append #<package inetutils@2.5 gnu/packages/admin.scm:961 7f4980b0c210>
"/bin/ping"> setuid?: #t setgid?: #f user: 0 group: 0 capabilities: #f>
#<<privileged-program> program: #<file-append #<package inetutils@2.5
gnu/packages/admin.scm:961 7f4980b0c210> "/bin/ping6"> setuid?: #t setgid?: #f
user: 0 group: 0 capabilities: #f> #<<privileged-program> program:
#<file-append #<package sudo@1.9.16 gnu/packages/admin.scm:2038 7f4980b0f420>
"/bin/sudo"> setuid?: #t setgid?: #f user: 0 group: 0 capabilities: #f>
#<<privileged-program> program: #<file-append #<package sudo@1.9.16
gnu/packages/admin.scm:2038 7f4980b0f420> "/bin/sudoedit"> setuid?: #t setgid?:
#f user: 0 group: 0 capabilities: #f> #<<privileged-program> program:
#<file-append #<package fuse@2.9.9 gnu/packages/linux.scm:3915 7f498082c210>
"/bin/fusermount"> setuid?: #t setgid?: #f user: 0 group: 0 capabilities: #f>
#<<privileged-program> program: #<file-append #<package fuse@3.10.5
gnu/packages/linux.scm:3842 7f498082c2c0> "/bin/fusermount3"> setuid?: #t
setgid?: #f user: 0 group: 0 capabilities: #f> #<<privileged-program> program:
#<file-append #<package util-linux@2.37.4 gnu/packages/linux.scm:2213
7f498082adc0> "/bin/mount"> setuid?: #t setgid?: #f user: 0 group: 0
capabilities: #f> #<<privileged-program> program: #<file-append #<package
util-linux@2.37.4 gnu/packages/linux.scm:2213 7f498082adc0> "/bin/umount">
setuid?: #t setgid?: #f user: 0 group: 0 capabilities: #f>)
--8<---------------cut here---------------end--------------->8---
Any hint please?
Happy hacking! Gio'
[1] this is the diff:
--8<---------------cut here---------------start------------->8---
- (setuid-programs
- (append (list (setuid-program
- (program (file-append spice-gtk
"/libexec/spice-client-glib-usb-acl-helper"))))
- %setuid-programs))
+ (privileged-programs
+ (append (list (privileged-program
+ (program (file-append spice-gtk
"/libexec/spice-client-glib-usb-acl-helper"))
+ (setuid? #t))
+ %default-privileged-programs)))
--8<---------------cut here---------------end--------------->8---
--
Giovanni Biscuolo
Xelera IT Infrastructures
signature.asc
Description: PGP signature
