Tobias Geerinckx-Rice
892f1b7273
services: Accept <inferior-package>s in lieu of <package>s.
...
* gnu/services/authentication.scm (fprintd-configuration)
(nslcd-configuration): Substitute file-like objects for package ones.
* gnu/services/cgit.scm (cgit-configuration, opaque-cgit-configuration):
Likewise.
* gnu/services/cups.scm (package-list?, cups-configuration): Likewise.
* gnu/services/dns.scm (verify-knot-configuration)
(ddclient-configuration): Likewise.
* gnu/services/docker.scm (docker-configuration): Likewise.
* gnu/services/file-sharing.scm (transmission-daemon-configuration): Likewise.
* gnu/services/getmail.scm (getmail-configuration): Likewise.
* gnu/services/mail.scm (dovecot-configuration)
(opaque-dovecot-configuration): Likewise.
* gnu/services/messaging.scm (prosody-configuration)
(opaque-prosody-configuration): Likewise.
* gnu/services/monitoring.scm (zabbix-server-configuration)
(zabbix-agent-configuration): Likewise.
* gnu/services/networking.scm (opendht-configuration): Likewise.
* gnu/services/pm.scm (tlp-configuration): Likewise.
* gnu/services/telephony.scm (jami-configuration): Likewise.
* gnu/services/virtualization.scm (libvirt-configuration)
(qemu-guest-agent-configuration): Likewise.
* gnu/services/vpn.scm (openvpn-client-configuration): Likewise.
2021-11-30 01:08:55 +01:00
Maxime Devos
520bac7ed0
services: Prevent following symlinks during activation.
...
This addresses a potential security issue, where a compromised
service could trick the activation code in changing the permissions,
owner and group of arbitrary files. However, this patch is
currently only a partial fix, due to a TOCTTOU (time-of-check to
time-of-use) race, which can be fixed once guile has bindings
to openat and friends.
Fixes: <https://lists.gnu.org/archive/html/guix-devel/2021-01/msg00388.html >
* gnu/build/activation.scm: new procedure 'mkdir-p/perms'.
* gnu/services/authentication.scm
(%nslcd-activation, nslcd-service-type): use new procedure.
* gnu/services/cups.scm (%cups-activation): likewise.
* gnu/services/dbus.scm (dbus-activation): likewise.
* gnu/services/dns.scm (knot-activation): likewise.
Signed-off-by: Ludovic Courtès <ludo@gnu.org>
2021-03-10 18:01:47 +01:00
Ricardo Wurmus
c16423f143
services: Add nslcd-service-type.
...
* gnu/services/authentication.scm (nslcd-service-type, nslcd-configuration,
%nslcd-accounts): New variables.
(uglify-field-name, value->string, serialize-field, serialize-list,
ssl-option?, tls-reqcert-option?, deref-option?,
comma-separated-list-of-strings?, serialize-ignore-users-option, log-option?,
serialize-log-option, valid-map?, scope-option?, serialize-scope-option,
map-entry?, list-of-map-entries?, filter-entry?, list-of-filter-entries?,
serialize-filter-entry, serialize-list-of-filter-entries, serialize-map-entry,
serialize-list-of-map-entries, nslcd-config-file, nslcd-etc-service,
nslcd-shepherd-service, pam-ldap-pam-services, pam-ldap-pam-service,
generate-nslcd-documentation): New procedures.
* gnu/tests/ldap.scm: New file.
* gnu/local.mk (GNU_SYSTEM_MODULES): Add it.
* doc/guix.texi (LDAP Services): Document it.
2019-03-20 20:31:15 +01:00