Merge remote-tracking branch 'cd/master'

author: makefu <github@syntax-fehler.de> 2016-06-02 11:17:24 +0200
committer: makefu <github@syntax-fehler.de> 2016-06-02 11:17:24 +0200
commit: 29cdc9994c90d5280543cd0628384dbf032ad15d (patch)
tree: 1283849d5caa27662cfb977dd4516cd887d02fcd /tv/5pkgs
parent: 4f28d9a306c2989304b52889c07e22992e40da0b (diff)
parent: 8ec65b04dc5010f910bf67f1db8a78bd844202b0 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/tv/5pkgs/ff/default.nix b/tv/5pkgs/ff/default.nix
index 2db404030..b1d2c579a 100644
--- a/tv/5pkgs/ff/default.nix
+++ b/tv/5pkgs/ff/default.nix
@@ -1,8 +1,12 @@
 { pkgs, ... }:
 
-pkgs.writeScriptBin "ff" ''
- #! ${pkgs.bash}/bin/bash
- exec sudo -u ff -i <<EOF
+# TODO use krebs.setuid
+# This requires that we can create setuid executables that can only be accessed
+# by a single user. [per-user-setuid]
+
+# using bash for %q
+pkgs.writeBashBin "ff" ''
+ exec /var/setuid-wrappers/sudo -u ff -i <<EOF
  exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
  EOF
 ''
author	makefu <github@syntax-fehler.de>	2016-06-02 11:17:24 +0200
committer	makefu <github@syntax-fehler.de>	2016-06-02 11:17:24 +0200
commit	29cdc9994c90d5280543cd0628384dbf032ad15d (patch)
tree	1283849d5caa27662cfb977dd4516cd887d02fcd /tv/5pkgs
parent	4f28d9a306c2989304b52889c07e22992e40da0b (diff)
parent	8ec65b04dc5010f910bf67f1db8a78bd844202b0 (diff)