summaryrefslogtreecommitdiffstats
path: root/krebs/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/2configs')
-rw-r--r--krebs/2configs/default.nix1
-rw-r--r--krebs/2configs/security-workarounds.nix6
2 files changed, 7 insertions, 0 deletions
diff --git a/krebs/2configs/default.nix b/krebs/2configs/default.nix
index 9200d41fe..38d770316 100644
--- a/krebs/2configs/default.nix
+++ b/krebs/2configs/default.nix
@@ -4,6 +4,7 @@ with import <stockholm/lib>;
{
imports = [
./backup.nix
+ ./security-workarounds.nix
];
krebs.announce-activation.enable = true;
krebs.enable = true;
diff --git a/krebs/2configs/security-workarounds.nix b/krebs/2configs/security-workarounds.nix
new file mode 100644
index 000000000..27d1f8485
--- /dev/null
+++ b/krebs/2configs/security-workarounds.nix
@@ -0,0 +1,6 @@
+{ config, lib, pkgs, ... }:
+with import <stockholm/lib>;
+{
+ # https://github.com/berdav/CVE-2021-4034
+ security.wrappers.pkexec.source = lib.mkForce (pkgs.writeText "pkexec" "");
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-11 13:02:48 +0000