-
-
Notifications
You must be signed in to change notification settings - Fork 13.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/qgroundcontrol: fix qgroundcontrol module #336183
base: master
Are you sure you want to change the base?
Conversation
This pull request has been mentioned on NixOS Discourse. There might be relevant details there: https://discourse.nixos.org/t/prs-ready-for-review/3032/4485 |
3fdc694
to
f996f99
Compare
f996f99
to
af09b76
Compare
Rebased to fix merge conflict. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I lack the knowledge to verify if the c code in securitywrap has any major/glaring issues, so I am not going to approve this PR but from the nix side it looks fine to me.
af09b76
to
63f73b5
Compare
Moving to draft temporarily to test new changes to securitywrap. |
Apparently glibc was recently updated. See you in however long it takes to upgrade my system! |
Re-tested; works |
I'm not entirely a fan of this homegrown wrapper stuff. @NixOS/security wdyt? |
Would you prefer if I moved it in-tree? |
Also not a big fan of having something called In this case do we need it? From a quick glance Maybe it would be preferable to document the possible solutions and let the end users do the choice that best fit their needs. Most likely it is either going to be:
|
Was planning on also using it to address some of the bubblewrap related FHSenv issues. I'd like the option to be there if a user chooses to enable it (for example, if it's being run on a workstation with lots of users that are expected to run qgc but don't need full dialout) although I equally understand why a user might not want to have qgroundcontrol run as dialout. I'll change that option to be default false, if it isn't already, and split the PR into a fix and the securitywrap-enhanced fix + some related fhsenv fixes if I can get them working. |
e990c27
to
765c9bf
Compare
Removed the securitywrap stuff. |
Description of changes
As it turns out, there were a couple issues with the module I made that for some reason I wasn't able to find. This PR fixes those issues.
Things done
nix.conf
? (See Nix manual)sandbox = relaxed
sandbox = true
nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD"
. Note: all changes have to be committed, also see nixpkgs-review usage./result/bin/
)Add a 👍 reaction to pull requests you find important.