linux-pam: make it use SUID wrapped version of unix_ckpwd

NixOS · Jan 27, 2022 · ffdadd3 · ffdadd3
1 parent b32ed60
commit ffdadd3
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/pkgs/os-specific/linux/pam/default.nix b/pkgs/os-specific/linux/pam/default.nix
@@ -12,6 +12,8 @@ stdenv.mkDerivation rec {
     sha256 = "sha256-IB1AcwsRNbGzzeoJ8sKKxjTXMYHM0Bcs7d7jZJxXkvw=";
   };
 
+  patches = [ ./suid-wrapper-path.patch ];
+
   outputs = [ "out" "doc" "man" /* "modules" */ ];
 
   depsBuildBuild = [ buildPackages.stdenv.cc ];

diff --git a/pkgs/os-specific/linux/pam/suid-wrapper-path.patch b/pkgs/os-specific/linux/pam/suid-wrapper-path.patch
@@ -0,0 +1,6 @@
+It needs the SUID version during runtime, and that can't be in /nix/store/**
+--- a/modules/pam_unix/Makefile.in
++++ b/modules/pam_unix/Makefile.in
+@@ -651 +651 @@
+-	-DCHKPWD_HELPER=\"$(sbindir)/unix_chkpwd\" \
++	-DCHKPWD_HELPER=\"/run/wrappers/bin/unix_chkpwd\" \