summaryrefslogtreecommitdiffstats
path: root/tv/5pkgs/ff/default.nix
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2016-06-02 11:17:24 +0200
committermakefu <github@syntax-fehler.de>2016-06-02 11:17:24 +0200
commit29cdc9994c90d5280543cd0628384dbf032ad15d (patch)
tree1283849d5caa27662cfb977dd4516cd887d02fcd /tv/5pkgs/ff/default.nix
parent4f28d9a306c2989304b52889c07e22992e40da0b (diff)
parent8ec65b04dc5010f910bf67f1db8a78bd844202b0 (diff)
Merge remote-tracking branch 'cd/master'
Diffstat (limited to 'tv/5pkgs/ff/default.nix')
-rw-r--r--tv/5pkgs/ff/default.nix10
1 files changed, 7 insertions, 3 deletions
diff --git a/tv/5pkgs/ff/default.nix b/tv/5pkgs/ff/default.nix
index 2db404030..b1d2c579a 100644
--- a/tv/5pkgs/ff/default.nix
+++ b/tv/5pkgs/ff/default.nix
@@ -1,8 +1,12 @@
{ pkgs, ... }:
-pkgs.writeScriptBin "ff" ''
- #! ${pkgs.bash}/bin/bash
- exec sudo -u ff -i <<EOF
+# TODO use krebs.setuid
+# This requires that we can create setuid executables that can only be accessed
+# by a single user. [per-user-setuid]
+
+# using bash for %q
+pkgs.writeBashBin "ff" ''
+ exec /var/setuid-wrappers/sudo -u ff -i <<EOF
exec ${pkgs.firefoxWrapper}/bin/firefox $(printf " %q" "$@")
EOF
''