diff options
author | lassulus <git@lassul.us> | 2023-11-03 18:03:49 +0100 |
---|---|---|
committer | lassulus <git@lassul.us> | 2023-11-03 18:03:49 +0100 |
commit | 4fd1aaaf8d1f4656f02d7868dcd6e7b297bb5cfe (patch) | |
tree | eb473e33f84362bba573e00f0ed3dd330cb6c2bb /krebs/3modules/exim.nix | |
parent | 8fc693cae24b063f955e99e101c3508584f616b5 (diff) |
exim: use upstream security wrappers
Diffstat (limited to 'krebs/3modules/exim.nix')
-rw-r--r-- | krebs/3modules/exim.nix | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 917a8e5a4..583fd07b1 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -50,14 +50,18 @@ in { ''; systemPackages = [ pkgs.exim ]; }; - krebs.setuid = { + security.wrappers = { exim = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; + source = "${pkgs.exim}/bin/exim"; + owner = "root"; + group = "root"; + setuid = true; }; sendmail = { - filename = "${pkgs.exim}/bin/exim"; - mode = "4111"; + source = "${pkgs.exim}/bin/exim"; + owner = "root"; + group = "root"; + setuid = true; }; }; systemd.services.exim = { |