Skip to content

Commit 3106e48

Browse files
authored
dhcpcd: bring back enablePrivSep option, nixos/release-notes: remove duplicate note (#347578)
2 parents 6035854 + fb28bba commit 3106e48

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

nixos/doc/manual/release-notes/rl-2411.section.md

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -615,8 +615,6 @@
615615

616616
- `nixosTests` now provide a working IPv6 setup for VLAN 1 by default.
617617

618-
- `services.dhcpcd` is now started with additional systemd sandbox/hardening options for better security. When using `networking.dhcpcd.runHook` these settings are not applied.
619-
620618
- Kanidm can now be provisioned using the new [`services.kanidm.provision`] option, but requires using a patched version available via `pkgs.kanidm.withSecretProvisioning`.
621619

622620
- Kanidm previously had an incorrect systemd service type, causing dependent units with an `after` and `requires` directive to start before `kanidm*` finished startup. The module has now been updated in line with upstream recommendations.

pkgs/tools/networking/dhcpcd/default.nix

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
, runtimeShellPackage
88
, runtimeShell
99
, nixosTests
10+
, enablePrivSep ? false
1011
}:
1112

1213
stdenv.mkDerivation rec {
@@ -39,7 +40,8 @@ stdenv.mkDerivation rec {
3940
"--localstatedir=/var"
4041
"--disable-privsep"
4142
"--dbdir=/var/lib/dhcpcd"
42-
];
43+
(lib.enableFeature enablePrivSep "privsep")
44+
] ++ lib.optional enablePrivSep "--privsepuser=dhcpcd";
4345

4446
makeFlags = [ "PREFIX=${placeholder "out"}" ];
4547

0 commit comments

Comments
 (0)