From 2d9c9415a2695d5f1e4abb657b57e510b1c74d54 Mon Sep 17 00:00:00 2001
From: Yves Dubromelle <root@phenom.dubronetwork.fr>
Date: Sat, 25 Feb 2017 15:13:07 +0100
Subject: [PATCH] setuid: mtr

---
 public/app-network.nix | 7 ++++++-
 public/environment.nix | 4 ----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/public/app-network.nix b/public/app-network.nix
index 30c2cdc..f52c5e0 100644
--- a/public/app-network.nix
+++ b/public/app-network.nix
@@ -21,11 +21,16 @@ mkIf true {
     ## Diagnostic
     arp-scan
     nmap          # outil de scan de port réseau
-    mtr           # outil de diagnostic réseau
     #wireshark
     whois
   ];
 
+  # Paquets avec setuid root
+  security.wrappers = {
+    # outil de diagnostic réseau
+    mtr.source = "${pkgs.mtr}/bin/mtr";
+  };
+
   networking.firewall = {
     allowedTCPPorts = [
       5201 # iperf
diff --git a/public/environment.nix b/public/environment.nix
index 9825c5a..00ed6c5 100644
--- a/public/environment.nix
+++ b/public/environment.nix
@@ -72,10 +72,6 @@ in
     };
     etc.gitconfig.text = builtins.readFile ./gitconfig;
   };
-  # programmes qui n'ont pas besoin de sudo pour fonctionner
-  security.setuidPrograms = [
-    "mtr"
-  ];
   programs.bash = {
     enableCompletion = true;
     promptInit = builtins.readFile ./bash-prompt.sh;