nixpkgs/modules/programs/virtualbox.nix
Eelco Dolstra 010578d8a4 * Restrict VirtualBox to users in the vboxusers group.
The VirtualBox build in Nixpkgs is insecure because it uses the
  "--disable-hardened" flag, which disables some checks in the
  VirtualBox kernel module.  Since getting rid of that flag looks like
  too much work, it's better to ensure that only explicitly permitted
  users have access to VirtualBox.

* Drop the 666 permission on "sonypi" because it's not clear why that
  device should be world-writable.

svn path=/nixos/trunk/; revision=33301
2012-03-20 16:30:43 +00:00

20 lines
511 B
Nix

{ config, pkgs, ... }:
with pkgs.lib;
let virtualbox = config.boot.kernelPackages.virtualbox; in
{
boot.kernelModules = [ "vboxdrv" "vboxnetadp" "vboxnetflt" ];
boot.extraModulePackages = [ virtualbox ];
environment.systemPackages = [ virtualbox ];
users.extraGroups = singleton { name = "vboxusers"; };
services.udev.extraRules =
''
KERNEL=="vboxdrv", OWNER="root", GROUP="vboxusers", MODE="0660"
KERNEL=="vboxnetctl", OWNER="root", GROUP="root", MODE="0600"
'';
}