Skip to content

Commit

Permalink
nixos/frr: make runtime directory world-readable
Browse files Browse the repository at this point in the history 
FRR intends for non-root users to connect to the VTY sockets if they
are members of the frrvty group, however this is not possible if
non-root/non-frr users cannot access the runtime directory. The
sockets used by the FRR daemons for internal IPC are also created in
the runtime directory, however these are created with appropriately
restrictive permissions to prevent interference.
  • Loading branch information
@sysvinit @osnyx
sysvinit authored and osnyx committed Dec 3, 2024
1 parent 46335fe commit ef29938
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion nixos/modules/services/networking/frr.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -220,7 +220,7 @@ in
'';
};

systemd.tmpfiles.rules = [ "d /run/frr 0750 frr frr -" ];
systemd.tmpfiles.rules = [ "d /run/frr 0755 frr frr -" ];

systemd.services.frr = {
description = "FRRouting";
Expand Down

0 comments on commit ef29938

Please sign in to comment.