services: Use system groups where applicable.

* gnu/services/avahi.scm (avahi-service): Add 'system?' field to
  'user-group' form.
* gnu/services/base.scm (guix-service): Likewise.
* gnu/services/dbus.scm (dbus-service): Likewise.
* gnu/services/networking.scm (tor-service): Likewise.
This commit is contained in:
Ludovic Courtès 2014-07-25 00:15:46 +02:00
parent c8fa34265d
commit 417175096a
4 changed files with 7 additions and 3 deletions

View File

@ -96,7 +96,8 @@ sockets."
(mkdir-p "/var/run/avahi-daemon"))) (mkdir-p "/var/run/avahi-daemon")))
(user-groups (list (user-group (user-groups (list (user-group
(name "avahi")))) (name "avahi")
(system? #t))))
(user-accounts (list (user-account (user-accounts (list (user-account
(name "avahi") (name "avahi")
(group "avahi") (group "avahi")

View File

@ -472,6 +472,7 @@ passed to @command{guix-daemon}."
(user-accounts accounts) (user-accounts accounts)
(user-groups (list (user-group (user-groups (list (user-group
(name builder-group) (name builder-group)
(system? #t)
;; Use a fixed GID so that we can create the ;; Use a fixed GID so that we can create the
;; store with the right owner. ;; store with the right owner.

View File

@ -86,7 +86,8 @@ and policy files. For example, to allow avahi-daemon to use the system bus,
(string-append "--config-file=" #$conf "/system.conf")))) (string-append "--config-file=" #$conf "/system.conf"))))
(stop #~(make-kill-destructor)) (stop #~(make-kill-destructor))
(user-groups (list (user-group (user-groups (list (user-group
(name "messagebus")))) (name "messagebus")
(system? #t))))
(user-accounts (list (user-account (user-accounts (list (user-account
(name "messagebus") (name "messagebus")
(group "messagebus") (group "messagebus")

View File

@ -107,7 +107,8 @@ policy) as the @code{tor} unprivileged user."
(stop #~(make-kill-destructor)) (stop #~(make-kill-destructor))
(user-groups (list (user-group (user-groups (list (user-group
(name "tor")))) (name "tor")
(system? #t))))
(user-accounts (list (user-account (user-accounts (list (user-account
(name "tor") (name "tor")
(group "tor") (group "tor")