Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

opensnitch: fix daemon cant find iptables in PATH #150023

Merged
merged 2 commits into from
Dec 10, 2021
Merged

opensnitch: fix daemon cant find iptables in PATH #150023

merged 2 commits into from
Dec 10, 2021

Conversation

onny
Copy link
Contributor

@onny onny commented Dec 10, 2021

Motivation for this change

This PR fixes Opensnitch daemon which couldn't find iptables in PATH before.

Marked as draft since I'll need it to test more.

Things done
  • Built on platform(s)
    • x86_64-linux
    • aarch64-linux
    • x86_64-darwin
    • aarch64-darwin
  • For non-Linux: Is sandbox = true set in nix.conf? (See Nix manual)
  • Tested, as applicable:
  • Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
  • Tested basic functionality of all binary files (usually in ./result/bin/)
  • 22.05 Release Notes (or backporting 21.11 Release notes)
    • (Package updates) Added a release notes entry if the change is major or breaking
    • (Module updates) Added a release notes entry if the change is significant
    • (Module addition) Added a release notes entry if adding a new NixOS module
    • (Release notes changes) Ran nixos/doc/manual/md-to-db.sh to update generated release notes
  • Fits CONTRIBUTING.md.

@onny onny marked this pull request as draft December 10, 2021 09:48
@onny onny changed the title [DRAFT] opensnitch: fix daemon cant find iptables in PATH opensnitch: fix daemon cant find iptables in PATH Dec 10, 2021
@onny onny marked this pull request as ready for review December 10, 2021 10:17
@ofborg ofborg bot requested review from kalbasit and raboof December 10, 2021 10:18
@ofborg ofborg bot added 10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 10.rebuild-linux: 1 labels Dec 10, 2021
Mic92
Mic92 reviewed Dec 10, 2021
View reviewed changes
pkgs/tools/networking/opensnitch/daemon.nix

nativeBuildInputs = [ pkg-config makeWrapper ];

buildInputs = [ libnetfilter_queue libnfnetlink ];
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

And those libraries also work with our nftables-based firewall?

Copy link
Contributor Author

@onny onny Dec 10, 2021
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested it in a VM with nixos-shell and on my system and applications are blocked until explicitly allowed, so it seems to work :)

@Mic92 Mic92 merged commit 80d0164 into NixOS:master Dec 10, 2021
@syberant syberant mentioned this pull request Dec 10, 2021
Closed
@github-actions github-actions bot mentioned this pull request Dec 16, 2021
Merged
1 task
@github-actions
Copy link
Contributor

Successfully created backport PR #150984 for release-21.11.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Mic92 Mic92 Mic92 left review comments

@kalbasit kalbasit Awaiting requested review from kalbasit

@raboof raboof Awaiting requested review from raboof

Assignees
No one assigned
Labels
10.rebuild-darwin: 0 This PR does not cause any packages to rebuild on Darwin 10.rebuild-linux: 1-10 10.rebuild-linux: 1
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@onny @Mic92 @Artturin