nixos/wireless: restrict chown /etc/wpa_supplicant scope

Otherwise the recursive chown can fail, hence wpa_supplicant doesn't start, if some read-only file has been bind-mounted into /etc/wpa_supplicant. This can happen if one uses `extraConfigFile` to add a file that is under /etc/wpa_supplicant.
2026-06-05 21:03:40 +00:00 · 2026-06-02 15:14:17 +02:00
parent dd5da3c1ae
commit 197a055a02
1 changed files with 2 additions and 1 deletions
--- a/nixos/modules/services/networking/wpa_supplicant.nix
+++ b/nixos/modules/services/networking/wpa_supplicant.nix
@@ -123,7 +123,8 @@ let
            # set up imperative config file
            "+${pkgs.coreutils}/bin/touch /etc/wpa_supplicant/imperative.conf"
            "+${pkgs.coreutils}/bin/chmod 664 /etc/wpa_supplicant/imperative.conf"
-            "+${pkgs.coreutils}/bin/chown -R wpa_supplicant:wpa_supplicant /etc/wpa_supplicant"
+            "+${pkgs.coreutils}/bin/chown wpa_supplicant:wpa_supplicant /etc/wpa_supplicant"
+            "+${pkgs.coreutils}/bin/chown wpa_supplicant:wpa_supplicant /etc/wpa_supplicant/imperative.conf"
          ]
          ++ lib.optionals cfg.userControlled [
            # set up client sockets directory