nixos/terminfo: inherit TERMINFO* env vars also for doas

This should mirror the behavior we implement for sudo: The TERMINFO and TERMINFO_DIRS variables are inherited from the normal user's environment, so terminfo files installed in the user's profile can be found by ncurses applications running as root.
3 years ago · d14ae62671
parent 0f41094088
commit d14ae62671
2 changed files with 9 additions and 1 deletions
--- a/nixos/modules/security/doas.nix
+++ b/nixos/modules/security/doas.nix
@ -15,7 +15,7 @@ let
    (optionalString rule.noLog "nolog")
    (optionalString rule.persist "persist")
    (optionalString rule.keepEnv "keepenv")
-    "setenv { SSH_AUTH_SOCK ${concatStringsSep " " rule.setEnv} }"
+    "setenv { SSH_AUTH_SOCK TERMINFO TERMINFO_DIRS ${concatStringsSep " " rule.setEnv} }"
  ];

  mkArgs = rule:
--- a/nixos/tests/doas.nix
+++ b/nixos/tests/doas.nix
@ -85,6 +85,14 @@ import ./make-test-python.nix (
      # ../../pkgs/tools/security/doas/0001-add-NixOS-specific-dirs-to-safe-PATH.patch
      with subtest("recursive calls to doas from subprocesses should succeed"):
          machine.succeed('doas -u test0 sh -c "doas -u test0 true"')
+
+      with subtest("test0 should inherit TERMINFO_DIRS from the user environment"):
+          dirs = machine.succeed(
+               "su - test0 -c 'doas -u root $SHELL -c \"echo \$TERMINFO_DIRS\"'"
+          )
+
+          if not "test0" in dirs:
+             raise Exception(f"user profile TERMINFO_DIRS is not preserved: {dirs}")
    '';
  }
 )