services: Warn about unprivileged privileged-programs.

* gnu/services.scm (privileged-program->activation-gexp): Warn when a
privileged-program appears to lack all possible privilege.

Change-Id: I68ed8cb2cff88b11b090cf99a2cc7d6264b888e0

gnu/services.scm

@@ -893,17 +893,20 @@ FILES must be a list of name/file-like object pairs."
 
 (define (privileged-program->activation-gexp programs)
   "Return an activation gexp for privileged-program from PROGRAMS."
-  (let ((programs (map (lambda (program)
+  (let ((programs
-                         ;; FIXME This is really ugly, I didn't managed to use
+         (map (lambda (program)
-                         ;; "inherit"
+                ;; FIXME This is really ugly, I didn't manage to use "inherit".
                 (let ((program-name (privileged-program-program program))
                       (setuid?      (privileged-program-setuid? program))
                       (setgid?      (privileged-program-setgid? program))
                       (user         (privileged-program-user program))
                       (group        (privileged-program-group program))
                       (capabilities (privileged-program-capabilities program)))
-                           #~(privileged-program
+                  (unless (or setuid? setgid? capabilities)
-                              (setuid? #$setuid?)
+                    (warning
+                     (G_ "so-called privileged-program ~s lacks any privilege~%")
+                     program-name))
+                  #~(privileged-program (setuid? #$setuid?)
                                         (setgid? #$setgid?)
                                         (user    #$user)
                                         (group   #$group)