diff options
Diffstat (limited to 'nix/libstore')
| -rw-r--r-- | nix/libstore/build.cc | 34 | ||||
| -rw-r--r-- | nix/libstore/globals.hh | 6 | ||||
| -rw-r--r-- | nix/libstore/optimise-store.cc | 4 |
3 files changed, 36 insertions, 8 deletions
diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc index 889ee3d2bd..38048ceebc 100644 --- a/nix/libstore/build.cc +++ b/nix/libstore/build.cc @@ -1680,7 +1680,11 @@ void DerivationGoal::startBuilder() % drv.platform % settings.thisSystem % drvPath); } - useChroot = settings.useChroot; + /* Note: built-in builders are *not* running in a chroot environment so + that we can easily implement them in Guile without having it as a + derivation input (they are running under a separate build user, + though). */ + useChroot = settings.useChroot && !isBuiltin(drv); /* Construct the environment passed to the builder. */ env.clear(); @@ -2048,12 +2052,7 @@ void DerivationGoal::runChild() commonChildInit(builderOut); #if CHROOT_ENABLED - /* Note: built-in builders are *not* running in a chroot environment - so that we can easily implement them in Guile without having it as - a derivation input (they are running under a separate build user, - though). */ - - if (useChroot && !isBuiltin(drv)) { + if (useChroot) { /* Initialise the loopback interface. */ AutoCloseFD fd(socket(PF_INET, SOCK_DGRAM, IPPROTO_IP)); if (fd == -1) throw SysError("cannot open IP socket"); @@ -2631,6 +2630,21 @@ void DerivationGoal::closeLogFile() } +static void _chown(const Path & path, uid_t uid, gid_t gid) +{ + checkInterrupt(); + + if (lchown(path.c_str(), uid, gid) == -1) { + throw SysError(format("change owner and group of `%1%'") % path); + } + struct stat st = lstat(path); + if (S_ISDIR(st.st_mode)) { + for (auto & i : readDirectory(path)) + _chown(path + "/" + i.name, uid, gid); + } +} + + void DerivationGoal::deleteTmpDir(bool force) { if (tmpDir != "") { @@ -2639,6 +2653,12 @@ void DerivationGoal::deleteTmpDir(bool force) format("note: keeping build directory `%2%'") % drvPath % tmpDir); chmod(tmpDir.c_str(), 0755); + // Change the ownership if clientUid is set. Never change the + // ownership or the group to "root" for security reasons. + if (settings.clientUid != (uid_t) -1 && settings.clientUid != 0) { + _chown(tmpDir, settings.clientUid, + settings.clientGid != 0 ? settings.clientGid : -1); + } } else deletePath(tmpDir); diff --git a/nix/libstore/globals.hh b/nix/libstore/globals.hh index 8c07e360f2..7beb1a55ca 100644 --- a/nix/libstore/globals.hh +++ b/nix/libstore/globals.hh @@ -70,6 +70,12 @@ struct Settings { subgoal of the same goal) fails. */ bool keepGoing; + /* User and groud id of the client issuing the build request. Used to set + the owner and group of the kept temporary directories of failed + builds. */ + uid_t clientUid; + gid_t clientGid; + /* Whether, if we cannot realise the known closure corresponding to a derivation, we should try to normalise the derivation instead. */ diff --git a/nix/libstore/optimise-store.cc b/nix/libstore/optimise-store.cc index 565c62ca83..9bed371c70 100644 --- a/nix/libstore/optimise-store.cc +++ b/nix/libstore/optimise-store.cc @@ -5,6 +5,7 @@ #include "globals.hh" #include <cstdlib> +#include <cstring> #include <sys/types.h> #include <sys/stat.h> #include <unistd.h> @@ -159,7 +160,8 @@ void LocalStore::optimisePath_(OptimiseStats & stats, const Path & path, InodeHa /* On ext4, that probably means the directory index is full. When that happens, it's fine to ignore it: we just effectively disable deduplication of this file. */ - printMsg(lvlInfo, format("cannot link `%1%' to `%2%': %m") % linkPath % path); + printMsg(lvlInfo, format("cannot link `%1%' to `%2%': %3%") + % linkPath % path % strerror(ENOSPC)); return; default: |