NixOS/nix
NixOS/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2024-09-19 10:50:24 -04:00
Code Activity

Merge pull request #11206 from tie/getxattr-enotsup

Browse source 
libstore: return ENOTSUP for getxattr functions
This commit is contained in:
Eelco Dolstra 2024-07-29 14:00:36 +02:00 committed by GitHub
parent 3faa77bb82 1b47748e5a
commit 9e2bed7827
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/libstore/unix/build/local-derivation-goal.cc
View file

@ -1702,10 +1702,13 @@ void setupSeccomp()
throw SysError("unable to add seccomp rule"); throw SysError("unable to add seccomp rule");
} }
/* Prevent builders from creating EAs or ACLs. Not all filesystems /* Prevent builders from using EAs or ACLs. Not all filesystems
support these, and they're not allowed in the Nix store because support these, and they're not allowed in the Nix store because
they're not representable in the NAR serialisation. */ they're not representable in the NAR serialisation. */
if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOTSUP), SCMP_SYS(setxattr), 0) != 0 || if (seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOTSUP), SCMP_SYS(getxattr), 0) != 0 ||
seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOTSUP), SCMP_SYS(lgetxattr), 0) != 0 ||
seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOTSUP), SCMP_SYS(fgetxattr), 0) != 0 ||
seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOTSUP), SCMP_SYS(setxattr), 0) != 0 ||
seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOTSUP), SCMP_SYS(lsetxattr), 0) != 0 || seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOTSUP), SCMP_SYS(lsetxattr), 0) != 0 ||
seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOTSUP), SCMP_SYS(fsetxattr), 0) != 0) seccomp_rule_add(ctx, SCMP_ACT_ERRNO(ENOTSUP), SCMP_SYS(fsetxattr), 0) != 0)
throw SysError("unable to add seccomp rule"); throw SysError("unable to add seccomp rule");