NixOS/nix
NixOS/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2024-09-19 10:50:24 -04:00
Code Activity

chmod later

Browse source
This commit is contained in:
Noam Yorav-Raphael 2024-09-09 19:08:11 +03:00
parent 89ace85071
commit d6fd7eee56
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/libstore/unix/build/local-derivation-goal.cc
View file

@ -771,9 +771,6 @@ void LocalDerivationGoal::startBuilder()
pathsInChroot.erase(worker.store.printStorePath(*i.second.second)); pathsInChroot.erase(worker.store.printStorePath(*i.second.second));
} }
// Make build root read-only, so `mkdir /homeless-shelter` would fail.
chmod_(chrootRootDir, 01555);
if (cgroup) { if (cgroup) {
if (mkdir(cgroup->c_str(), 0755) != 0) if (mkdir(cgroup->c_str(), 0755) != 0)
throw SysError("creating cgroup '%s'", *cgroup); throw SysError("creating cgroup '%s'", *cgroup);
@ -1973,6 +1970,9 @@ void LocalDerivationGoal::runChild()
if (rmdir("real-root") == -1) if (rmdir("real-root") == -1)
throw SysError("cannot remove real-root directory"); throw SysError("cannot remove real-root directory");
// Make build root read-only, so `mkdir /homeless-shelter` would fail.
chmod_(chrootRootDir, 01555);
/* Switch to the sandbox uid/gid in the user namespace, /* Switch to the sandbox uid/gid in the user namespace,
which corresponds to the build user or calling user in which corresponds to the build user or calling user in
the parent namespace. */ the parent namespace. */