NixOS/nix
NixOS/nix
1
0
Fork 0
mirror of https://github.com/NixOS/nix synced 2024-09-19 10:50:24 -04:00
Code Activity
nix/tests
History
Théophane Hufschmitt 1d3696f0fb Run the builds in a daemon-controled directory 
Instead of running the builds under
`$TMPDIR/{unique-build-directory-owned-by-the-build-user}`, run them
under `$TMPDIR/{unique-build-directory-owned-by-the-daemon}/{subdir-owned-by-the-build-user}`
where the build directory is only readable and traversable by the daemon user.

This achieves two things:

1. It prevents builders from making their build directory world-readable
   (or even writeable), which would allow the outside world to interact
   with them.
2. It prevents external processes running as the build user (either
   because that somehow leaked, maybe as a consequence of 1., or because
   `build-users` isn't in use) from gaining access to the build
   directory.
2024-06-21 17:06:19 +02:00
..
functional Run the builds in a daemon-controled directory 2024-06-21 17:06:19 +02:00
installer tests: test with conflicting profile links 2023-12-30 06:24:06 +00:00
nixos Run the builds in a daemon-controled directory 2024-06-21 17:06:19 +02:00
unit WIP add testresults output 2024-06-16 16:34:54 +02:00
repl-completion.nix Add repl completion test 2024-05-27 09:58:49 +02:00