maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Clear supplementary groups of `nixbld' in /etc/passwd in chroots.

Browse source 
* src/libstore/build.cc (nix::DerivationGoal::startBuilder): Don't
  display any supplementary groups for `nixbld' in /etc/passwd.
This commit is contained in:
Ludovic Courtès 2010-03-11 10:21:23 +00:00
parent 05fbf61f0e
commit 2e8eaca573
1 changed files with 5 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

9
src/libstore/build.cc
View file

@ -1566,14 +1566,15 @@ void DerivationGoal::startBuilder()
createDirs(chrootTmpDir); createDirs(chrootTmpDir);
chmod(chrootTmpDir, 01777); chmod(chrootTmpDir, 01777);
/* Create a /etc/passwd with entries for the build user and /* Create a /etc/passwd with entries for the build user and the
the nobody account. The latter is kind of a hack to nobody account. The latter is kind of a hack to support
support Samba-in-QEMU. */ Samba-in-QEMU. For the sake of consistency with the setgroups(2)
call below, the build user has no supplementary groups. */
createDirs(chrootRootDir + "/etc"); createDirs(chrootRootDir + "/etc");
writeFile(chrootRootDir + "/etc/passwd", writeFile(chrootRootDir + "/etc/passwd",
(format( (format(
"nixbld:x:%1%:65534:Nix build user:/:/noshell\n" "nixbld:x:%1%:%1%:Nix build user:/:/noshell\n"
"nobody:x:65534:65534:Nobody:/:/noshell\n") "nobody:x:65534:65534:Nobody:/:/noshell\n")
% (buildUser.enabled() ? buildUser.getUID() : getuid())).str()); % (buildUser.enabled() ? buildUser.getUID() : getuid())).str());