* In the garbage collector, if deleting a path fails, try to fix its
ownership, then try again.
This commit is contained in:
Eelco Dolstra
parent
a0a43c3206
commit
ec23ecc64d
3 changed files with 31 additions and 6 deletions
|
|
@ -452,12 +452,18 @@ void UserLock::release()
|
|||
}
|
||||
|
||||
|
||||
static bool amPrivileged()
|
||||
bool amPrivileged()
|
||||
{
|
||||
return geteuid() == 0;
|
||||
}
|
||||
|
||||
|
||||
bool haveBuildUsers()
|
||||
{
|
||||
return querySetting("build-users-group", "") != "";
|
||||
}
|
||||
|
||||
|
||||
static void killUserWrapped(uid_t uid)
|
||||
{
|
||||
if (amPrivileged())
|
||||
|
|
@ -468,7 +474,7 @@ static void killUserWrapped(uid_t uid)
|
|||
}
|
||||
|
||||
|
||||
static void getOwnership(const Path & path)
|
||||
void getOwnership(const Path & path)
|
||||
{
|
||||
string program = nixLibexecDir + "/nix-setuid-helper";
|
||||
|
||||
|
|
@ -513,8 +519,7 @@ static void deletePathWrapped(const Path & path)
|
|||
/* When using build users and we're not root, we may not have
|
||||
sufficient permission to delete the path. So use the setuid
|
||||
helper to change ownership to us. */
|
||||
if (querySetting("build-users-group", "") != ""
|
||||
|| !amPrivileged())
|
||||
if (haveBuildUsers() && !amPrivileged())
|
||||
getOwnership(path);
|
||||
deletePath(path);
|
||||
}
|
||||
|
|
@ -1320,7 +1325,7 @@ void DerivationGoal::startBuilder()
|
|||
|
||||
/* If `build-users-group' is not empty, then we have to build as
|
||||
one of the members of that group. */
|
||||
if (querySetting("build-users-group", "") != "") {
|
||||
if (haveBuildUsers()) {
|
||||
buildUser.acquire();
|
||||
assert(buildUser.getUID() != 0);
|
||||
assert(buildUser.getGID() != 0);
|
||||
|
|
|
|||
|
|
@ -710,7 +710,18 @@ void deleteFromStore(const Path & _path, unsigned long long & bytesFreed)
|
|||
}
|
||||
txn.commit();
|
||||
|
||||
try {
|
||||
/* First try to delete it ourselves. */
|
||||
deletePath(path, bytesFreed);
|
||||
} catch (SysError & e) {
|
||||
/* If this failed due to a permission error, then try it with
|
||||
the setuid helper. */
|
||||
if (haveBuildUsers() && !amPrivileged()) {
|
||||
getOwnership(path);
|
||||
deletePath(path, bytesFreed);
|
||||
} else
|
||||
throw;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -139,6 +139,15 @@ void deleteFromStore(const Path & path, unsigned long long & bytesFreed);
|
|||
|
||||
void verifyStore(bool checkContents);
|
||||
|
||||
/* Whether we are in build users mode. */
|
||||
bool haveBuildUsers();
|
||||
|
||||
/* Whether we are root. */
|
||||
bool amPrivileged();
|
||||
|
||||
/* Recursively change the ownership of `path' to the current uid. */
|
||||
void getOwnership(const Path & path);
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue