mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-22 14:06:16 +02:00
Merge pull request #7557 from NixOS/fix-7529
On macOS with auto-uid-allocation and sandboxing, use the correct gid
This commit is contained in:
commit
420ccecc1e
2 changed files with 9 additions and 5 deletions
|
@ -123,8 +123,12 @@ struct AutoUserLock : UserLock
|
||||||
|
|
||||||
std::vector<gid_t> getSupplementaryGIDs() override { return {}; }
|
std::vector<gid_t> getSupplementaryGIDs() override { return {}; }
|
||||||
|
|
||||||
static std::unique_ptr<UserLock> acquire(uid_t nrIds, bool useChroot)
|
static std::unique_ptr<UserLock> acquire(uid_t nrIds, bool useUserNamespace)
|
||||||
{
|
{
|
||||||
|
#if !defined(__linux__)
|
||||||
|
useUserNamespace = false;
|
||||||
|
#endif
|
||||||
|
|
||||||
settings.requireExperimentalFeature(Xp::AutoAllocateUids);
|
settings.requireExperimentalFeature(Xp::AutoAllocateUids);
|
||||||
assert(settings.startId > 0);
|
assert(settings.startId > 0);
|
||||||
assert(settings.uidCount % maxIdsPerBuild == 0);
|
assert(settings.uidCount % maxIdsPerBuild == 0);
|
||||||
|
@ -157,7 +161,7 @@ struct AutoUserLock : UserLock
|
||||||
auto lock = std::make_unique<AutoUserLock>();
|
auto lock = std::make_unique<AutoUserLock>();
|
||||||
lock->fdUserLock = std::move(fd);
|
lock->fdUserLock = std::move(fd);
|
||||||
lock->firstUid = firstUid;
|
lock->firstUid = firstUid;
|
||||||
if (useChroot)
|
if (useUserNamespace)
|
||||||
lock->firstGid = firstUid;
|
lock->firstGid = firstUid;
|
||||||
else {
|
else {
|
||||||
struct group * gr = getgrnam(settings.buildUsersGroup.get().c_str());
|
struct group * gr = getgrnam(settings.buildUsersGroup.get().c_str());
|
||||||
|
@ -174,10 +178,10 @@ struct AutoUserLock : UserLock
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useChroot)
|
std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useUserNamespace)
|
||||||
{
|
{
|
||||||
if (settings.autoAllocateUids)
|
if (settings.autoAllocateUids)
|
||||||
return AutoUserLock::acquire(nrIds, useChroot);
|
return AutoUserLock::acquire(nrIds, useUserNamespace);
|
||||||
else
|
else
|
||||||
return SimpleUserLock::acquire();
|
return SimpleUserLock::acquire();
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,7 +31,7 @@ struct UserLock
|
||||||
|
|
||||||
/* Acquire a user lock for a UID range of size `nrIds`. Note that this
|
/* Acquire a user lock for a UID range of size `nrIds`. Note that this
|
||||||
may return nullptr if no user is available. */
|
may return nullptr if no user is available. */
|
||||||
std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useChroot);
|
std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useUserNamespace);
|
||||||
|
|
||||||
bool useBuildUsers();
|
bool useBuildUsers();
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue