mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-27 08:16:14 +02:00
* Pass the actual build user to the setuid helper.
This commit is contained in:
parent
a45c498e4e
commit
7d8cf316ee
1 changed files with 10 additions and 22 deletions
|
@ -340,6 +340,7 @@ private:
|
||||||
Path fnUserLock;
|
Path fnUserLock;
|
||||||
AutoCloseFD fdUserLock;
|
AutoCloseFD fdUserLock;
|
||||||
|
|
||||||
|
string user;
|
||||||
uid_t uid;
|
uid_t uid;
|
||||||
gid_t gid;
|
gid_t gid;
|
||||||
|
|
||||||
|
@ -350,10 +351,12 @@ public:
|
||||||
void acquire();
|
void acquire();
|
||||||
void release();
|
void release();
|
||||||
|
|
||||||
uid_t getUID();
|
string getUser() { return user; }
|
||||||
uid_t getGID();
|
uid_t getUID() { return uid; }
|
||||||
|
uid_t getGID() { return gid; }
|
||||||
|
|
||||||
|
bool enabled() { return uid != 0; }
|
||||||
|
|
||||||
bool enabled();
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
@ -420,6 +423,7 @@ void UserLock::acquire()
|
||||||
if (lockFile(fd, ltWrite, false)) {
|
if (lockFile(fd, ltWrite, false)) {
|
||||||
fdUserLock = fd.borrow();
|
fdUserLock = fd.borrow();
|
||||||
lockedPaths.insert(fnUserLock);
|
lockedPaths.insert(fnUserLock);
|
||||||
|
user = *i;
|
||||||
uid = pw->pw_uid;
|
uid = pw->pw_uid;
|
||||||
|
|
||||||
/* Sanity check... */
|
/* Sanity check... */
|
||||||
|
@ -448,24 +452,6 @@ void UserLock::release()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
uid_t UserLock::getUID()
|
|
||||||
{
|
|
||||||
return uid;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
uid_t UserLock::getGID()
|
|
||||||
{
|
|
||||||
return gid;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
bool UserLock::enabled()
|
|
||||||
{
|
|
||||||
return uid != 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
static bool amPrivileged()
|
static bool amPrivileged()
|
||||||
{
|
{
|
||||||
return geteuid() == 0;
|
return geteuid() == 0;
|
||||||
|
@ -1351,6 +1337,7 @@ void DerivationGoal::startBuilder()
|
||||||
|
|
||||||
Path program = drv.builder.c_str();
|
Path program = drv.builder.c_str();
|
||||||
std::vector<const char *> args; /* careful with c_str()! */
|
std::vector<const char *> args; /* careful with c_str()! */
|
||||||
|
string user; /* must be here for its c_str()! */
|
||||||
|
|
||||||
/* If we are running in `build-users' mode, then switch to
|
/* If we are running in `build-users' mode, then switch to
|
||||||
the user we allocated above. Make sure that we drop
|
the user we allocated above. Make sure that we drop
|
||||||
|
@ -1381,7 +1368,8 @@ void DerivationGoal::startBuilder()
|
||||||
program = nixLibexecDir + "/nix-setuid-helper";
|
program = nixLibexecDir + "/nix-setuid-helper";
|
||||||
args.push_back(program.c_str());
|
args.push_back(program.c_str());
|
||||||
args.push_back("run-builder");
|
args.push_back("run-builder");
|
||||||
args.push_back("nix-builder-1"); /* !!! TODO */
|
user = buildUser.getUser().c_str();
|
||||||
|
args.push_back(user.c_str());
|
||||||
args.push_back(drv.builder.c_str());
|
args.push_back(drv.builder.c_str());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue