mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-11 00:36:20 +02:00
Fix $NIX_PATH access control initialisation
This commit is contained in:
parent
8be06c9aa1
commit
91e641af88
3 changed files with 22 additions and 22 deletions
|
@ -491,26 +491,10 @@ EvalState::EvalState(
|
||||||
for (auto & i : evalSettings.nixPath.get()) addToSearchPath(i);
|
for (auto & i : evalSettings.nixPath.get()) addToSearchPath(i);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (rootFS->hasAccessControl()) {
|
/* Allow access to all paths in the search path. */
|
||||||
for (auto & i : searchPath) {
|
if (rootFS->hasAccessControl())
|
||||||
if (auto path = resolveSearchPathElem(i)) {
|
for (auto & i : searchPath)
|
||||||
// FIXME
|
resolveSearchPathElem(i, true);
|
||||||
#if 0
|
|
||||||
if (store->isInStore(*path)) {
|
|
||||||
try {
|
|
||||||
StorePathSet closure;
|
|
||||||
store->computeFSClosure(store->toStorePath(*path).first, closure);
|
|
||||||
for (auto & p : closure)
|
|
||||||
allowPath(p);
|
|
||||||
} catch (InvalidPath &) {
|
|
||||||
allowPath(*r);
|
|
||||||
}
|
|
||||||
} else
|
|
||||||
allowPath(*r);
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
createBaseEnv();
|
createBaseEnv();
|
||||||
|
|
||||||
|
|
|
@ -207,7 +207,9 @@ public:
|
||||||
SourcePath findFile(SearchPath & searchPath, const std::string_view path, const PosIdx pos = noPos);
|
SourcePath findFile(SearchPath & searchPath, const std::string_view path, const PosIdx pos = noPos);
|
||||||
|
|
||||||
/* If the specified search path element is a URI, download it. */
|
/* If the specified search path element is a URI, download it. */
|
||||||
std::optional<SourcePath> resolveSearchPathElem(const SearchPathElem & elem);
|
std::optional<SourcePath> resolveSearchPathElem(
|
||||||
|
const SearchPathElem & elem,
|
||||||
|
bool initAccessControl = false);
|
||||||
|
|
||||||
/* Evaluate an expression to normal form, storing the result in
|
/* Evaluate an expression to normal form, storing the result in
|
||||||
value `v'. */
|
value `v'. */
|
||||||
|
|
|
@ -783,7 +783,7 @@ SourcePath EvalState::findFile(SearchPath & searchPath, const std::string_view p
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
std::optional<SourcePath> EvalState::resolveSearchPathElem(const SearchPathElem & elem)
|
std::optional<SourcePath> EvalState::resolveSearchPathElem(const SearchPathElem & elem, bool initAccessControl)
|
||||||
{
|
{
|
||||||
auto i = searchPathResolved.find(elem.second);
|
auto i = searchPathResolved.find(elem.second);
|
||||||
if (i != searchPathResolved.end()) return i->second;
|
if (i != searchPathResolved.end()) return i->second;
|
||||||
|
@ -803,6 +803,20 @@ std::optional<SourcePath> EvalState::resolveSearchPathElem(const SearchPathElem
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
auto path = rootPath(absPath(elem.second));
|
auto path = rootPath(absPath(elem.second));
|
||||||
|
|
||||||
|
/* Allow access to paths in the search path. */
|
||||||
|
if (initAccessControl) {
|
||||||
|
allowPath(path.path.abs());
|
||||||
|
if (store->isInStore(path.path.abs())) {
|
||||||
|
try {
|
||||||
|
StorePathSet closure;
|
||||||
|
store->computeFSClosure(store->toStorePath(path.path.abs()).first, closure);
|
||||||
|
for (auto & p : closure)
|
||||||
|
allowPath(p);
|
||||||
|
} catch (InvalidPath &) { }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (path.pathExists())
|
if (path.pathExists())
|
||||||
res.emplace(path);
|
res.emplace(path);
|
||||||
else {
|
else {
|
||||||
|
|
Loading…
Reference in a new issue