mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-24 14:56:15 +02:00
Fix $NIX_PATH access control initialisation
This commit is contained in:
parent
8be06c9aa1
commit
91e641af88
3 changed files with 22 additions and 22 deletions
|
@ -491,26 +491,10 @@ EvalState::EvalState(
|
|||
for (auto & i : evalSettings.nixPath.get()) addToSearchPath(i);
|
||||
}
|
||||
|
||||
if (rootFS->hasAccessControl()) {
|
||||
for (auto & i : searchPath) {
|
||||
if (auto path = resolveSearchPathElem(i)) {
|
||||
// FIXME
|
||||
#if 0
|
||||
if (store->isInStore(*path)) {
|
||||
try {
|
||||
StorePathSet closure;
|
||||
store->computeFSClosure(store->toStorePath(*path).first, closure);
|
||||
for (auto & p : closure)
|
||||
allowPath(p);
|
||||
} catch (InvalidPath &) {
|
||||
allowPath(*r);
|
||||
}
|
||||
} else
|
||||
allowPath(*r);
|
||||
#endif
|
||||
}
|
||||
}
|
||||
}
|
||||
/* Allow access to all paths in the search path. */
|
||||
if (rootFS->hasAccessControl())
|
||||
for (auto & i : searchPath)
|
||||
resolveSearchPathElem(i, true);
|
||||
|
||||
createBaseEnv();
|
||||
|
||||
|
|
|
@ -207,7 +207,9 @@ public:
|
|||
SourcePath findFile(SearchPath & searchPath, const std::string_view path, const PosIdx pos = noPos);
|
||||
|
||||
/* If the specified search path element is a URI, download it. */
|
||||
std::optional<SourcePath> resolveSearchPathElem(const SearchPathElem & elem);
|
||||
std::optional<SourcePath> resolveSearchPathElem(
|
||||
const SearchPathElem & elem,
|
||||
bool initAccessControl = false);
|
||||
|
||||
/* Evaluate an expression to normal form, storing the result in
|
||||
value `v'. */
|
||||
|
|
|
@ -783,7 +783,7 @@ SourcePath EvalState::findFile(SearchPath & searchPath, const std::string_view p
|
|||
}
|
||||
|
||||
|
||||
std::optional<SourcePath> EvalState::resolveSearchPathElem(const SearchPathElem & elem)
|
||||
std::optional<SourcePath> EvalState::resolveSearchPathElem(const SearchPathElem & elem, bool initAccessControl)
|
||||
{
|
||||
auto i = searchPathResolved.find(elem.second);
|
||||
if (i != searchPathResolved.end()) return i->second;
|
||||
|
@ -803,6 +803,20 @@ std::optional<SourcePath> EvalState::resolveSearchPathElem(const SearchPathElem
|
|||
}
|
||||
} else {
|
||||
auto path = rootPath(absPath(elem.second));
|
||||
|
||||
/* Allow access to paths in the search path. */
|
||||
if (initAccessControl) {
|
||||
allowPath(path.path.abs());
|
||||
if (store->isInStore(path.path.abs())) {
|
||||
try {
|
||||
StorePathSet closure;
|
||||
store->computeFSClosure(store->toStorePath(path.path.abs()).first, closure);
|
||||
for (auto & p : closure)
|
||||
allowPath(p);
|
||||
} catch (InvalidPath &) { }
|
||||
}
|
||||
}
|
||||
|
||||
if (path.pathExists())
|
||||
res.emplace(path);
|
||||
else {
|
||||
|
|
Loading…
Reference in a new issue