mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-25 15:26:17 +02:00
Fix --no-sandbox
When sandboxing is disabled, we cannot put $TMPDIR underneath an inaccessible directory.
This commit is contained in:
parent
58b7b3fd15
commit
d54590fdf3
2 changed files with 12 additions and 4 deletions
|
@ -503,9 +503,14 @@ void LocalDerivationGoal::startBuilder()
|
||||||
|
|
||||||
/* Create a temporary directory where the build will take
|
/* Create a temporary directory where the build will take
|
||||||
place. */
|
place. */
|
||||||
auto parentTmpDir = createTempDir(settings.buildDir.get().value_or(""), "nix-build-" + std::string(drvPath.name()), false, false, 0700);
|
tmpDir = createTempDir(settings.buildDir.get().value_or(""), "nix-build-" + std::string(drvPath.name()), false, false, 0700);
|
||||||
tmpDir = parentTmpDir + "/build";
|
if (useChroot) {
|
||||||
|
/* If sandboxing is enabled, put the actual TMPDIR underneath
|
||||||
|
an inaccessible root-owned directory, to prevent outside
|
||||||
|
access. */
|
||||||
|
tmpDir = tmpDir + "/build";
|
||||||
createDir(tmpDir, 0700);
|
createDir(tmpDir, 0700);
|
||||||
|
}
|
||||||
chownToBuilder(tmpDir);
|
chownToBuilder(tmpDir);
|
||||||
|
|
||||||
for (auto & [outputName, status] : initialOutputs) {
|
for (auto & [outputName, status] : initialOutputs) {
|
||||||
|
|
|
@ -46,7 +46,10 @@ test_custom_build_dir() {
|
||||||
--no-out-link --keep-failed --option build-dir "$TEST_ROOT/custom-build-dir" 2> $TEST_ROOT/log || status=$?
|
--no-out-link --keep-failed --option build-dir "$TEST_ROOT/custom-build-dir" 2> $TEST_ROOT/log || status=$?
|
||||||
[ "$status" = "100" ]
|
[ "$status" = "100" ]
|
||||||
[[ 1 == "$(count "$customBuildDir/nix-build-"*)" ]]
|
[[ 1 == "$(count "$customBuildDir/nix-build-"*)" ]]
|
||||||
local buildDir="$customBuildDir/nix-build-"*"/build"
|
local buildDir="$customBuildDir/nix-build-"*""
|
||||||
|
if [[ -e $buildDir/build ]]; then
|
||||||
|
buildDir=$buildDir/build
|
||||||
|
fi
|
||||||
grep $checkBuildId $buildDir/checkBuildId
|
grep $checkBuildId $buildDir/checkBuildId
|
||||||
}
|
}
|
||||||
test_custom_build_dir
|
test_custom_build_dir
|
||||||
|
|
Loading…
Reference in a new issue