mirror of
https://github.com/privatevoid-net/nix-super.git
synced 2024-11-27 00:06:16 +02:00
Merge remote-tracking branch 'origin/master' into flakes
This commit is contained in:
commit
f3505a7899
2 changed files with 14 additions and 8 deletions
|
@ -503,14 +503,14 @@
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><emphasis>Pure evaluation mode</emphasis>. This is a variant
|
<para><emphasis>Pure evaluation mode</emphasis>. With the
|
||||||
of the existing restricted evaluation mode. In pure mode, the Nix
|
<literal>--pure-eval</literal> flag, Nix enables a variant of the existing
|
||||||
evaluator forbids access to anything that could cause different
|
restricted evaluation mode that forbids access to anything that could cause
|
||||||
evaluations of the same command line arguments to produce a
|
different evaluations of the same command line arguments to produce a
|
||||||
different result. This includes builtin functions such as
|
different result. This includes builtin functions such as
|
||||||
<function>builtins.getEnv</function>, but more importantly,
|
<function>builtins.getEnv</function>, but more importantly,
|
||||||
<emphasis>all</emphasis> filesystem or network access unless a
|
<emphasis>all</emphasis> filesystem or network access unless a content hash
|
||||||
content hash or commit hash is specified. For example, calls to
|
or commit hash is specified. For example, calls to
|
||||||
<function>builtins.fetchGit</function> are only allowed if a
|
<function>builtins.fetchGit</function> are only allowed if a
|
||||||
<varname>rev</varname> attribute is specified.</para>
|
<varname>rev</varname> attribute is specified.</para>
|
||||||
|
|
||||||
|
|
|
@ -33,6 +33,9 @@ std::unique_ptr<SSHMaster::Connection> SSHMaster::startCommand(const std::string
|
||||||
out.create();
|
out.create();
|
||||||
|
|
||||||
auto conn = std::make_unique<Connection>();
|
auto conn = std::make_unique<Connection>();
|
||||||
|
ProcessOptions options;
|
||||||
|
options.dieWithParent = false;
|
||||||
|
|
||||||
conn->sshPid = startProcess([&]() {
|
conn->sshPid = startProcess([&]() {
|
||||||
restoreSignals();
|
restoreSignals();
|
||||||
|
|
||||||
|
@ -64,7 +67,7 @@ std::unique_ptr<SSHMaster::Connection> SSHMaster::startCommand(const std::string
|
||||||
|
|
||||||
// could not exec ssh/bash
|
// could not exec ssh/bash
|
||||||
throw SysError("unable to execute '%s'", args.front());
|
throw SysError("unable to execute '%s'", args.front());
|
||||||
});
|
}, options);
|
||||||
|
|
||||||
|
|
||||||
in.readSide = -1;
|
in.readSide = -1;
|
||||||
|
@ -91,6 +94,9 @@ Path SSHMaster::startMaster()
|
||||||
Pipe out;
|
Pipe out;
|
||||||
out.create();
|
out.create();
|
||||||
|
|
||||||
|
ProcessOptions options;
|
||||||
|
options.dieWithParent = false;
|
||||||
|
|
||||||
state->sshMaster = startProcess([&]() {
|
state->sshMaster = startProcess([&]() {
|
||||||
restoreSignals();
|
restoreSignals();
|
||||||
|
|
||||||
|
@ -110,7 +116,7 @@ Path SSHMaster::startMaster()
|
||||||
execvp(args.begin()->c_str(), stringsToCharPtrs(args).data());
|
execvp(args.begin()->c_str(), stringsToCharPtrs(args).data());
|
||||||
|
|
||||||
throw SysError("unable to execute '%s'", args.front());
|
throw SysError("unable to execute '%s'", args.front());
|
||||||
});
|
}, options);
|
||||||
|
|
||||||
out.writeSide = -1;
|
out.writeSide = -1;
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue