nix-super

max/nix-super

Fork 0

mirror of https://github.com/privatevoid-net/nix-super.git synced 2024-11-10 08:16:15 +02:00

Commit graph

Author	SHA1	Message	Date
Théophane Hufschmitt	1d3696f0fb	Run the builds in a daemon-controled directory Instead of running the builds under `$TMPDIR/{unique-build-directory-owned-by-the-build-user}`, run them under `$TMPDIR/{unique-build-directory-owned-by-the-daemon}/{subdir-owned-by-the-build-user}` where the build directory is only readable and traversable by the daemon user. This achieves two things: 1. It prevents builders from making their build directory world-readable (or even writeable), which would allow the outside world to interact with them. 2. It prevents external processes running as the build user (either because that somehow leaked, maybe as a consequence of 1., or because `build-users` isn't in use) from gaining access to the build directory.	2024-06-21 17:06:19 +02:00
Théophane Hufschmitt	717f3eea39	Add a test for the user sandboxing	2024-06-21 17:06:18 +02:00

Author

SHA1

Message

Date

Théophane Hufschmitt

1d3696f0fb

Run the builds in a daemon-controled directory

Instead of running the builds under
`$TMPDIR/{unique-build-directory-owned-by-the-build-user}`, run them
under `$TMPDIR/{unique-build-directory-owned-by-the-daemon}/{subdir-owned-by-the-build-user}`
where the build directory is only readable and traversable by the daemon user.

This achieves two things:

1. It prevents builders from making their build directory world-readable
   (or even writeable), which would allow the outside world to interact
   with them.
2. It prevents external processes running as the build user (either
   because that somehow leaked, maybe as a consequence of 1., or because
   `build-users` isn't in use) from gaining access to the build
   directory.

2024-06-21 17:06:19 +02:00

Théophane Hufschmitt

717f3eea39

Add a test for the user sandboxing

2024-06-21 17:06:18 +02:00

2 commits