diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2017-06-06 18:52:15 +0200 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2017-06-06 18:52:15 +0200 |
| commit | c8cc50d46e78de7ae02c2cb7a5159e995c993f61 (patch) | |
| tree | b420c2082efacdfa359696db1d5a8034b25d5283 | |
| parent | 85e93d7b874f99730387714394bb60407cf138d5 (diff) | |
Disable the build user mechanism on all platforms except Linux and OS X
| -rw-r--r-- | src/libstore/build.cc | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index d12a1a791..d5fe41d1b 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1716,11 +1716,17 @@ void DerivationGoal::startBuilder() /* If `build-users-group' is not empty, then we have to build as one of the members of that group. */ if (settings.buildUsersGroup != "" && getuid() == 0) { +#if defined(__linux__) || defined(__APPLE__) buildUser = std::make_unique<UserLock>(); /* Make sure that no other processes are executing under this uid. */ buildUser->kill(); +#else + /* Don't know how to block the creation of setuid/setgid + binaries on this platform. */ + throw Error("build users are not supported on this platform for security reasons"); +#endif } /* Create a temporary directory where the build will take |