diff options
author | Yorick van Pelt <yorick@yorickvanpelt.nl> | 2023-02-14 13:29:30 +0100 |
---|---|---|
committer | Yorick van Pelt <yorick@yorickvanpelt.nl> | 2023-02-14 13:55:41 +0100 |
commit | 49fd72a903b7bc2fdc4735111ca5569122cf55ee (patch) | |
tree | 756cb0de9292c3a54ff58bcfabb256a9227216b0 /src/libstore/build/local-derivation-goal.cc | |
parent | ad1f61c39b716f4876d5f4c1dd9e37681631edb3 (diff) |
Make /etc writability conditional on uid-range feature
Diffstat (limited to 'src/libstore/build/local-derivation-goal.cc')
-rw-r--r-- | src/libstore/build/local-derivation-goal.cc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc index de023f336..7b125f5d2 100644 --- a/src/libstore/build/local-derivation-goal.cc +++ b/src/libstore/build/local-derivation-goal.cc @@ -670,6 +670,8 @@ void LocalDerivationGoal::startBuilder() nobody account. The latter is kind of a hack to support Samba-in-QEMU. */ createDirs(chrootRootDir + "/etc"); + if (parsedDrv->useUidRange()) + chownToBuilder(chrootRootDir + "/etc"); if (parsedDrv->useUidRange() && (!buildUser || buildUser->getUIDCount() < 65536)) throw Error("feature 'uid-range' requires the setting '%s' to be enabled", settings.autoAllocateUids.name); @@ -970,7 +972,8 @@ void LocalDerivationGoal::startBuilder() sandboxUid(), sandboxGid(), settings.sandboxBuildDir)); /* Make /etc unwritable */ - chmod_(chrootRootDir + "/etc", 0555); + if (!parsedDrv->useUidRange()) + chmod_(chrootRootDir + "/etc", 0555); /* Save the mount- and user namespace of the child. We have to do this *before* the child does a chroot. */ |