Restore ownership of / for non-uid-range builds

author: Eelco Dolstra <edolstra@gmail.com> 2022-11-29 13:10:53 +0100
committer: Eelco Dolstra <edolstra@gmail.com> 2022-11-29 13:10:53 +0100
commit: 4f762e2b023fd451fdbab0de8d6394dd7201640d (patch)
tree: bd39a2bd6d85564ef8f4c61ada507c03104a31bd /src/libstore
parent: 7dd3e1fec47b9dd6aa6a0b9a58962078a8499453 (diff)
1 files changed, 1 insertions, 2 deletions
diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc
index 69a7df411..359966288 100644
--- a/src/libstore/build/local-derivation-goal.cc
+++ b/src/libstore/build/local-derivation-goal.cc
@@ -646,8 +646,7 @@ void LocalDerivationGoal::startBuilder()
         if (mkdir(chrootRootDir.c_str(), buildUser && buildUser->getUIDCount() != 1 ? 0755 : 0750) == -1)
             throw SysError("cannot create '%1%'", chrootRootDir);
 
-        // FIXME: only make root writable for user namespace builds.
-        if (buildUser && chown(chrootRootDir.c_str(), buildUser->getUID(), buildUser->getGID()) == -1)
+        if (buildUser && chown(chrootRootDir.c_str(), buildUser->getUIDCount() != 1 ? buildUser->getUID() : 0, buildUser->getGID()) == -1)
             throw SysError("cannot change ownership of '%1%'", chrootRootDir);
 
         /* Create a writable /tmp in the chroot.  Many builders need
author	Eelco Dolstra <edolstra@gmail.com>	2022-11-29 13:10:53 +0100
committer	Eelco Dolstra <edolstra@gmail.com>	2022-11-29 13:10:53 +0100
commit	4f762e2b023fd451fdbab0de8d6394dd7201640d (patch)
tree	bd39a2bd6d85564ef8f4c61ada507c03104a31bd /src/libstore
parent	7dd3e1fec47b9dd6aa6a0b9a58962078a8499453 (diff)