diff options
| author | Eelco Dolstra <edolstra@gmail.com> | 2023-01-05 04:58:55 -0800 |
|---|---|---|
| committer | Eelco Dolstra <edolstra@gmail.com> | 2023-01-05 04:58:55 -0800 |
| commit | 4e84b532ed5317ec836c54689c73a1fddab0c892 (patch) | |
| tree | 90b2cd90e6bc101a13ba4203f92ce6aecf9b1e68 /src/libstore | |
| parent | d644b456159b0335039666f6620a9f3d8129a83a (diff) | |
On macOS with auto-uid-allocation and sandboxing, use the correct gid
macOS doesn't have user namespacing, so the gid of the builder needs
to be nixbld. The logic got "has sandboxing enabled" confused with
"has user namespaces".
Fixes #7529.
Diffstat (limited to 'src/libstore')
| -rw-r--r-- | src/libstore/lock.cc | 12 | ||||
| -rw-r--r-- | src/libstore/lock.hh | 2 |
2 files changed, 9 insertions, 5 deletions
diff --git a/src/libstore/lock.cc b/src/libstore/lock.cc index d02d20b4c..4fe1fcf56 100644 --- a/src/libstore/lock.cc +++ b/src/libstore/lock.cc @@ -123,8 +123,12 @@ struct AutoUserLock : UserLock std::vector<gid_t> getSupplementaryGIDs() override { return {}; } - static std::unique_ptr<UserLock> acquire(uid_t nrIds, bool useChroot) + static std::unique_ptr<UserLock> acquire(uid_t nrIds, bool useUserNamespace) { + #if !defined(__linux__) + useUserNamespace = false; + #endif + settings.requireExperimentalFeature(Xp::AutoAllocateUids); assert(settings.startId > 0); assert(settings.uidCount % maxIdsPerBuild == 0); @@ -157,7 +161,7 @@ struct AutoUserLock : UserLock auto lock = std::make_unique<AutoUserLock>(); lock->fdUserLock = std::move(fd); lock->firstUid = firstUid; - if (useChroot) + if (useUserNamespace) lock->firstGid = firstUid; else { struct group * gr = getgrnam(settings.buildUsersGroup.get().c_str()); @@ -174,10 +178,10 @@ struct AutoUserLock : UserLock } }; -std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useChroot) +std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useUserNamespace) { if (settings.autoAllocateUids) - return AutoUserLock::acquire(nrIds, useChroot); + return AutoUserLock::acquire(nrIds, useUserNamespace); else return SimpleUserLock::acquire(); } diff --git a/src/libstore/lock.hh b/src/libstore/lock.hh index 49ad86de7..7f1934510 100644 --- a/src/libstore/lock.hh +++ b/src/libstore/lock.hh @@ -31,7 +31,7 @@ struct UserLock /* Acquire a user lock for a UID range of size `nrIds`. Note that this may return nullptr if no user is available. */ -std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useChroot); +std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useUserNamespace); bool useBuildUsers(); |