diff options
| -rw-r--r-- | src/libstore/build.cc | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/src/libstore/build.cc b/src/libstore/build.cc index f4478a4db..85948f799 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1566,14 +1566,15 @@ void DerivationGoal::startBuilder() createDirs(chrootTmpDir); chmod(chrootTmpDir, 01777); - /* Create a /etc/passwd with entries for the build user and - the nobody account. The latter is kind of a hack to - support Samba-in-QEMU. */ + /* Create a /etc/passwd with entries for the build user and the + nobody account. The latter is kind of a hack to support + Samba-in-QEMU. For the sake of consistency with the setgroups(2) + call below, the build user has no supplementary groups. */ createDirs(chrootRootDir + "/etc"); writeFile(chrootRootDir + "/etc/passwd", (format( - "nixbld:x:%1%:65534:Nix build user:/:/noshell\n" + "nixbld:x:%1%:%1%:Nix build user:/:/noshell\n" "nobody:x:65534:65534:Nobody:/:/noshell\n") % (buildUser.enabled() ? buildUser.getUID() : getuid())).str()); |