diff options
| -rw-r--r-- | src/libstore/local-store.cc | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/libstore/local-store.cc b/src/libstore/local-store.cc index ee36428af..aa985ee53 100644 --- a/src/libstore/local-store.cc +++ b/src/libstore/local-store.cc @@ -421,10 +421,14 @@ static void canonicalisePathMetaData_(const Path & path, uid_t fromUid, InodesSe if ((eaSize = llistxattr(path.c_str(), eaBuf.data(), eaBuf.size())) < 0) throw SysError("querying extended attributes of ‘%s’", path); - for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1))) + for (auto & eaName: tokenizeString<Strings>(std::string(eaBuf.data(), eaSize), std::string("\000", 1))) { + /* Ignore SELinux security labels since these cannot be + removed even by root. */ + if (eaName == "security.selinux") continue; if (lremovexattr(path.c_str(), eaName.c_str()) == -1) throw SysError("removing extended attribute ‘%s’ from ‘%s’", eaName, path); - } + } + } #endif /* Fail if the file is not owned by the build user. This prevents |