| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2006-12-07 | * Doh! | Eelco Dolstra | |
| 2006-12-07 | * Be less verbose. | Eelco Dolstra | |
| 2006-12-07 | * Rename all those main.cc files. | Eelco Dolstra | |
| 2006-12-07 | * Check for lchown. | Eelco Dolstra | |
| 2006-12-07 | * Don't count on the Pid deconstructor to kill the child process, | Eelco Dolstra | |
| since if we're running a build user in non-root mode, we can't. Let the setuid helper do it. | |||
| 2006-12-07 | * Move setuidCleanup() to libutil. | Eelco Dolstra | |
| 2006-12-07 | * If not running as root, let the setuid helper kill the build user's | Eelco Dolstra | |
| processes before and after the build. | |||
| 2006-12-07 | * In the garbage collector, if deleting a path fails, try to fix its | Eelco Dolstra | |
| ownership, then try again. | |||
| 2006-12-07 | * When not running as root, call the setuid helper to change the | Eelco Dolstra | |
| ownership of the build result after the build. | |||
| 2006-12-07 | * Change the ownership of store paths to the Nix account before | Eelco Dolstra | |
| deleting them using the setuid helper. | |||
| 2006-12-07 | * Pass the actual build user to the setuid helper. | Eelco Dolstra | |
| 2006-12-07 | * If Nix is not running as root, call the setuid helper to start the | Eelco Dolstra | |
| builder under the desired build user. | |||
| 2006-12-07 | * Sanity check. | Eelco Dolstra | |
| 2006-12-07 | * Move killUser() to libutil so that the setuid helper can use it. | Eelco Dolstra | |
| 2006-12-06 | * Change the ownership of the current directory to the build user. | Eelco Dolstra | |
| 2006-12-06 | * Verify that the desired target user is in the build users group (as | Eelco Dolstra | |
| specified in the setuid config file). | |||
| 2006-12-06 | * Check that the caller is allowed to call the setuid helper. The | Eelco Dolstra | |
| allowed uid is specified in a configuration file in /etc/nix-setuid.conf. | |||
| 2006-12-06 | * Fix the safety check. | Eelco Dolstra | |
| 2006-12-06 | * Get rid of `build-users'. We'll just take all the members of | Eelco Dolstra | |
| `build-users-group'. This makes configuration easier: you can just add users in /etc/group. | |||
| 2006-12-06 | * nix-setuid-helper: allow running programs under a different uid. | Eelco Dolstra | |
| 2006-12-06 | * Start of the setuid helper (the program that performs the operations | Eelco Dolstra | |
| that have to be done as root: running builders under different uids, changing ownership of build results, and deleting paths in the store with the wrong ownership). | |||
| 2006-12-05 | * Be less chatty. | Eelco Dolstra | |
| 2006-12-05 | * Urgh. Do setgid() before setuid(), because the semantics of setgid() | Eelco Dolstra | |
| changes completely depending on whether you're root... | |||
| 2006-12-05 | * Tricky: child processes should not send data to the client since | Eelco Dolstra | |
| that might mess up the protocol. And besides, the socket file descriptor is probably closed. | |||
| 2006-12-05 | * FreeBSD returns ESRCH when there are no processes to kill. | Eelco Dolstra | |
| 2006-12-05 | * Oops! In daemon mode, we can't run as root either if build-users is empty. | Eelco Dolstra | |
| 2006-12-05 | * Use an explicit handler for SIGCHLD, since SIG_IGN doesn't do the | Eelco Dolstra | |
| right thing on FreeBSD 4 (it leaves zombies). | |||
| 2006-12-05 | * Better message. | Eelco Dolstra | |
| 2006-12-05 | * Ugly hack to handle spurious SIGPOLLs. | Eelco Dolstra | |
| 2006-12-05 | * Some renaming. | Eelco Dolstra | |
| 2006-12-05 | * Allow unprivileged users to run the garbage collector and to do | Eelco Dolstra | |
| `nix-store --delete'. But unprivileged users are not allowed to ignore liveness. * `nix-store --delete --ignore-liveness': ignore the runtime roots as well. | |||
| 2006-12-05 | * The determination of the root set should be made by the privileged | Eelco Dolstra | |
| process, so forward the operation. * Spam the user about GC misconfigurations (NIX-71). * findRoots: skip all roots that are unreadable - the warnings with which we spam the user should be enough. | |||
| 2006-12-05 | * findRoots: return a map from the symlink (outside of the store) to | Eelco Dolstra | |
| the store path (inside the store). | |||
| 2006-12-05 | * In addPermRoot, check that the root that we just registered can be | Eelco Dolstra | |
| found by the garbage collector. This addresses NIX-71 and is a particular concern in multi-user stores. | |||
| 2006-12-04 | * Add indirect root registration to the protocol so that unprivileged | Eelco Dolstra | |
| processes can register indirect roots. Of course, there is still the problem that the garbage collector can only read the targets of the indirect roots when it's running as root... | |||
| 2006-12-04 | * Not every OS knows about SIGPOLL. | Eelco Dolstra | |
| 2006-12-04 | * Don't redirect stderr. | Eelco Dolstra | |
| 2006-12-04 | * Handle exceptions and stderr for all protocol functions. | Eelco Dolstra | |
| * SIGIO -> SIGPOLL (POSIX calls it that). * Use sigaction instead of signal to register the SIGPOLL handler. Sigaction is better defined, and a handler registered with signal appears not to interrupt fcntl(..., F_SETLKW, ...), which is bad. | |||
| 2006-12-04 | * Daemon mode (`nix-worker --daemon'). Clients connect to the server | Eelco Dolstra | |
| via the Unix domain socket in /nix/var/nix/daemon.socket. The server forks a worker process per connection. * readString(): use the heap, not the stack. * Some protocol fixes. | |||
| 2006-12-04 | * When NIX_REMOTE=daemon, connect to /nix/var/nix/daemon.socket | Eelco Dolstra | |
| instead of forking a worker. | |||
| 2006-12-04 | * Refactoring. | Eelco Dolstra | |
| 2006-12-04 | * Pass the verbosity level to the worker. | Eelco Dolstra | |
| 2006-12-04 | * Install the worker in bindir, not libexecdir. | Eelco Dolstra | |
| * Allow the worker path to be overriden through the NIX_WORKER environment variable. | |||
| 2006-12-03 | * Doh. | Eelco Dolstra | |
| 2006-12-03 | * Don't run setuid root when build-users is empty. | Eelco Dolstra | |
| * Send startup errors to the client. | |||
| 2006-12-03 | * Removed `build-allow-root'. | Eelco Dolstra | |
| * Added `build-users-group', the group under which builds are to be performed. * Check that /nix/store has 1775 permission and is owner by the build-users-group. | |||
| 2006-12-03 | * Use setreuid if setresuid is not available. | Eelco Dolstra | |
| 2006-12-03 | * Handle a subtle race condition: the client closing the socket | Eelco Dolstra | |
| between the last worker read/write and the enabling of the signal handler. | |||
| 2006-12-03 | * Some hardcore magic to handle asynchronous client disconnects. | Eelco Dolstra | |
| The problem is that when we kill the client while the worker is building, and the builder is not writing anything to stderr, then the worker never notice that the socket is closed on the other side, so it just continues indefinitely. The solution is to catch SIGIO, which is sent when the far side of the socket closes, and simulate an normal interruption. Of course, SIGIO is also sent every time the client sends data over the socket, so we only enable the signal handler when we're not expecting any data... | |||
| 2006-12-03 | * Use a Unix domain socket instead of pipes. | Eelco Dolstra | |
 |
index : lix | |
| User & |
| aboutsummaryrefslogtreecommitdiff |