From 2e8eaca573ccda707ff42c136a6f38a34f2975b4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 11 Mar 2010 10:21:23 +0000 Subject: Clear supplementary groups of `nixbld' in /etc/passwd in chroots. * src/libstore/build.cc (nix::DerivationGoal::startBuilder): Don't display any supplementary groups for `nixbld' in /etc/passwd. --- src/libstore/build.cc | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/libstore/build.cc b/src/libstore/build.cc index f4478a4db..85948f799 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1566,14 +1566,15 @@ void DerivationGoal::startBuilder() createDirs(chrootTmpDir); chmod(chrootTmpDir, 01777); - /* Create a /etc/passwd with entries for the build user and - the nobody account. The latter is kind of a hack to - support Samba-in-QEMU. */ + /* Create a /etc/passwd with entries for the build user and the + nobody account. The latter is kind of a hack to support + Samba-in-QEMU. For the sake of consistency with the setgroups(2) + call below, the build user has no supplementary groups. */ createDirs(chrootRootDir + "/etc"); writeFile(chrootRootDir + "/etc/passwd", (format( - "nixbld:x:%1%:65534:Nix build user:/:/noshell\n" + "nixbld:x:%1%:%1%:Nix build user:/:/noshell\n" "nobody:x:65534:65534:Nobody:/:/noshell\n") % (buildUser.enabled() ? buildUser.getUID() : getuid())).str()); -- cgit v1.2.3 From c752c9f41aa88ff2129cdc0863fe74f76328835c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= Date: Thu, 11 Mar 2010 10:33:04 +0000 Subject: Fix thinko in r20547. * src/libstore/build.cc (nix::DerivationGoal::startBuilder): Fix the GID of the build user in /etc/passwd. --- src/libstore/build.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/libstore/build.cc b/src/libstore/build.cc index 85948f799..4d542e31d 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -1568,15 +1568,15 @@ void DerivationGoal::startBuilder() /* Create a /etc/passwd with entries for the build user and the nobody account. The latter is kind of a hack to support - Samba-in-QEMU. For the sake of consistency with the setgroups(2) - call below, the build user has no supplementary groups. */ + Samba-in-QEMU. */ createDirs(chrootRootDir + "/etc"); writeFile(chrootRootDir + "/etc/passwd", (format( - "nixbld:x:%1%:%1%:Nix build user:/:/noshell\n" + "nixbld:x:%1%:%2%:Nix build user:/:/noshell\n" "nobody:x:65534:65534:Nobody:/:/noshell\n") - % (buildUser.enabled() ? buildUser.getUID() : getuid())).str()); + % (buildUser.enabled() ? buildUser.getUID() : getuid()) + % (buildUser.enabled() ? buildUser.getGID() : getgid())).str()); /* Bind-mount a user-configurable set of directories from the host file system. The `/dev/pts' directory must be mounted -- cgit v1.2.3