From 179d058214c85dd3c66eabaa102cdda1a5984e77 Mon Sep 17 00:00:00 2001 From: Alois Wohlschlager Date: Mon, 27 May 2024 17:05:44 +0200 Subject: [PATCH] libstore/build: always treat seccomp setup failures as fatal In f047e4357b4f7ad66c2e476506bf35cab82e441e, I missed the behavior that if building without a dedicated build user (i.e. in single-user setups), seccomp setup failures are silently ignored. This was introduced without explanation 7 years ago (ff6becafa8efc2f7e6f2b9b889ba4adf20b8d524). Hopefully the only use-case nowadays is causing spurious test suite successes when messing up the seccomp filter during development. Let's try removing it. Change-Id: Ibe51416d9c7a6dd635c2282990224861adf1ceab --- src/libstore/build/local-derivation-goal.cc | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/src/libstore/build/local-derivation-goal.cc b/src/libstore/build/local-derivation-goal.cc index 9be780212..a5fe10d2a 100644 --- a/src/libstore/build/local-derivation-goal.cc +++ b/src/libstore/build/local-derivation-goal.cc @@ -1705,11 +1705,7 @@ void LocalDerivationGoal::runChild() commonChildInit(); - try { - setupSeccomp(); - } catch (...) { - if (buildUser) throw; - } + setupSeccomp(); bool setUser = true;