From 7d8cf316eec3b5b1f2cf5ae8558a80bcaa69437f Mon Sep 17 00:00:00 2001 From: Eelco Dolstra Date: Thu, 7 Dec 2006 11:27:32 +0000 Subject: [PATCH] * Pass the actual build user to the setuid helper. --- src/libstore/build.cc | 32 ++++++++++---------------------- 1 file changed, 10 insertions(+), 22 deletions(-) diff --git a/src/libstore/build.cc b/src/libstore/build.cc index be6f93489..2b2b54cd1 100644 --- a/src/libstore/build.cc +++ b/src/libstore/build.cc @@ -340,6 +340,7 @@ private: Path fnUserLock; AutoCloseFD fdUserLock; + string user; uid_t uid; gid_t gid; @@ -350,10 +351,12 @@ public: void acquire(); void release(); - uid_t getUID(); - uid_t getGID(); + string getUser() { return user; } + uid_t getUID() { return uid; } + uid_t getGID() { return gid; } - bool enabled(); + bool enabled() { return uid != 0; } + }; @@ -420,6 +423,7 @@ void UserLock::acquire() if (lockFile(fd, ltWrite, false)) { fdUserLock = fd.borrow(); lockedPaths.insert(fnUserLock); + user = *i; uid = pw->pw_uid; /* Sanity check... */ @@ -448,24 +452,6 @@ void UserLock::release() } -uid_t UserLock::getUID() -{ - return uid; -} - - -uid_t UserLock::getGID() -{ - return gid; -} - - -bool UserLock::enabled() -{ - return uid != 0; -} - - static bool amPrivileged() { return geteuid() == 0; @@ -1351,6 +1337,7 @@ void DerivationGoal::startBuilder() Path program = drv.builder.c_str(); std::vector args; /* careful with c_str()! */ + string user; /* must be here for its c_str()! */ /* If we are running in `build-users' mode, then switch to the user we allocated above. Make sure that we drop @@ -1381,7 +1368,8 @@ void DerivationGoal::startBuilder() program = nixLibexecDir + "/nix-setuid-helper"; args.push_back(program.c_str()); args.push_back("run-builder"); - args.push_back("nix-builder-1"); /* !!! TODO */ + user = buildUser.getUser().c_str(); + args.push_back(user.c_str()); args.push_back(drv.builder.c_str()); } }