forked from lix-project/lix
Jade Lovelace
9909a175bf
This was found when `logrotate.conf` failed to build in a NixOS system
with:
/nix/store/26zdl4pyw5qazppj8if5lm8bjzxlc07l-coreutils-9.3/bin/id: cannot find name for group ID 30000
This was surprising because it seemed to mean that /etc/group was busted
in the sandbox. Indeed it was:
root❌0:
nixbld:!💯
nogroup❌65534:
We diagnosed this to sandboxUid() being called before
usingUserNamespace() was called, in setting up /etc/group inside the
sandbox. This code desperately needs refactoring.
We also moved the /etc/group code to be with the /etc/passwd code, but
honestly this code is all spaghetti'd all over the place and needs some
more serious tidying than we did here.
We also moved some checks to be earlier to improve locality with where
the things they are checking come from.
Change-Id:
|
||
---|---|---|
.. | ||
ca-fd-leak | ||
containers | ||
fetch-git | ||
root-in-sandbox | ||
setuid | ||
authorization.nix | ||
broken-userns.nix | ||
default.nix | ||
github-flakes.nix | ||
nix-copy-closure.nix | ||
nix-copy.nix | ||
nix-upgrade-nix.nix | ||
nss-preload.nix | ||
remote-builds-ssh-ng.nix | ||
remote-builds.nix | ||
sourcehut-flakes.nix | ||
symlink-resolvconf.nix | ||
tarball-flakes.nix | ||
util.nix |