forked from lix-project/lix
Make /etc writability conditional on uid-range feature
This commit is contained in:
parent
ad1f61c39b
commit
49fd72a903
|
@ -670,6 +670,8 @@ void LocalDerivationGoal::startBuilder()
|
|||
nobody account. The latter is kind of a hack to support
|
||||
Samba-in-QEMU. */
|
||||
createDirs(chrootRootDir + "/etc");
|
||||
if (parsedDrv->useUidRange())
|
||||
chownToBuilder(chrootRootDir + "/etc");
|
||||
|
||||
if (parsedDrv->useUidRange() && (!buildUser || buildUser->getUIDCount() < 65536))
|
||||
throw Error("feature 'uid-range' requires the setting '%s' to be enabled", settings.autoAllocateUids.name);
|
||||
|
@ -970,6 +972,7 @@ void LocalDerivationGoal::startBuilder()
|
|||
sandboxUid(), sandboxGid(), settings.sandboxBuildDir));
|
||||
|
||||
/* Make /etc unwritable */
|
||||
if (!parsedDrv->useUidRange())
|
||||
chmod_(chrootRootDir + "/etc", 0555);
|
||||
|
||||
/* Save the mount- and user namespace of the child. We have to do this
|
||||
|
|
|
@ -56,7 +56,6 @@ runCommand "test"
|
|||
# Make /run a tmpfs to shut up a systemd warning.
|
||||
mkdir /run
|
||||
mount -t tmpfs none /run
|
||||
chmod 0700 /run
|
||||
|
||||
mount -t cgroup2 none /sys/fs/cgroup
|
||||
|
||||
|
|
Loading…
Reference in a new issue