forked from lix-project/lix
On macOS with auto-uid-allocation and sandboxing, use the correct gid
macOS doesn't have user namespacing, so the gid of the builder needs to be nixbld. The logic got "has sandboxing enabled" confused with "has user namespaces". Fixes #7529.
This commit is contained in:
parent
d644b45615
commit
4e84b532ed
|
@ -123,8 +123,12 @@ struct AutoUserLock : UserLock
|
||||||
|
|
||||||
std::vector<gid_t> getSupplementaryGIDs() override { return {}; }
|
std::vector<gid_t> getSupplementaryGIDs() override { return {}; }
|
||||||
|
|
||||||
static std::unique_ptr<UserLock> acquire(uid_t nrIds, bool useChroot)
|
static std::unique_ptr<UserLock> acquire(uid_t nrIds, bool useUserNamespace)
|
||||||
{
|
{
|
||||||
|
#if !defined(__linux__)
|
||||||
|
useUserNamespace = false;
|
||||||
|
#endif
|
||||||
|
|
||||||
settings.requireExperimentalFeature(Xp::AutoAllocateUids);
|
settings.requireExperimentalFeature(Xp::AutoAllocateUids);
|
||||||
assert(settings.startId > 0);
|
assert(settings.startId > 0);
|
||||||
assert(settings.uidCount % maxIdsPerBuild == 0);
|
assert(settings.uidCount % maxIdsPerBuild == 0);
|
||||||
|
@ -157,7 +161,7 @@ struct AutoUserLock : UserLock
|
||||||
auto lock = std::make_unique<AutoUserLock>();
|
auto lock = std::make_unique<AutoUserLock>();
|
||||||
lock->fdUserLock = std::move(fd);
|
lock->fdUserLock = std::move(fd);
|
||||||
lock->firstUid = firstUid;
|
lock->firstUid = firstUid;
|
||||||
if (useChroot)
|
if (useUserNamespace)
|
||||||
lock->firstGid = firstUid;
|
lock->firstGid = firstUid;
|
||||||
else {
|
else {
|
||||||
struct group * gr = getgrnam(settings.buildUsersGroup.get().c_str());
|
struct group * gr = getgrnam(settings.buildUsersGroup.get().c_str());
|
||||||
|
@ -174,10 +178,10 @@ struct AutoUserLock : UserLock
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useChroot)
|
std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useUserNamespace)
|
||||||
{
|
{
|
||||||
if (settings.autoAllocateUids)
|
if (settings.autoAllocateUids)
|
||||||
return AutoUserLock::acquire(nrIds, useChroot);
|
return AutoUserLock::acquire(nrIds, useUserNamespace);
|
||||||
else
|
else
|
||||||
return SimpleUserLock::acquire();
|
return SimpleUserLock::acquire();
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,7 +31,7 @@ struct UserLock
|
||||||
|
|
||||||
/* Acquire a user lock for a UID range of size `nrIds`. Note that this
|
/* Acquire a user lock for a UID range of size `nrIds`. Note that this
|
||||||
may return nullptr if no user is available. */
|
may return nullptr if no user is available. */
|
||||||
std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useChroot);
|
std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useUserNamespace);
|
||||||
|
|
||||||
bool useBuildUsers();
|
bool useBuildUsers();
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue