lehmanator/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

Disable the build user mechanism on all platforms except Linux and OS X

Browse source
This commit is contained in:
Eelco Dolstra 2017-06-06 18:52:15 +02:00
parent 85e93d7b87
commit c8cc50d46e
No known key found for this signature in database
GPG key ID: 8170B4726D7198DE
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/libstore/build.cc
View file

@ -1716,11 +1716,17 @@ void DerivationGoal::startBuilder()
/* If `build-users-group' is not empty, then we have to build as /* If `build-users-group' is not empty, then we have to build as
one of the members of that group. */ one of the members of that group. */
if (settings.buildUsersGroup != "" && getuid() == 0) { if (settings.buildUsersGroup != "" && getuid() == 0) {
#if defined(__linux__) || defined(__APPLE__)
buildUser = std::make_unique<UserLock>(); buildUser = std::make_unique<UserLock>();
/* Make sure that no other processes are executing under this /* Make sure that no other processes are executing under this
uid. */ uid. */
buildUser->kill(); buildUser->kill();
#else
/* Don't know how to block the creation of setuid/setgid
binaries on this platform. */
throw Error("build users are not supported on this platform for security reasons");
#endif
} }
/* Create a temporary directory where the build will take /* Create a temporary directory where the build will take