lix-project/lix
20
55
Fork 31
Code Issues 344 Code Review (Gerrit) Projects 3 Releases Wiki Activity

Allow disabling build users by unsetting build-users-group

Browse source 
Unsetting `build-users-group` (without `auto-allocate-uids` enabled)
gives the following error:

```
src/libstore/lock.cc:25: static std::unique_ptr<nix::UserLock> nix::SimpleUserLock::acquire(): Assertion `settings.buildUsersGroup != ""' failed.
```

Fix the logic in `useBuildUsers` and document the default value
for `build-users-group`.
This commit is contained in:
Naïm Favier 2022-12-14 00:40:30 +01:00
parent 9fa8b02c41
commit 1f3c0a3c1d
No known key found for this signature in database
GPG key ID: 95AFCE8211908325
2 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/libstore/globals.hh
View file

@ -281,7 +281,10 @@ public:
`NIX_REMOTE` is empty, the uid under which the Nix daemon runs if `NIX_REMOTE` is empty, the uid under which the Nix daemon runs if
`NIX_REMOTE` is `daemon`). Obviously, this should not be used in `NIX_REMOTE` is `daemon`). Obviously, this should not be used in
multi-user settings with untrusted users. multi-user settings with untrusted users.
)"};
Defaults to `nixbld` when running as root, *empty* otherwise.
)",
{}, false};
Setting<bool> autoAllocateUids{this, false, "auto-allocate-uids", Setting<bool> autoAllocateUids{this, false, "auto-allocate-uids",
R"( R"(

2
src/libstore/lock.cc
View file

@ -185,7 +185,7 @@ std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useChroot)
bool useBuildUsers() bool useBuildUsers()
{ {
#if __linux__ #if __linux__
static bool b = (settings.buildUsersGroup != "" || settings.startId.get() != 0) && getuid() == 0; static bool b = (settings.buildUsersGroup != "" || settings.autoAllocateUids) && getuid() == 0;
return b; return b;
#elif __APPLE__ #elif __APPLE__
static bool b = settings.buildUsersGroup != "" && getuid() == 0; static bool b = settings.buildUsersGroup != "" && getuid() == 0;