lix-project/lix
20
55
Fork 31
Code Issues 344 Code Review (Gerrit) Projects 3 Releases Wiki Activity

Don't silently succeed seccomp setup when !HAVE_SECCOMP.

Browse source 
Running Nix with build users without seccomp on Linux is dangerous,
and administrators should very explicitly opt-in to it.
This commit is contained in:
Shea Levy 2018-02-19 09:56:24 -05:00
parent ed73d40c3b
commit e59a8a63e1
No known key found for this signature in database
GPG key ID: 5C0BD6957D86FE27
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/libstore/build.cc
View file

@ -2471,9 +2471,9 @@ void DerivationGoal::chownToBuilder(const Path & path)
void setupSeccomp() void setupSeccomp()
{ {
#if __linux__ && HAVE_SECCOMP #if __linux__
if (!settings.filterSyscalls) return; if (!settings.filterSyscalls) return;
#if HAVE_SECCOMP
scmp_filter_ctx ctx; scmp_filter_ctx ctx;
if (!(ctx = seccomp_init(SCMP_ACT_ALLOW))) if (!(ctx = seccomp_init(SCMP_ACT_ALLOW)))
@ -2519,6 +2519,11 @@ void setupSeccomp()
if (seccomp_load(ctx) != 0) if (seccomp_load(ctx) != 0)
throw SysError("unable to load seccomp BPF program"); throw SysError("unable to load seccomp BPF program");
#else
throw Error("%s\n%s",
"seccomp is not supported on this platform"
"you can avoid this by setting the filter-syscalls option to false, but note that untrusted builds can then create setuid binaries!");
#endif
#endif #endif
} }