quickdudley/lix
0
0
Fork 0
forked from lix-project/lix
Code Pull requests Activity

Merge pull request #7458 from ncfavier/disable-build-users

Browse source 
Allow disabling build users by unsetting `build-users-group`
This commit is contained in:
Eelco Dolstra 2022-12-14 11:56:42 +01:00 committed by GitHub
parent 9fa8b02c41 1f3c0a3c1d
commit 5d77c08858
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
src/libstore/globals.hh
View file

@ -281,7 +281,10 @@ public:
`NIX_REMOTE` is empty, the uid under which the Nix daemon runs if `NIX_REMOTE` is empty, the uid under which the Nix daemon runs if
`NIX_REMOTE` is `daemon`). Obviously, this should not be used in `NIX_REMOTE` is `daemon`). Obviously, this should not be used in
multi-user settings with untrusted users. multi-user settings with untrusted users.
)"};
Defaults to `nixbld` when running as root, *empty* otherwise.
)",
{}, false};
Setting<bool> autoAllocateUids{this, false, "auto-allocate-uids", Setting<bool> autoAllocateUids{this, false, "auto-allocate-uids",
R"( R"(

2
src/libstore/lock.cc
View file

@ -185,7 +185,7 @@ std::unique_ptr<UserLock> acquireUserLock(uid_t nrIds, bool useChroot)
bool useBuildUsers() bool useBuildUsers()
{ {
#if __linux__ #if __linux__
static bool b = (settings.buildUsersGroup != "" || settings.startId.get() != 0) && getuid() == 0; static bool b = (settings.buildUsersGroup != "" || settings.autoAllocateUids) && getuid() == 0;
return b; return b;
#elif __APPLE__ #elif __APPLE__
static bool b = settings.buildUsersGroup != "" && getuid() == 0; static bool b = settings.buildUsersGroup != "" && getuid() == 0;