* Add indirect root registration to the protocol so that unprivileged

processes can register indirect roots.  Of course, there is still
  the problem that the garbage collector can only read the targets of
  the indirect roots when it's running as root...
This commit is contained in:
Eelco Dolstra 2006-12-04 23:29:16 +00:00
parent 0d40f6d7bb
commit 74033a844f
7 changed files with 42 additions and 6 deletions

View file

@ -82,6 +82,15 @@ void LocalStore::syncWithGC()
} }
void LocalStore::addIndirectRoot(const Path & path)
{
string hash = printHash32(hashString(htSHA1, path));
Path realRoot = canonPath((format("%1%/%2%/auto/%3%")
% nixStateDir % gcRootsDir % hash).str());
createSymlink(realRoot, path, false);
}
Path addPermRoot(const Path & _storePath, const Path & _gcRoot, Path addPermRoot(const Path & _storePath, const Path & _gcRoot,
bool indirect, bool allowOutsideRootsDir) bool indirect, bool allowOutsideRootsDir)
{ {
@ -90,12 +99,8 @@ Path addPermRoot(const Path & _storePath, const Path & _gcRoot,
assertStorePath(storePath); assertStorePath(storePath);
if (indirect) { if (indirect) {
string hash = printHash32(hashString(htSHA1, gcRoot));
Path realRoot = canonPath((format("%1%/%2%/auto/%3%")
% nixStateDir % gcRootsDir % hash).str());
createSymlink(gcRoot, storePath, true); createSymlink(gcRoot, storePath, true);
createSymlink(realRoot, gcRoot, false); store->addIndirectRoot(gcRoot);
} }
else { else {

View file

@ -61,6 +61,8 @@ public:
void addTempRoot(const Path & path); void addTempRoot(const Path & path);
void addIndirectRoot(const Path & path);
void syncWithGC(); void syncWithGC();
}; };

View file

@ -253,6 +253,15 @@ void RemoteStore::addTempRoot(const Path & path)
} }
void RemoteStore::addIndirectRoot(const Path & path)
{
writeInt(wopAddIndirectRoot, to);
writeString(path, to);
processStderr();
readInt(from);
}
void RemoteStore::syncWithGC() void RemoteStore::syncWithGC()
{ {
writeInt(wopSyncWithGC, to); writeInt(wopSyncWithGC, to);

View file

@ -49,6 +49,8 @@ public:
void addTempRoot(const Path & path); void addTempRoot(const Path & path);
void addIndirectRoot(const Path & path);
void syncWithGC(); void syncWithGC();
private: private:

View file

@ -91,6 +91,13 @@ public:
The root disappears as soon as we exit. */ The root disappears as soon as we exit. */
virtual void addTempRoot(const Path & path) = 0; virtual void addTempRoot(const Path & path) = 0;
/* Add an indirect root, which is merely a symlink to `path' from
/nix/var/nix/gcroots/auto/<hash of `path'>. `path' is supposed
to be a symlink to a store path. The garbage collector will
automatically remove the indirect root when it finds that
`path' has disappeared. */
virtual void addIndirectRoot(const Path & path) = 0;
/* Acquire the global GC lock, then immediately release it. This /* Acquire the global GC lock, then immediately release it. This
function must be called after registering a new permanent root, function must be called after registering a new permanent root,
but before exiting. Otherwise, it is possible that a running but before exiting. Otherwise, it is possible that a running

View file

@ -19,7 +19,8 @@ typedef enum {
wopBuildDerivations, wopBuildDerivations,
wopEnsurePath, wopEnsurePath,
wopAddTempRoot, wopAddTempRoot,
wopSyncWithGC wopAddIndirectRoot,
wopSyncWithGC,
} WorkerOp; } WorkerOp;

View file

@ -269,6 +269,15 @@ static void performOp(Source & from, Sink & to, unsigned int op)
break; break;
} }
case wopAddIndirectRoot: {
Path path = absPath(readString(from));
startWork();
store->addIndirectRoot(path);
stopWork();
writeInt(1, to);
break;
}
case wopSyncWithGC: { case wopSyncWithGC: {
startWork(); startWork();
store->syncWithGC(); store->syncWithGC();
@ -473,6 +482,7 @@ void run(Strings args)
else if (daemon) { else if (daemon) {
if (setuidMode) if (setuidMode)
throw Error("daemon cannot be started in setuid mode"); throw Error("daemon cannot be started in setuid mode");
chdir("/");
daemonLoop(); daemonLoop();
} }